Set default pacman SigLevel as "Required"

We should set the secure option as the default and require a user or
distribution to explicitly reduce the level of checking required in
their configuration file.

Implements #260

Signed-off-by: Allan McRae <allan@archlinux.org>

doc/pacman.conf.5.asciidoc

@@ -318,12 +318,12 @@ When to Check::
 	*Never*;;
 		All signature checking is suppressed, even if signatures are present.
 
-	*Optional* (default);;
+	*Optional*;;
 		Signatures are checked if present; absence of a signature is not an
 		error. An invalid signature is a fatal error, as is a signature from a
 		key not in the keyring.
 
-	*Required*;;
+	*Required* (default);;
 		Signatures are required; absence of a signature or an invalid signature
 		is a fatal error, as is a signature from a key not in the keyring.
 
@@ -349,7 +349,7 @@ level signatures for packages.
 The built-in default is the following:
 
 --------
-SigLevel = Optional TrustedOnly
+SigLevel = Required TrustedOnly
 --------
 
 

lib/libalpm/dload.c

@@ -1118,34 +1118,31 @@ static int finalize_download_locations(alpm_list_t *payloads, const char *localp
 			filename = payload->tempfile_name;
 		}
 
-		if(filename) {
+		/* if neither file exists then the download failed and logged an error for us */
+		if(!filename) {
+			returnvalue = -1;
+			continue;
+		}
+
 		int ret = move_file(filename, localpath);
 
 		if(ret == -1) {
+			/* ignore error if the file already existed - only signature file was downloaded */
 			if(payload->mtime_existing_file == 0) {
 				_alpm_log(payload->handle, ALPM_LOG_ERROR, _("could not move %s into %s (%s)\n"),
 						filename, localpath, strerror(errno));
 				returnvalue = -1;
 			}
 		}
-		}
 
 		if (payload->download_signature) {
-			char *sig_filename;
+			const char sig_suffix[] = ".sig";
-			int ret;
+			char *sig_filename = NULL;
-
+			size_t sig_filename_len = strlen(filename) + sizeof(sig_suffix);
-			filename = payload->destfile_name ? payload->destfile_name : payload->tempfile_name;
+			MALLOC(sig_filename, sig_filename_len, continue);
-			sig_filename = _alpm_get_fullpath("", filename, ".sig");
+			snprintf(sig_filename, sig_filename_len, "%s%s", filename, sig_suffix);
-			ASSERT(sig_filename, RET_ERR(payload->handle, ALPM_ERR_MEMORY, -1));
-			ret = move_file(sig_filename, localpath);
-			free(sig_filename);
-
-			if(ret == -1) {
-				sig_filename = _alpm_get_fullpath("", filename, ".sig.part");
-				ASSERT(sig_filename, RET_ERR(payload->handle, ALPM_ERR_MEMORY, -1));
 			move_file(sig_filename, localpath);
-				free(sig_filename);
+			FREE(sig_filename);
-			}
 		}
 	}
 	return returnvalue;
@@ -1299,7 +1296,7 @@ download_signature:
 	return ret;
 }
 
-static const char *url_basename(const char *url)
+static char *filecache_find_url(alpm_handle_t *handle, const char *url)
 {
 	const char *filebase = strrchr(url, '/');
 
@@ -1312,7 +1309,7 @@ static const char *url_basename(const char *url)
 		return NULL;
 	}
 
-	return filebase;
+	return _alpm_filecache_find(handle, filebase);
 }
 
 int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
@@ -1334,26 +1331,9 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
 
 	for(i = urls; i; i = i->next) {
 		char *url = i->data;
-		char *filepath = NULL;
-		const char *urlbase = url_basename(url);
 
-		if(urlbase) {
 		/* attempt to find the file in our pkgcache */
-			filepath = _alpm_filecache_find(handle, urlbase);
+		char *filepath = filecache_find_url(handle, url);
-
-			if(filepath && (handle->siglevel & ALPM_SIG_PACKAGE)) {
-				char *sig_filename = _alpm_get_fullpath("", urlbase, ".sig");
-
-				/* if there's no .sig file then forget about the pkg file and go for download */
-				if(!_alpm_filecache_exists(handle, sig_filename)) {
-					free(filepath);
-					filepath = NULL;
-				}
-
-				free(sig_filename);
-			}
-		}
-
 		if(filepath) {
 			/* the file is locally cached so add it to the output right away */
 			alpm_list_append(fetched, filepath);

scripts/libmakepkg/lint_pkgbuild/meson.build

@@ -17,6 +17,7 @@ sources = [
   'package_function.sh.in',
   'package_function_variable.sh.in',
   'pkgbase.sh.in',
+  'pkglist.sh.in',
   'pkgname.sh.in',
   'pkgrel.sh.in',
   'pkgver.sh.in',

scripts/libmakepkg/lint_pkgbuild/pkglist.sh.in

@@ -0,0 +1,44 @@
+#!/bin/bash
+#
+#   pkglist.sh - Check the packages selected to build exist.
+#
+#   Copyright (c) 2014-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+[[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PKGLIST_SH" ]] && return
+LIBMAKEPKG_LINT_PKGBUILD_PKGLIST_SH=1
+
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
+
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
+
+
+lint_pkgbuild_functions+=('lint_pkglist')
+
+
+lint_pkglist() {
+	local i ret=0
+
+	for i in "${PKGLIST[@]}"; do
+		if ! in_array "$i" "${pkgname[@]}"; then
+			error "$(gettext "Requested package %s is not provided in %s")" "$i" "$BUILDFILE"
+			ret=1
+		fi
+	done
+
+	return $ret
+}

src/pacman/conf.c

@@ -109,8 +109,7 @@ config_t *config_new(void)
 	newconfig->logmask = ALPM_LOG_ERROR | ALPM_LOG_WARNING;
 	newconfig->configfile = strdup(CONFFILE);
 	if(alpm_capabilities() & ALPM_CAPABILITY_SIGNATURES) {
-		newconfig->siglevel = ALPM_SIG_PACKAGE | ALPM_SIG_PACKAGE_OPTIONAL |
+		newconfig->siglevel = ALPM_SIG_PACKAGE | ALPM_SIG_DATABASE;
-			ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL;
 		newconfig->localfilesiglevel = ALPM_SIG_USE_DEFAULT;
 		newconfig->remotefilesiglevel = ALPM_SIG_USE_DEFAULT;
 	}

test/pacman/tests/upgrade-download-pkg-and-sig-with-filename.py

@@ -1,6 +1,7 @@
 self.description = 'download remote packages with -U with a URL filename'
 self.require_capability("gpg")
 self.require_capability("curl")
+self.option['SigLevel'] = ['Required']
 
 url = self.add_simple_http_server({
     # simple

test/pacman/util.py

@@ -115,6 +115,8 @@ def mkcfgfile(filename, root, option, db):
     data = ["[options]"]
     for key, value in option.items():
         data.extend(["%s = %s" % (key, j) for j in value])
+    if "SigLevel" not in option:
+        data.append("SigLevel = Never\n")
 
     # Repositories
     # sort by repo name so tests can predict repo order, rather than be