bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libalpm: reimport expired keys

Browse source 
If the user does not update for a while some of the keys in the keyring
may expire. Pacman does not import new versions of these keys because
they are already in the keying. This leads to users needing to first
update archlinux-keyring to get the new keys.
This commit is contained in:
morganamilo 2025-08-01 07:46:23 +01:00
parent fff9296478
commit a0be6f0829
No known key found for this signature in database
GPG key ID: E48D0A8326DE47C5
1 changed files with 20 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
lib/libalpm/signing.c
View file

@ -233,9 +233,14 @@ int _alpm_key_in_keychain(alpm_handle_t *handle, const char *fpr)
_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n");
ret = 0;
} else if(gpg_err_code(gpg_err) == GPG_ERR_NO_ERROR) {
_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup success, key exists\n");
handle->known_keys = alpm_list_add(handle->known_keys, strdup(fpr));
ret = 1;
if(key->expired) {
_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup success, but key is expired\n");
ret = 0;
} else {
_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup success, key exists\n");
handle->known_keys = alpm_list_add(handle->known_keys, strdup(fpr));
ret = 1;
}
} else {
_alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(gpg_err));
}
@ -268,7 +273,7 @@ static int key_import_wkd(alpm_handle_t *handle, const char *email, const char *
CHECK_ERR();
mode = gpgme_get_keylist_mode(ctx);
mode |= GPGME_KEYLIST_MODE_LOCATE;
mode |= GPGME_KEYLIST_MODE_LOCATE_EXTERNAL;
gpg_err = gpgme_set_keylist_mode(ctx, mode);
CHECK_ERR();
@ -279,7 +284,7 @@ static int key_import_wkd(alpm_handle_t *handle, const char *email, const char *
if(fpr && _alpm_key_in_keychain(handle, fpr)) {
ret = 0;
} else {
_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed: WKD imported wrong fingerprint\n");
_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed: WKD imported wrong fingerprint or key expired\n");
}
}
gpgme_key_unref(key);
@ -903,11 +908,6 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier,
alpm_sigresult_t *result = siglist->results + i;
const char *name = result->key.uid ? result->key.uid : result->key.fingerprint;
switch(result->status) {
case ALPM_SIGSTATUS_KEY_EXPIRED:
_alpm_log(handle, ALPM_LOG_ERROR,
_("%s: key \"%s\" (%s) is expired\n"),
identifier, name, result->key.fingerprint);
break;
case ALPM_SIGSTATUS_VALID:
switch(result->validity) {
case ALPM_SIGVALIDITY_FULL:
@ -934,6 +934,16 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier,
identifier, name);
break;
}
break;
case ALPM_SIGSTATUS_KEY_EXPIRED:
_alpm_log(handle, ALPM_LOG_ERROR,
_("%s: key \"%s\" (%s) is expired\n"),
identifier, name, result->key.fingerprint);
if(_alpm_key_import(handle, result->key.uid, result->key.fingerprint) == 0) {
retry = 1;
}
break;
case ALPM_SIGSTATUS_KEY_UNKNOWN:
/* ensure this key is still actually unknown; we may have imported it