diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 96e5e643..bd57d866 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -242,6 +242,8 @@ typedef enum _alpm_errno_t { ALPM_ERR_DB_INVALID, /** Database has an invalid signature */ ALPM_ERR_DB_INVALID_SIG, + /** Database is signed by an invalid key */ + ALPM_ERR_DB_INVALID_KEY, /** The localdb is in a newer/older format than libalpm expects */ ALPM_ERR_DB_VERSION, /** Failed to write to the database */ @@ -285,6 +287,8 @@ typedef enum _alpm_errno_t { ALPM_ERR_PKG_INVALID_CHECKSUM, /** Package has an invalid signature */ ALPM_ERR_PKG_INVALID_SIG, + /** Package is signed by an invalid key */ + ALPM_ERR_PKG_INVALID_KEY, /** Package does not have a signature */ ALPM_ERR_PKG_MISSING_SIG, /** Cannot open the package file */ @@ -300,6 +304,8 @@ typedef enum _alpm_errno_t { ALPM_ERR_SIG_MISSING, /** Signatures are invalid */ ALPM_ERR_SIG_INVALID, + /** Keys are missing from keyring */ + ALPM_ERR_KEY_MISSING, /* Dependencies */ /** Dependencies could not be satisfied */ ALPM_ERR_UNSATISFIED_DEPS, diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index 0fecbcb5..3da80e24 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -341,15 +341,17 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle, /* even if we don't have a sig, run the check code if level tells us to */ if(level & ALPM_SIG_PACKAGE) { const char *sig = syncpkg ? syncpkg->base64_sig : NULL; + int ret; _alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : ""); if(!has_sig && !(level & ALPM_SIG_PACKAGE_OPTIONAL)) { handle->pm_errno = ALPM_ERR_PKG_MISSING_SIG; return -1; } - if(_alpm_check_pgp_helper(handle, pkgfile, sig, + ret = _alpm_check_pgp_helper(handle, pkgfile, sig, level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, - level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata)) { - handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG; + level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata); + if(ret) { + handle->pm_errno = ret == -1 ? ALPM_ERR_PKG_INVALID_SIG : ALPM_ERR_PKG_INVALID_KEY; return -1; } if(validation && has_sig) { @@ -766,6 +768,7 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful if(fail) { _alpm_log(handle, ALPM_LOG_ERROR, _("required key missing from keyring\n")); + handle->pm_errno = ALPM_ERR_KEY_MISSING; free(sigpath); return -1; } diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 648a8bd6..25320687 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -126,6 +126,7 @@ static int sync_db_validate(alpm_db_t *db) db->status &= ~DB_STATUS_VALID; db->status |= DB_STATUS_INVALID; db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG; + db->handle->pm_errno = ret == -1 ? ALPM_ERR_PKG_INVALID_SIG : ALPM_ERR_PKG_INVALID_KEY; return 1; } } diff --git a/lib/libalpm/error.c b/lib/libalpm/error.c index 58842eac..f004b03d 100644 --- a/lib/libalpm/error.c +++ b/lib/libalpm/error.c @@ -72,6 +72,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err) return _("invalid or corrupted database"); case ALPM_ERR_DB_INVALID_SIG: return _("invalid or corrupted database (PGP signature)"); + case ALPM_ERR_DB_INVALID_KEY: + return _("database signature has missing or invalid PGP key"); case ALPM_ERR_DB_VERSION: return _("database is incorrect version"); case ALPM_ERR_DB_WRITE: @@ -115,6 +117,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err) return _("invalid or corrupted package (checksum)"); case ALPM_ERR_PKG_INVALID_SIG: return _("invalid or corrupted package (PGP signature)"); + case ALPM_ERR_PKG_INVALID_KEY: + return _("package signature has missing or invalid PGP key"); case ALPM_ERR_PKG_MISSING_SIG: return _("package missing required signature"); case ALPM_ERR_PKG_OPEN: @@ -130,6 +134,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err) return _("missing PGP signature"); case ALPM_ERR_SIG_INVALID: return _("invalid PGP signature"); + case ALPM_ERR_KEY_MISSING: + return _("PGP key missing from keyring"); /* Dependencies */ case ALPM_ERR_UNSATISFIED_DEPS: return _("could not satisfy dependencies"); diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index e5ddd2d0..32aba2e1 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -233,9 +233,14 @@ int _alpm_key_in_keychain(alpm_handle_t *handle, const char *fpr) _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n"); ret = 0; } else if(gpg_err_code(gpg_err) == GPG_ERR_NO_ERROR) { - _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup success, key exists\n"); - handle->known_keys = alpm_list_add(handle->known_keys, strdup(fpr)); - ret = 1; + if(key->expired) { + _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup success, but key is expired\n"); + ret = 0; + } else { + _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup success, key exists\n"); + handle->known_keys = alpm_list_add(handle->known_keys, strdup(fpr)); + ret = 1; + } } else { _alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(gpg_err)); } @@ -268,7 +273,7 @@ static int key_import_wkd(alpm_handle_t *handle, const char *email, const char * CHECK_ERR(); mode = gpgme_get_keylist_mode(ctx); - mode |= GPGME_KEYLIST_MODE_LOCATE; + mode |= GPGME_KEYLIST_MODE_LOCATE_EXTERNAL; gpg_err = gpgme_set_keylist_mode(ctx, mode); CHECK_ERR(); @@ -279,7 +284,7 @@ static int key_import_wkd(alpm_handle_t *handle, const char *email, const char * if(fpr && _alpm_key_in_keychain(handle, fpr)) { ret = 0; } else { - _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed: WKD imported wrong fingerprint\n"); + _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed: WKD imported wrong fingerprint or key expired\n"); } } gpgme_key_unref(key); @@ -371,6 +376,7 @@ static int key_search_keyserver(alpm_handle_t *handle, const char *fpr, pgpkey->expires = key->subkeys->expires; pgpkey->length = key->subkeys->length; pgpkey->revoked = key->subkeys->revoked; + ret = 1; gpg_error: if(ret != 1) { @@ -792,7 +798,7 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path) * @param marginal whether signatures with marginal trust are acceptable * @param unknown whether signatures with unknown trust are acceptable * @param sigdata a pointer to storage for signature results - * @return 0 on success, -1 on error (consult pm_errno or sigdata) + * @return 0 on success, -1 on error, -2 on key error (consult pm_errno or sigdata) */ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, const char *base64_sig, int optional, int marginal, int unknown, @@ -800,6 +806,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, { alpm_siglist_t *siglist; int ret; + int key_invalid = 0; CALLOC(siglist, 1, sizeof(alpm_siglist_t), RET_ERR(handle, ALPM_ERR_MEMORY, -1)); @@ -821,8 +828,11 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, size_t num; for(num = 0; !ret && num < siglist->count; num++) { switch(siglist->results[num].status) { - case ALPM_SIGSTATUS_VALID: case ALPM_SIGSTATUS_KEY_EXPIRED: + _alpm_log(handle, ALPM_LOG_DEBUG, "key is expired\n"); + key_invalid = 1; + __attribute__((fallthrough)); + case ALPM_SIGSTATUS_VALID: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n"); switch(siglist->results[num].validity) { case ALPM_SIGVALIDITY_FULL: @@ -846,9 +856,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, break; } break; - case ALPM_SIGSTATUS_SIG_EXPIRED: case ALPM_SIGSTATUS_KEY_UNKNOWN: case ALPM_SIGSTATUS_KEY_DISABLED: + case ALPM_SIGSTATUS_SIG_EXPIRED: + _alpm_log(handle, ALPM_LOG_DEBUG, "key is not valid\n"); + key_invalid = 1; + __attribute__((fallthrough)); case ALPM_SIGSTATUS_INVALID: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is not valid\n"); ret = -1; @@ -864,7 +877,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, free(siglist); } - return ret; + return key_invalid ? -2 : ret; } /** @@ -897,7 +910,6 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier, const char *name = result->key.uid ? result->key.uid : result->key.fingerprint; switch(result->status) { case ALPM_SIGSTATUS_VALID: - case ALPM_SIGSTATUS_KEY_EXPIRED: switch(result->validity) { case ALPM_SIGVALIDITY_FULL: break; @@ -923,6 +935,16 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier, identifier, name); break; } + break; + case ALPM_SIGSTATUS_KEY_EXPIRED: + _alpm_log(handle, ALPM_LOG_ERROR, + _("%s: key \"%s\" (%s) is expired\n"), + identifier, name, result->key.fingerprint); + + if(_alpm_key_import(handle, result->key.uid, result->key.fingerprint) == 0) { + retry = 1; + } + break; case ALPM_SIGSTATUS_KEY_UNKNOWN: /* ensure this key is still actually unknown; we may have imported it diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c index 087c48de..2159817e 100644 --- a/lib/libalpm/sync.c +++ b/lib/libalpm/sync.c @@ -975,6 +975,7 @@ static int check_keyring(alpm_handle_t *handle) EVENT(handle, &event); if(fail) { _alpm_log(handle, ALPM_LOG_ERROR, _("required key missing from keyring\n")); + handle->pm_errno = ALPM_ERR_KEY_MISSING; return -1; } } @@ -1053,6 +1054,7 @@ static int check_validity(alpm_handle_t *handle, _("%s: missing required signature\n"), v->pkg->name); break; case ALPM_ERR_PKG_INVALID_SIG: + case ALPM_ERR_PKG_INVALID_KEY: _alpm_process_siglist(handle, v->pkg->name, v->siglist, v->siglevel & ALPM_SIG_PACKAGE_OPTIONAL, v->siglevel & ALPM_SIG_PACKAGE_MARGINAL_OK, diff --git a/src/pacman/callback.c b/src/pacman/callback.c index 77874760..523b1cd4 100644 --- a/src/pacman/callback.c +++ b/src/pacman/callback.c @@ -529,10 +529,17 @@ void cb_question(void *ctx, alpm_question_t *question) case ALPM_QUESTION_CORRUPTED_PKG: { alpm_question_corrupted_t *q = &question->corrupted; - q->remove = yesno(_("File %s is corrupted (%s).\n" - "Do you want to delete it?"), - q->filepath, - alpm_strerror(q->reason)); + if(q->reason == ALPM_ERR_PKG_INVALID_KEY || q->reason == ALPM_ERR_DB_INVALID_KEY) { + q->remove = yesno(_("Can't get PGP key for file %s (%s)\n" + "Do you want to delete it?"), + q->filepath, + alpm_strerror(q->reason)); + } else { + q->remove = yesno(_("File %s is corrupted (%s).\n" + "Do you want to delete it?"), + q->filepath, + alpm_strerror(q->reason)); + } } break; case ALPM_QUESTION_IMPORT_KEY: