bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libalpm: improve error message for expired keys (cont)

Browse source 
Continuation of last commit.

Changes:

error: failed to commit transaction (invalid or corrupted package (PGP signature))

To:

error: failed to commit transaction (package signature has missing or invalid PGP key)
This commit is contained in:
morganamilo 2025-08-01 06:20:20 +01:00
parent f42b93dd7f
commit fff9296478
No known key found for this signature in database
GPG key ID: E48D0A8326DE47C5
7 changed files with 35 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/libalpm/alpm.h
View file

@ -242,6 +242,8 @@ typedef enum _alpm_errno_t {
ALPM_ERR_DB_INVALID, ALPM_ERR_DB_INVALID,
/** Database has an invalid signature */ /** Database has an invalid signature */
ALPM_ERR_DB_INVALID_SIG, ALPM_ERR_DB_INVALID_SIG,
/** Database is signed by an invalid key */
ALPM_ERR_DB_INVALID_KEY,
/** The localdb is in a newer/older format than libalpm expects */ /** The localdb is in a newer/older format than libalpm expects */
ALPM_ERR_DB_VERSION, ALPM_ERR_DB_VERSION,
/** Failed to write to the database */ /** Failed to write to the database */
@ -285,6 +287,8 @@ typedef enum _alpm_errno_t {
ALPM_ERR_PKG_INVALID_CHECKSUM, ALPM_ERR_PKG_INVALID_CHECKSUM,
/** Package has an invalid signature */ /** Package has an invalid signature */
ALPM_ERR_PKG_INVALID_SIG, ALPM_ERR_PKG_INVALID_SIG,
/** Package is signed by an invalid key */
ALPM_ERR_PKG_INVALID_KEY,
/** Package does not have a signature */ /** Package does not have a signature */
ALPM_ERR_PKG_MISSING_SIG, ALPM_ERR_PKG_MISSING_SIG,
/** Cannot open the package file */ /** Cannot open the package file */

8
lib/libalpm/be_package.c
View file

@ -341,15 +341,17 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle,
/* even if we don't have a sig, run the check code if level tells us to */ /* even if we don't have a sig, run the check code if level tells us to */
if(level & ALPM_SIG_PACKAGE) { if(level & ALPM_SIG_PACKAGE) {
const char *sig = syncpkg ? syncpkg->base64_sig : NULL; const char *sig = syncpkg ? syncpkg->base64_sig : NULL;
int ret;
_alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>"); _alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>");
if(!has_sig && !(level & ALPM_SIG_PACKAGE_OPTIONAL)) { if(!has_sig && !(level & ALPM_SIG_PACKAGE_OPTIONAL)) {
handle->pm_errno = ALPM_ERR_PKG_MISSING_SIG; handle->pm_errno = ALPM_ERR_PKG_MISSING_SIG;
return -1; return -1;
} }
if(_alpm_check_pgp_helper(handle, pkgfile, sig, ret = _alpm_check_pgp_helper(handle, pkgfile, sig,
level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK,
level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata)) { level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata);
handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG; if(ret) {
handle->pm_errno = ret == -1 ? ALPM_ERR_PKG_INVALID_SIG : ALPM_ERR_PKG_INVALID_KEY;
return -1; return -1;
} }
if(validation && has_sig) { if(validation && has_sig) {

1
lib/libalpm/be_sync.c
View file

@ -126,6 +126,7 @@ static int sync_db_validate(alpm_db_t *db)
db->status &= ~DB_STATUS_VALID; db->status &= ~DB_STATUS_VALID;
db->status |= DB_STATUS_INVALID; db->status |= DB_STATUS_INVALID;
db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG; db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG;
db->handle->pm_errno = ret == -1 ? ALPM_ERR_PKG_INVALID_SIG : ALPM_ERR_PKG_INVALID_KEY;
return 1; return 1;
} }
} }

4
lib/libalpm/error.c
View file

@ -72,6 +72,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err)
return _("invalid or corrupted database"); return _("invalid or corrupted database");
case ALPM_ERR_DB_INVALID_SIG: case ALPM_ERR_DB_INVALID_SIG:
return _("invalid or corrupted database (PGP signature)"); return _("invalid or corrupted database (PGP signature)");
case ALPM_ERR_DB_INVALID_KEY:
return _("database signature has missing or invalid PGP key");
case ALPM_ERR_DB_VERSION: case ALPM_ERR_DB_VERSION:
return _("database is incorrect version"); return _("database is incorrect version");
case ALPM_ERR_DB_WRITE: case ALPM_ERR_DB_WRITE:
@ -115,6 +117,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err)
return _("invalid or corrupted package (checksum)"); return _("invalid or corrupted package (checksum)");
case ALPM_ERR_PKG_INVALID_SIG: case ALPM_ERR_PKG_INVALID_SIG:
return _("invalid or corrupted package (PGP signature)"); return _("invalid or corrupted package (PGP signature)");
case ALPM_ERR_PKG_INVALID_KEY:
return _("package signature has missing or invalid PGP key");
case ALPM_ERR_PKG_MISSING_SIG: case ALPM_ERR_PKG_MISSING_SIG:
return _("package missing required signature"); return _("package missing required signature");
case ALPM_ERR_PKG_OPEN: case ALPM_ERR_PKG_OPEN:

13
lib/libalpm/signing.c
View file

@ -792,7 +792,7 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path)
* @param marginal whether signatures with marginal trust are acceptable * @param marginal whether signatures with marginal trust are acceptable
* @param unknown whether signatures with unknown trust are acceptable * @param unknown whether signatures with unknown trust are acceptable
* @param sigdata a pointer to storage for signature results * @param sigdata a pointer to storage for signature results
* @return 0 on success, -1 on error (consult pm_errno or sigdata) * @return 0 on success, -1 on error, -2 on key error (consult pm_errno or sigdata)
*/ */
int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
const char *base64_sig, int optional, int marginal, int unknown, const char *base64_sig, int optional, int marginal, int unknown,
@ -800,6 +800,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
{ {
alpm_siglist_t *siglist; alpm_siglist_t *siglist;
int ret; int ret;
int key_invalid = 0;
CALLOC(siglist, 1, sizeof(alpm_siglist_t), CALLOC(siglist, 1, sizeof(alpm_siglist_t),
RET_ERR(handle, ALPM_ERR_MEMORY, -1)); RET_ERR(handle, ALPM_ERR_MEMORY, -1));
@ -823,7 +824,8 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
switch(siglist->results[num].status) { switch(siglist->results[num].status) {
case ALPM_SIGSTATUS_KEY_EXPIRED: case ALPM_SIGSTATUS_KEY_EXPIRED:
_alpm_log(handle, ALPM_LOG_DEBUG, "key is expired\n"); _alpm_log(handle, ALPM_LOG_DEBUG, "key is expired\n");
/* fallthrough */ key_invalid = 1;
__attribute__((fallthrough));
case ALPM_SIGSTATUS_VALID: case ALPM_SIGSTATUS_VALID:
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n"); _alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n");
switch(siglist->results[num].validity) { switch(siglist->results[num].validity) {
@ -848,9 +850,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
break; break;
} }
break; break;
case ALPM_SIGSTATUS_SIG_EXPIRED:
case ALPM_SIGSTATUS_KEY_UNKNOWN: case ALPM_SIGSTATUS_KEY_UNKNOWN:
case ALPM_SIGSTATUS_KEY_DISABLED: case ALPM_SIGSTATUS_KEY_DISABLED:
case ALPM_SIGSTATUS_SIG_EXPIRED:
_alpm_log(handle, ALPM_LOG_DEBUG, "key is not valid\n");
key_invalid = 1;
__attribute__((fallthrough));
case ALPM_SIGSTATUS_INVALID: case ALPM_SIGSTATUS_INVALID:
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is not valid\n"); _alpm_log(handle, ALPM_LOG_DEBUG, "signature is not valid\n");
ret = -1; ret = -1;
@ -866,7 +871,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
free(siglist); free(siglist);
} }
return ret; return key_invalid ? -2 : ret;
} }
/** /**

1
lib/libalpm/sync.c
View file

@ -1054,6 +1054,7 @@ static int check_validity(alpm_handle_t *handle,
_("%s: missing required signature\n"), v->pkg->name); _("%s: missing required signature\n"), v->pkg->name);
break; break;
case ALPM_ERR_PKG_INVALID_SIG: case ALPM_ERR_PKG_INVALID_SIG:
case ALPM_ERR_PKG_INVALID_KEY:
_alpm_process_siglist(handle, v->pkg->name, v->siglist, _alpm_process_siglist(handle, v->pkg->name, v->siglist,
v->siglevel & ALPM_SIG_PACKAGE_OPTIONAL, v->siglevel & ALPM_SIG_PACKAGE_OPTIONAL,
v->siglevel & ALPM_SIG_PACKAGE_MARGINAL_OK, v->siglevel & ALPM_SIG_PACKAGE_MARGINAL_OK,

15
src/pacman/callback.c
View file

@ -529,10 +529,17 @@ void cb_question(void *ctx, alpm_question_t *question)
case ALPM_QUESTION_CORRUPTED_PKG: case ALPM_QUESTION_CORRUPTED_PKG:
{ {
alpm_question_corrupted_t *q = &question->corrupted; alpm_question_corrupted_t *q = &question->corrupted;
q->remove = yesno(_("File %s is corrupted (%s).\n" if(q->reason == ALPM_ERR_PKG_INVALID_KEY || q->reason == ALPM_ERR_DB_INVALID_KEY) {
"Do you want to delete it?"), q->remove = yesno(_("Can't get PGP key for file %s (%s)\n"
q->filepath, "Do you want to delete it?"),
alpm_strerror(q->reason)); q->filepath,
alpm_strerror(q->reason));
} else {
q->remove = yesno(_("File %s is corrupted (%s).\n"
"Do you want to delete it?"),
q->filepath,
alpm_strerror(q->reason));
}
} }
break; break;
case ALPM_QUESTION_IMPORT_KEY: case ALPM_QUESTION_IMPORT_KEY: