bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Search for PGP subkeys in a keyserver-acceptable way

Browse source 
PGP keyservers are pieces of sh** when it comes to searching for
subkeys, and only allow it if you submit an 8-character fingerprint
rather than the recommended and less chance of collision 16-character
fingerprint.

Add a second remote lookup for the 8-character version of a key ID if we
don't find anything the first time we look up the key. This fixes
FS#27612 and the deficiency has been sent upstream to the GnuPG users
mailing list as well.

Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dan McGee 2012-01-05 16:34:51 -06:00
parent f1d9b0a74a
commit def9e45aff
1 changed files with 21 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
lib/libalpm/signing.c
View file

@ -249,12 +249,26 @@ static int key_search(alpm_handle_t *handle, const char *fpr,
_alpm_log(handle, ALPM_LOG_DEBUG, "looking up key %s remotely\n", fpr); _alpm_log(handle, ALPM_LOG_DEBUG, "looking up key %s remotely\n", fpr);
err = gpgme_get_key(ctx, fpr, &key, 0); err = gpgme_get_key(ctx, fpr, &key, 0);
if(gpg_err_code(err) == GPG_ERR_EOF) {
_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n");
/* Try an alternate lookup using the 8 character fingerprint value, since
* busted-ass keyservers can't support lookups using subkeys with the full
* value as of now. This is why 2012 is not the year of PGP encryption. */
if(strlen(fpr) > 8) {
const char *short_fpr = fpr + strlen(fpr) - 8;
_alpm_log(handle, ALPM_LOG_DEBUG,
"looking up key %s remotely\n", short_fpr);
err = gpgme_get_key(ctx, short_fpr, &key, 0);
if(gpg_err_code(err) == GPG_ERR_EOF) { if(gpg_err_code(err) == GPG_ERR_EOF) {
_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n"); _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n");
ret = 0; ret = 0;
goto error; }
} else if(gpg_err_code(err) != GPG_ERR_NO_ERROR) { } else {
_alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(err)); ret = 0;
}
}
if(gpg_err_code(err) != GPG_ERR_NO_ERROR) {
goto error; goto error;
} }
@ -270,9 +284,11 @@ static int key_search(alpm_handle_t *handle, const char *fpr,
pgpkey->email = key->uids->email; pgpkey->email = key->uids->email;
pgpkey->created = key->subkeys->timestamp; pgpkey->created = key->subkeys->timestamp;
pgpkey->expires = key->subkeys->expires; pgpkey->expires = key->subkeys->expires;
ret = 1; gpgme_release(ctx);
return 1;
error: error:
_alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(err));
gpgme_release(ctx); gpgme_release(ctx);
return ret; return ret;
} }