libalpm: improve error message for expired keys (cont)
Continuation of last commit. Changes: error: failed to commit transaction (invalid or corrupted package (PGP signature)) To: error: failed to commit transaction (package signature has missing or invalid PGP key)
This commit is contained in:
morganamilo
parent
f42b93dd7f
commit
fff9296478
7 changed files with 35 additions and 11 deletions
|
|
@ -242,6 +242,8 @@ typedef enum _alpm_errno_t {
|
||||||
ALPM_ERR_DB_INVALID,
|
ALPM_ERR_DB_INVALID,
|
||||||
/** Database has an invalid signature */
|
/** Database has an invalid signature */
|
||||||
ALPM_ERR_DB_INVALID_SIG,
|
ALPM_ERR_DB_INVALID_SIG,
|
||||||
|
/** Database is signed by an invalid key */
|
||||||
|
ALPM_ERR_DB_INVALID_KEY,
|
||||||
/** The localdb is in a newer/older format than libalpm expects */
|
/** The localdb is in a newer/older format than libalpm expects */
|
||||||
ALPM_ERR_DB_VERSION,
|
ALPM_ERR_DB_VERSION,
|
||||||
/** Failed to write to the database */
|
/** Failed to write to the database */
|
||||||
|
|
@ -285,6 +287,8 @@ typedef enum _alpm_errno_t {
|
||||||
ALPM_ERR_PKG_INVALID_CHECKSUM,
|
ALPM_ERR_PKG_INVALID_CHECKSUM,
|
||||||
/** Package has an invalid signature */
|
/** Package has an invalid signature */
|
||||||
ALPM_ERR_PKG_INVALID_SIG,
|
ALPM_ERR_PKG_INVALID_SIG,
|
||||||
|
/** Package is signed by an invalid key */
|
||||||
|
ALPM_ERR_PKG_INVALID_KEY,
|
||||||
/** Package does not have a signature */
|
/** Package does not have a signature */
|
||||||
ALPM_ERR_PKG_MISSING_SIG,
|
ALPM_ERR_PKG_MISSING_SIG,
|
||||||
/** Cannot open the package file */
|
/** Cannot open the package file */
|
||||||
|
|
|
||||||
|
|
@ -341,15 +341,17 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle,
|
||||||
/* even if we don't have a sig, run the check code if level tells us to */
|
/* even if we don't have a sig, run the check code if level tells us to */
|
||||||
if(level & ALPM_SIG_PACKAGE) {
|
if(level & ALPM_SIG_PACKAGE) {
|
||||||
const char *sig = syncpkg ? syncpkg->base64_sig : NULL;
|
const char *sig = syncpkg ? syncpkg->base64_sig : NULL;
|
||||||
|
int ret;
|
||||||
_alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>");
|
_alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>");
|
||||||
if(!has_sig && !(level & ALPM_SIG_PACKAGE_OPTIONAL)) {
|
if(!has_sig && !(level & ALPM_SIG_PACKAGE_OPTIONAL)) {
|
||||||
handle->pm_errno = ALPM_ERR_PKG_MISSING_SIG;
|
handle->pm_errno = ALPM_ERR_PKG_MISSING_SIG;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if(_alpm_check_pgp_helper(handle, pkgfile, sig,
|
ret = _alpm_check_pgp_helper(handle, pkgfile, sig,
|
||||||
level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK,
|
level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK,
|
||||||
level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata)) {
|
level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata);
|
||||||
handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG;
|
if(ret) {
|
||||||
|
handle->pm_errno = ret == -1 ? ALPM_ERR_PKG_INVALID_SIG : ALPM_ERR_PKG_INVALID_KEY;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if(validation && has_sig) {
|
if(validation && has_sig) {
|
||||||
|
|
|
||||||
|
|
@ -126,6 +126,7 @@ static int sync_db_validate(alpm_db_t *db)
|
||||||
db->status &= ~DB_STATUS_VALID;
|
db->status &= ~DB_STATUS_VALID;
|
||||||
db->status |= DB_STATUS_INVALID;
|
db->status |= DB_STATUS_INVALID;
|
||||||
db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG;
|
db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG;
|
||||||
|
db->handle->pm_errno = ret == -1 ? ALPM_ERR_PKG_INVALID_SIG : ALPM_ERR_PKG_INVALID_KEY;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -72,6 +72,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err)
|
||||||
return _("invalid or corrupted database");
|
return _("invalid or corrupted database");
|
||||||
case ALPM_ERR_DB_INVALID_SIG:
|
case ALPM_ERR_DB_INVALID_SIG:
|
||||||
return _("invalid or corrupted database (PGP signature)");
|
return _("invalid or corrupted database (PGP signature)");
|
||||||
|
case ALPM_ERR_DB_INVALID_KEY:
|
||||||
|
return _("database signature has missing or invalid PGP key");
|
||||||
case ALPM_ERR_DB_VERSION:
|
case ALPM_ERR_DB_VERSION:
|
||||||
return _("database is incorrect version");
|
return _("database is incorrect version");
|
||||||
case ALPM_ERR_DB_WRITE:
|
case ALPM_ERR_DB_WRITE:
|
||||||
|
|
@ -115,6 +117,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err)
|
||||||
return _("invalid or corrupted package (checksum)");
|
return _("invalid or corrupted package (checksum)");
|
||||||
case ALPM_ERR_PKG_INVALID_SIG:
|
case ALPM_ERR_PKG_INVALID_SIG:
|
||||||
return _("invalid or corrupted package (PGP signature)");
|
return _("invalid or corrupted package (PGP signature)");
|
||||||
|
case ALPM_ERR_PKG_INVALID_KEY:
|
||||||
|
return _("package signature has missing or invalid PGP key");
|
||||||
case ALPM_ERR_PKG_MISSING_SIG:
|
case ALPM_ERR_PKG_MISSING_SIG:
|
||||||
return _("package missing required signature");
|
return _("package missing required signature");
|
||||||
case ALPM_ERR_PKG_OPEN:
|
case ALPM_ERR_PKG_OPEN:
|
||||||
|
|
|
||||||
|
|
@ -792,7 +792,7 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path)
|
||||||
* @param marginal whether signatures with marginal trust are acceptable
|
* @param marginal whether signatures with marginal trust are acceptable
|
||||||
* @param unknown whether signatures with unknown trust are acceptable
|
* @param unknown whether signatures with unknown trust are acceptable
|
||||||
* @param sigdata a pointer to storage for signature results
|
* @param sigdata a pointer to storage for signature results
|
||||||
* @return 0 on success, -1 on error (consult pm_errno or sigdata)
|
* @return 0 on success, -1 on error, -2 on key error (consult pm_errno or sigdata)
|
||||||
*/
|
*/
|
||||||
int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
|
int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
|
||||||
const char *base64_sig, int optional, int marginal, int unknown,
|
const char *base64_sig, int optional, int marginal, int unknown,
|
||||||
|
|
@ -800,6 +800,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
|
||||||
{
|
{
|
||||||
alpm_siglist_t *siglist;
|
alpm_siglist_t *siglist;
|
||||||
int ret;
|
int ret;
|
||||||
|
int key_invalid = 0;
|
||||||
|
|
||||||
CALLOC(siglist, 1, sizeof(alpm_siglist_t),
|
CALLOC(siglist, 1, sizeof(alpm_siglist_t),
|
||||||
RET_ERR(handle, ALPM_ERR_MEMORY, -1));
|
RET_ERR(handle, ALPM_ERR_MEMORY, -1));
|
||||||
|
|
@ -823,7 +824,8 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
|
||||||
switch(siglist->results[num].status) {
|
switch(siglist->results[num].status) {
|
||||||
case ALPM_SIGSTATUS_KEY_EXPIRED:
|
case ALPM_SIGSTATUS_KEY_EXPIRED:
|
||||||
_alpm_log(handle, ALPM_LOG_DEBUG, "key is expired\n");
|
_alpm_log(handle, ALPM_LOG_DEBUG, "key is expired\n");
|
||||||
/* fallthrough */
|
key_invalid = 1;
|
||||||
|
__attribute__((fallthrough));
|
||||||
case ALPM_SIGSTATUS_VALID:
|
case ALPM_SIGSTATUS_VALID:
|
||||||
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n");
|
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n");
|
||||||
switch(siglist->results[num].validity) {
|
switch(siglist->results[num].validity) {
|
||||||
|
|
@ -848,9 +850,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case ALPM_SIGSTATUS_SIG_EXPIRED:
|
|
||||||
case ALPM_SIGSTATUS_KEY_UNKNOWN:
|
case ALPM_SIGSTATUS_KEY_UNKNOWN:
|
||||||
case ALPM_SIGSTATUS_KEY_DISABLED:
|
case ALPM_SIGSTATUS_KEY_DISABLED:
|
||||||
|
case ALPM_SIGSTATUS_SIG_EXPIRED:
|
||||||
|
_alpm_log(handle, ALPM_LOG_DEBUG, "key is not valid\n");
|
||||||
|
key_invalid = 1;
|
||||||
|
__attribute__((fallthrough));
|
||||||
case ALPM_SIGSTATUS_INVALID:
|
case ALPM_SIGSTATUS_INVALID:
|
||||||
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is not valid\n");
|
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is not valid\n");
|
||||||
ret = -1;
|
ret = -1;
|
||||||
|
|
@ -866,7 +871,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
|
||||||
free(siglist);
|
free(siglist);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return key_invalid ? -2 : ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -1054,6 +1054,7 @@ static int check_validity(alpm_handle_t *handle,
|
||||||
_("%s: missing required signature\n"), v->pkg->name);
|
_("%s: missing required signature\n"), v->pkg->name);
|
||||||
break;
|
break;
|
||||||
case ALPM_ERR_PKG_INVALID_SIG:
|
case ALPM_ERR_PKG_INVALID_SIG:
|
||||||
|
case ALPM_ERR_PKG_INVALID_KEY:
|
||||||
_alpm_process_siglist(handle, v->pkg->name, v->siglist,
|
_alpm_process_siglist(handle, v->pkg->name, v->siglist,
|
||||||
v->siglevel & ALPM_SIG_PACKAGE_OPTIONAL,
|
v->siglevel & ALPM_SIG_PACKAGE_OPTIONAL,
|
||||||
v->siglevel & ALPM_SIG_PACKAGE_MARGINAL_OK,
|
v->siglevel & ALPM_SIG_PACKAGE_MARGINAL_OK,
|
||||||
|
|
|
||||||
|
|
@ -529,11 +529,18 @@ void cb_question(void *ctx, alpm_question_t *question)
|
||||||
case ALPM_QUESTION_CORRUPTED_PKG:
|
case ALPM_QUESTION_CORRUPTED_PKG:
|
||||||
{
|
{
|
||||||
alpm_question_corrupted_t *q = &question->corrupted;
|
alpm_question_corrupted_t *q = &question->corrupted;
|
||||||
|
if(q->reason == ALPM_ERR_PKG_INVALID_KEY || q->reason == ALPM_ERR_DB_INVALID_KEY) {
|
||||||
|
q->remove = yesno(_("Can't get PGP key for file %s (%s)\n"
|
||||||
|
"Do you want to delete it?"),
|
||||||
|
q->filepath,
|
||||||
|
alpm_strerror(q->reason));
|
||||||
|
} else {
|
||||||
q->remove = yesno(_("File %s is corrupted (%s).\n"
|
q->remove = yesno(_("File %s is corrupted (%s).\n"
|
||||||
"Do you want to delete it?"),
|
"Do you want to delete it?"),
|
||||||
q->filepath,
|
q->filepath,
|
||||||
alpm_strerror(q->reason));
|
alpm_strerror(q->reason));
|
||||||
}
|
}
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case ALPM_QUESTION_IMPORT_KEY:
|
case ALPM_QUESTION_IMPORT_KEY:
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue