From fff9296478e88b862e7fd3269ae260f2217164bd Mon Sep 17 00:00:00 2001
From: morganamilo <morganamilo@archlinux.org>
Date: Fri, 1 Aug 2025 06:20:20 +0100
Subject: [PATCH] libalpm: improve error message for expired keys (cont)

Continuation of last commit.

Changes:

error: failed to commit transaction (invalid or corrupted package (PGP signature))

To:

error: failed to commit transaction (package signature has missing or invalid PGP key)
---
 lib/libalpm/alpm.h       |  4 ++++
 lib/libalpm/be_package.c |  8 +++++---
 lib/libalpm/be_sync.c    |  1 +
 lib/libalpm/error.c      |  4 ++++
 lib/libalpm/signing.c    | 13 +++++++++----
 lib/libalpm/sync.c       |  1 +
 src/pacman/callback.c    | 15 +++++++++++----
 7 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h
index ee967dbb..bd57d866 100644
--- a/lib/libalpm/alpm.h
+++ b/lib/libalpm/alpm.h
@@ -242,6 +242,8 @@ typedef enum _alpm_errno_t {
 	ALPM_ERR_DB_INVALID,
 	/** Database has an invalid signature */
 	ALPM_ERR_DB_INVALID_SIG,
+	/** Database is signed by an invalid key */
+	ALPM_ERR_DB_INVALID_KEY,
 	/** The localdb is in a newer/older format than libalpm expects */
 	ALPM_ERR_DB_VERSION,
 	/** Failed to write to the database */
@@ -285,6 +287,8 @@ typedef enum _alpm_errno_t {
 	ALPM_ERR_PKG_INVALID_CHECKSUM,
 	/** Package has an invalid signature */
 	ALPM_ERR_PKG_INVALID_SIG,
+	/** Package is signed by an invalid key */
+	ALPM_ERR_PKG_INVALID_KEY,
 	/** Package does not have a signature */
 	ALPM_ERR_PKG_MISSING_SIG,
 	/** Cannot open the package file */
diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c
index a7ceb8a2..3da80e24 100644
--- a/lib/libalpm/be_package.c
+++ b/lib/libalpm/be_package.c
@@ -341,15 +341,17 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle,
 	/* even if we don't have a sig, run the check code if level tells us to */
 	if(level & ALPM_SIG_PACKAGE) {
 		const char *sig = syncpkg ? syncpkg->base64_sig : NULL;
+		int ret;
 		_alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>");
 		if(!has_sig && !(level & ALPM_SIG_PACKAGE_OPTIONAL)) {
 			handle->pm_errno = ALPM_ERR_PKG_MISSING_SIG;
 			return -1;
 		}
-		if(_alpm_check_pgp_helper(handle, pkgfile, sig,
+		ret = _alpm_check_pgp_helper(handle, pkgfile, sig,
 					level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK,
-					level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata)) {
-			handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG;
+					level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata);
+		if(ret) {
+			handle->pm_errno = ret == -1 ? ALPM_ERR_PKG_INVALID_SIG : ALPM_ERR_PKG_INVALID_KEY;
 			return -1;
 		}
 		if(validation && has_sig) {
diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c
index 648a8bd6..25320687 100644
--- a/lib/libalpm/be_sync.c
+++ b/lib/libalpm/be_sync.c
@@ -126,6 +126,7 @@ static int sync_db_validate(alpm_db_t *db)
 			db->status &= ~DB_STATUS_VALID;
 			db->status |= DB_STATUS_INVALID;
 			db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG;
+			db->handle->pm_errno = ret == -1 ? ALPM_ERR_PKG_INVALID_SIG : ALPM_ERR_PKG_INVALID_KEY;
 			return 1;
 		}
 	}
diff --git a/lib/libalpm/error.c b/lib/libalpm/error.c
index e59bdb5f..f004b03d 100644
--- a/lib/libalpm/error.c
+++ b/lib/libalpm/error.c
@@ -72,6 +72,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err)
 			return _("invalid or corrupted database");
 		case ALPM_ERR_DB_INVALID_SIG:
 			return _("invalid or corrupted database (PGP signature)");
+		case ALPM_ERR_DB_INVALID_KEY:
+			return _("database signature has missing or invalid PGP key");
 		case ALPM_ERR_DB_VERSION:
 			return _("database is incorrect version");
 		case ALPM_ERR_DB_WRITE:
@@ -115,6 +117,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err)
 			return _("invalid or corrupted package (checksum)");
 		case ALPM_ERR_PKG_INVALID_SIG:
 			return _("invalid or corrupted package (PGP signature)");
+		case ALPM_ERR_PKG_INVALID_KEY:
+			return _("package signature has missing or invalid PGP key");
 		case ALPM_ERR_PKG_MISSING_SIG:
 			return _("package missing required signature");
 		case ALPM_ERR_PKG_OPEN:
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index d6526514..c6694e7b 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -792,7 +792,7 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path)
  * @param marginal whether signatures with marginal trust are acceptable
  * @param unknown whether signatures with unknown trust are acceptable
  * @param sigdata a pointer to storage for signature results
- * @return 0 on success, -1 on error (consult pm_errno or sigdata)
+ * @return 0 on success, -1 on error, -2 on key error (consult pm_errno or sigdata)
  */
 int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
 		const char *base64_sig, int optional, int marginal, int unknown,
@@ -800,6 +800,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
 {
 	alpm_siglist_t *siglist;
 	int ret;
+	int key_invalid = 0;
 
 	CALLOC(siglist, 1, sizeof(alpm_siglist_t),
 			RET_ERR(handle, ALPM_ERR_MEMORY, -1));
@@ -823,7 +824,8 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
 			switch(siglist->results[num].status) {
 				case ALPM_SIGSTATUS_KEY_EXPIRED:
 					_alpm_log(handle, ALPM_LOG_DEBUG, "key is expired\n");
-					/* fallthrough */
+					key_invalid = 1;
+					__attribute__((fallthrough));
 				case ALPM_SIGSTATUS_VALID:
 					_alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n");
 					switch(siglist->results[num].validity) {
@@ -848,9 +850,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
 							break;
 					}
 					break;
-				case ALPM_SIGSTATUS_SIG_EXPIRED:
 				case ALPM_SIGSTATUS_KEY_UNKNOWN:
 				case ALPM_SIGSTATUS_KEY_DISABLED:
+				case ALPM_SIGSTATUS_SIG_EXPIRED:
+					_alpm_log(handle, ALPM_LOG_DEBUG, "key is not valid\n");
+					key_invalid = 1;
+					__attribute__((fallthrough));
 				case ALPM_SIGSTATUS_INVALID:
 					_alpm_log(handle, ALPM_LOG_DEBUG, "signature is not valid\n");
 					ret = -1;
@@ -866,7 +871,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
 		free(siglist);
 	}
 
-	return ret;
+	return key_invalid ? -2 : ret;
 }
 
 /**
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
index 63f5d500..2159817e 100644
--- a/lib/libalpm/sync.c
+++ b/lib/libalpm/sync.c
@@ -1054,6 +1054,7 @@ static int check_validity(alpm_handle_t *handle,
 							_("%s: missing required signature\n"), v->pkg->name);
 					break;
 				case ALPM_ERR_PKG_INVALID_SIG:
+				case ALPM_ERR_PKG_INVALID_KEY:
 					_alpm_process_siglist(handle, v->pkg->name, v->siglist,
 							v->siglevel & ALPM_SIG_PACKAGE_OPTIONAL,
 							v->siglevel & ALPM_SIG_PACKAGE_MARGINAL_OK,
diff --git a/src/pacman/callback.c b/src/pacman/callback.c
index 77874760..523b1cd4 100644
--- a/src/pacman/callback.c
+++ b/src/pacman/callback.c
@@ -529,10 +529,17 @@ void cb_question(void *ctx, alpm_question_t *question)
 		case ALPM_QUESTION_CORRUPTED_PKG:
 			{
 				alpm_question_corrupted_t *q = &question->corrupted;
-				q->remove = yesno(_("File %s is corrupted (%s).\n"
-							"Do you want to delete it?"),
-						q->filepath,
-						alpm_strerror(q->reason));
+				if(q->reason == ALPM_ERR_PKG_INVALID_KEY || q->reason == ALPM_ERR_DB_INVALID_KEY) {
+					q->remove = yesno(_("Can't get PGP key for file %s (%s)\n"
+								"Do you want to delete it?"),
+							q->filepath,
+							alpm_strerror(q->reason));
+				} else {
+					q->remove = yesno(_("File %s is corrupted (%s).\n"
+								"Do you want to delete it?"),
+							q->filepath,
+							alpm_strerror(q->reason));
+				}
 			}
 			break;
 		case ALPM_QUESTION_IMPORT_KEY: