make gpgme optional
The package signing Wiki page says we could make gpgme optional for
pacman. The two following (very small patches) define another callback for package signing. It allows to make gpgme optional while preserving signature check capabilities, via an external callback. How such a callback could be defined remains to be decided in pacman code or pacman.conf syntax. -- Rémy. |
Make gpgme optional
These patches (partially already submitted before) make linking with
gpgme optional, and also implement a configuration option for pacman to use an external tool for signature checking. The given example is "gpg --verify - $filename", but "/bin/true" could be used to totally bypass checking. To apply on branch 'master', after the previously posted patch set. Rémy Oudompheng (4): handle: define a new callback for signature check signing: make gpgme optional and default to user callback pacman: add a configuration key for signature checking command pacman: implement signature check callback using an external command configure.ac | 19 ++++++++++- etc/pacman.conf.in | 1 + lib/libalpm/alpm.h | 12 +++++++ lib/libalpm/error.c | 2 + lib/libalpm/handle.c | 13 ++++++++ lib/libalpm/handle.h | 1 + lib/libalpm/signing.c | 33 +++++++++++++++++++-- lib/libalpm/signing.h | 2 +- lib/libalpm/sync.c | 6 ++- src/pacman/callback.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ src/pacman/callback.h | 3 ++ src/pacman/conf.h | 1 + src/pacman/pacman.c | 4 ++ 13 files changed, 167 insertions(+), 8 deletions(-) -- 1.7.4.4 |
Make gpgme optional
On Sun, Apr 10, 2011 at 6:37 AM, Rémy Oudompheng
<remyoudompheng@gmail.com> wrote: > These patches (partially already submitted before) make linking with > gpgme optional, and also implement a configuration option for > pacman to use an external tool for signature checking. > The given example is "gpg --verify - $filename", but "/bin/true" > could be used to totally bypass checking. You totally misread my TODO item, sorry, and I never intended someone else to do this one but put it on the list in trying to be open about things. :/ I meant nothing about letting an external tool validate signatures; as a matter of fact I am highly against this. I only wanted gpgme and signature checking to be an option that could be omitted when compiling, for instance if someone decided to use this to manage custom packages elsewhere with no intent of sharing publicly, or another OS where gpg is not so readily available. So I will take a look at the first half, but the second half will not be going anywhere. -Dan |
Make gpgme optional
On 2011/4/11 Dan McGee <dpmcgee@gmail.com> wrote:
> On Sun, Apr 10, 2011 at 6:37 AM, Rémy Oudompheng > <remyoudompheng@gmail.com> wrote: >> These patches (partially already submitted before) make linking with >> gpgme optional, and also implement a configuration option for >> pacman to use an external tool for signature checking. >> The given example is "gpg --verify - $filename", but "/bin/true" >> could be used to totally bypass checking. > > You totally misread my TODO item, sorry, and I never intended someone > else to do this one but put it on the list in trying to be open about > things. :/ > > I meant nothing about letting an external tool validate signatures; as > a matter of fact I am highly against this. I only wanted gpgme and > signature checking to be an option that could be omitted when > compiling, for instance if someone decided to use this to manage > custom packages elsewhere with no intent of sharing publicly, or > another OS where gpg is not so readily available. Gah I read "like we do with our download code" which looked exactly like I thought. However, I may understand that you don't want to merge this, even if I found the idea interesting. -- Rémy. |
| All times are GMT. The time now is 10:12 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.