FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 05-28-2011, 02:37 PM
Pang Yan Han
 
Default Add --verify option for signature level

The --verify option allows the user to change pacman's default signature
verification level. It must take in one of "always", "optional" and "verify".

Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
---
doc/pacman.8.txt | 5 +++++
src/pacman/conf.h | 3 ++-
src/pacman/pacman.c | 15 +++++++++++++++
3 files changed, 22 insertions(+), 1 deletions(-)

diff --git a/doc/pacman.8.txt b/doc/pacman.8.txt
index aec7fd1..453c446 100644
--- a/doc/pacman.8.txt
+++ b/doc/pacman.8.txt
@@ -165,6 +165,11 @@ Options
Bypass any and all ``Are you sure?' messages. It's not a good idea to do
this unless you want to run pacman from a script.

+*--verify* <level>::
+ Sets the default signature verification level to <level>. Valid values for level
+ are "never", "optional" and "always". This can be used to override the "VerifySig"
+ option in linkmanacman.conf[5].
+
Transaction Options (apply to '-S', '-R' and '-U')
--------------------------------------------------
*-d, --nodeps*::
diff --git a/src/pacman/conf.h b/src/pacman/conf.h
index 76c76cf..f741ae6 100644
--- a/src/pacman/conf.h
+++ b/src/pacman/conf.h
@@ -111,7 +111,8 @@ enum {
OP_ASEXPLICIT,
OP_ARCH,
OP_PRINTFORMAT,
- OP_GPGDIR
+ OP_GPGDIR,
+ OP_VERIFY
};

/* clean method */
diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c
index 8458c97..13dded1 100644
--- a/src/pacman/pacman.c
+++ b/src/pacman/pacman.c
@@ -438,6 +438,20 @@ static int parsearg_global(int opt)
config->logfile = strndup(optarg, PATH_MAX);
break;
case OP_NOCONFIRM: config->noconfirm = 1; break;
+ case OP_VERIFY:
+ if (!strcmp(optarg, "always")) {
+ alpm_option_set_default_sigverify(PM_PGP_VERIFY_AL WAYS);
+ } else if (!strcmp(optarg, "optional")) {
+ alpm_option_set_default_sigverify(PM_PGP_VERIFY_OP TIONAL);
+ } else if (!strcmp(optarg, "never")) {
+ alpm_option_set_default_sigverify(PM_PGP_VERIFY_NE VER);
+ } else {
+ pm_printf(PM_LOG_ERROR, _("'%s' is not a valid verify level
"),
+ optarg);
+ return 1;
+ }
+
+ break;
case 'b':
check_optarg();
config->dbpath = strdup(optarg);
@@ -635,6 +649,7 @@ static int parseargs(int argc, char *argv[])
{"arch", required_argument, 0, OP_ARCH},
{"print-format", required_argument, 0, OP_PRINTFORMAT},
{"gpgdir", required_argument, 0, OP_GPGDIR},
+ {"verify", required_argument, 0, OP_VERIFY},
{0, 0, 0, 0}
};

--
1.7.5.rc0.101.g3d23c
 
Old 05-29-2011, 07:46 AM
Rémy Oudompheng
 
Default Add --verify option for signature level

On Sat 28 May 2011 at 22:37 +0800, Pang Yan Han wrote:
> + case OP_VERIFY:
> + if (!strcmp(optarg, "always")) {
> + alpm_option_set_default_sigverify(PM_PGP_VERIFY_AL WAYS);
> + } else if (!strcmp(optarg, "optional")) {
> + alpm_option_set_default_sigverify(PM_PGP_VERIFY_OP TIONAL);
> + } else if (!strcmp(optarg, "never")) {
> + alpm_option_set_default_sigverify(PM_PGP_VERIFY_NE VER);
> + } else {
> + pm_printf(PM_LOG_ERROR, _("'%s' is not a valid verify level
"),
> + optarg);
> + return 1;
> + }
> +
> + break;
>

You could have used the option_verifysig() function from conf.c.

Maybe it would be better to store that value in a new field of the config
structure (same thing in conf.c) so that it would get applied in a
similar way as with setlibpaths().

--
Rémy.
 
Old 05-29-2011, 08:52 AM
Pang Yan Han
 
Default Add --verify option for signature level

 
Old 05-29-2011, 08:54 AM
Pang Yan Han
 
Default Add --verify option for signature level

Sorry I'll resend this.

On Sun, May 29, 2011 at 4:52 PM, Pang Yan Han <pangyanhan@gmail.com> wrote:

>
>
> ---------- Forwarded message ----------
> From: Pang Yan Han <pangyanhan@gmail.com>
> To:
> Date: Sun, 29 May 2011 16:39:50 +0800
> Subject: [PATCH 4/6] Add --verify option for signature level
> The --verify option allows the user to change pacman's default signature
> verification level. It can take in one of "Always", "Optional" or "Verify".
>
> Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
> ---
> src/pacman/conf.c | 14 ++++++++++++++
> src/pacman/conf.h | 4 +++-
> src/pacman/pacman.c | 4 ++++
> 3 files changed, 21 insertions(+), 1 deletions(-)
>
> diff --git a/src/pacman/conf.c b/src/pacman/conf.c
> index 370ec51..869c005 100644
> --- a/src/pacman/conf.c
> +++ b/src/pacman/conf.c
> @@ -68,6 +68,7 @@ int config_free(config_t *oldconfig)
> free(oldconfig->rootdir);
> free(oldconfig->dbpath);
> free(oldconfig->logfile);
> + free(oldconfig->sigverify);
> free(oldconfig->xfercommand);
> free(oldconfig->print_format);
> free(oldconfig);
> @@ -474,6 +475,19 @@ static int setlibpaths(void)
> }
> }
>
> + /* Set the signature verification level to what the user requested
> */
> + if(config->sigverify) {
> + pgp_verify_t verify = option_verifysig(config->sigverify);
> + if (verify != PM_PGP_VERIFY_UNKNOWN) {
> + ret = alpm_option_set_default_sigverify(verify);
> + if(ret != 0) {
> + pm_printf(PM_LOG_ERROR, _("problem setting
> sigverify '%s' (%s)
"),
> + config->sigverify,
> alpm_strerrorlast());
> + return ret;
> + }
> + }
> + }
> +
> /* add a default cachedir if one wasn't specified */
> if(alpm_option_get_cachedirs() == NULL) {
> alpm_option_add_cachedir(CACHEDIR);
> diff --git a/src/pacman/conf.h b/src/pacman/conf.h
> index 76c76cf..d08f83c 100644
> --- a/src/pacman/conf.h
> +++ b/src/pacman/conf.h
> @@ -41,6 +41,7 @@ typedef struct __config_t {
> char *dbpath;
> char *logfile;
> char *gpgdir;
> + char *sigverify;
> /* TODO how to handle cachedirs? */
>
> unsigned short op_q_isfile;
> @@ -111,7 +112,8 @@ enum {
> OP_ASEXPLICIT,
> OP_ARCH,
> OP_PRINTFORMAT,
> - OP_GPGDIR
> + OP_GPGDIR,
> + OP_VERIFY
> };
>
> /* clean method */
> diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c
> index 8458c97..1e58890 100644
> --- a/src/pacman/pacman.c
> +++ b/src/pacman/pacman.c
> @@ -438,6 +438,9 @@ static int parsearg_global(int opt)
> config->logfile = strndup(optarg, PATH_MAX);
> break;
> case OP_NOCONFIRM: config->noconfirm = 1; break;
> + case OP_VERIFY:
> + config->sigverify = strdup(optarg);
> + break;
> case 'b':
> check_optarg();
> config->dbpath = strdup(optarg);
> @@ -635,6 +638,7 @@ static int parseargs(int argc, char *argv[])
> {"arch", required_argument, 0, OP_ARCH},
> {"print-format", required_argument, 0, OP_PRINTFORMAT},
> {"gpgdir", required_argument, 0, OP_GPGDIR},
> + {"verify", required_argument, 0, OP_VERIFY},
> {0, 0, 0, 0}
> };
>
> --
> 1.7.5.rc0.101.g3d23c
>
>
 
Old 05-29-2011, 09:04 AM
Pang Yan Han
 
Default Add --verify option for signature level

The --verify option allows the user to change pacman's default signature
verification level. It can take in one of "Always", "Optional" or "Verify".

Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
---
This is a reroll after Remy suggested that it's better to set the signature
verification level supplied from the command line in setlibpaths().

A new field is introduced in struct config which stores what the user passes
to the --verify option at the command line.

Is it possible for us to change option_verifysig to compare to non-caps
versions of "Always", "Optional" and "Never"?

src/pacman/conf.c | 14 ++++++++++++++
src/pacman/conf.h | 4 +++-
src/pacman/pacman.c | 4 ++++
3 files changed, 21 insertions(+), 1 deletions(-)

diff --git a/src/pacman/conf.c b/src/pacman/conf.c
index 370ec51..869c005 100644
--- a/src/pacman/conf.c
+++ b/src/pacman/conf.c
@@ -68,6 +68,7 @@ int config_free(config_t *oldconfig)
free(oldconfig->rootdir);
free(oldconfig->dbpath);
free(oldconfig->logfile);
+ free(oldconfig->sigverify);
free(oldconfig->xfercommand);
free(oldconfig->print_format);
free(oldconfig);
@@ -474,6 +475,19 @@ static int setlibpaths(void)
}
}

+ /* Set the signature verification level to what the user requested */
+ if(config->sigverify) {
+ pgp_verify_t verify = option_verifysig(config->sigverify);
+ if (verify != PM_PGP_VERIFY_UNKNOWN) {
+ ret = alpm_option_set_default_sigverify(verify);
+ if(ret != 0) {
+ pm_printf(PM_LOG_ERROR, _("problem setting sigverify '%s' (%s)
"),
+ config->sigverify, alpm_strerrorlast());
+ return ret;
+ }
+ }
+ }
+
/* add a default cachedir if one wasn't specified */
if(alpm_option_get_cachedirs() == NULL) {
alpm_option_add_cachedir(CACHEDIR);
diff --git a/src/pacman/conf.h b/src/pacman/conf.h
index 76c76cf..d08f83c 100644
--- a/src/pacman/conf.h
+++ b/src/pacman/conf.h
@@ -41,6 +41,7 @@ typedef struct __config_t {
char *dbpath;
char *logfile;
char *gpgdir;
+ char *sigverify;
/* TODO how to handle cachedirs? */

unsigned short op_q_isfile;
@@ -111,7 +112,8 @@ enum {
OP_ASEXPLICIT,
OP_ARCH,
OP_PRINTFORMAT,
- OP_GPGDIR
+ OP_GPGDIR,
+ OP_VERIFY
};

/* clean method */
diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c
index 8458c97..1e58890 100644
--- a/src/pacman/pacman.c
+++ b/src/pacman/pacman.c
@@ -438,6 +438,9 @@ static int parsearg_global(int opt)
config->logfile = strndup(optarg, PATH_MAX);
break;
case OP_NOCONFIRM: config->noconfirm = 1; break;
+ case OP_VERIFY:
+ config->sigverify = strdup(optarg);
+ break;
case 'b':
check_optarg();
config->dbpath = strdup(optarg);
@@ -635,6 +638,7 @@ static int parseargs(int argc, char *argv[])
{"arch", required_argument, 0, OP_ARCH},
{"print-format", required_argument, 0, OP_PRINTFORMAT},
{"gpgdir", required_argument, 0, OP_GPGDIR},
+ {"verify", required_argument, 0, OP_VERIFY},
{0, 0, 0, 0}
};

--
1.7.5.rc0.101.g3d23c
 
Old 06-01-2011, 05:26 PM
Dan McGee
 
Default Add --verify option for signature level

On Sun, May 29, 2011 at 4:04 AM, Pang Yan Han <pangyanhan@gmail.com> wrote:
> The --verify option allows the user to change pacman's default signature
> verification level. It can take in one of "Always", "Optional" or "Verify".
>
> Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
> ---
> This is a reroll after Remy suggested that it's better to set the signature
> verification level supplied from the command line in setlibpaths().
Would you mind re-rolling again with docs? Both a usage string and
doc/ updates will be needed.

> A new field is introduced in struct config which stores what the user passes
> to the --verify option at the command line.
>
> Is it possible for us to change option_verifysig to compare to non-caps
> versions of "Always", "Optional" and "Never"?
As long as you don't break the requirements made in this commit way back when:
http://projects.archlinux.org/pacman.git/commit/?id=b3e6cf652c9e989badaf5499abb1d64c1a110927

Basically case insensitive compares don't always work as expected
across locales, so if you do this, it is probably best to explicitly
compare to "Always" and "always", "Optional" and "optional", etc.
Especially since "optional" contains the infamous "i" character.

>
> *src/pacman/conf.c * | * 14 ++++++++++++++
> *src/pacman/conf.h * | * *4 +++-
> *src/pacman/pacman.c | * *4 ++++
> *3 files changed, 21 insertions(+), 1 deletions(-)
>
> diff --git a/src/pacman/conf.c b/src/pacman/conf.c
> index 370ec51..869c005 100644
> --- a/src/pacman/conf.c
> +++ b/src/pacman/conf.c
> @@ -68,6 +68,7 @@ int config_free(config_t *oldconfig)
> * * * *free(oldconfig->rootdir);
> * * * *free(oldconfig->dbpath);
> * * * *free(oldconfig->logfile);
> + * * * free(oldconfig->sigverify);
> * * * *free(oldconfig->xfercommand);
> * * * *free(oldconfig->print_format);
> * * * *free(oldconfig);
> @@ -474,6 +475,19 @@ static int setlibpaths(void)
> * * * * * * * *}
> * * * *}
>
> + * * * /* Set the signature verification level to what the user requested */
> + * * * if(config->sigverify) {
> + * * * * * * * pgp_verify_t verify = option_verifysig(config->sigverify);
> + * * * * * * * if (verify != PM_PGP_VERIFY_UNKNOWN) {
> + * * * * * * * * * * * ret = alpm_option_set_default_sigverify(verify);
> + * * * * * * * * * * * if(ret != 0) {
> + * * * * * * * * * * * * * * * pm_printf(PM_LOG_ERROR, _("problem setting sigverify '%s' (%s)
"),
> + * * * * * * * * * * * * * * * * * * * * * * * config->sigverify, alpm_strerrorlast());
> + * * * * * * * * * * * * * * * return ret;
> + * * * * * * * * * * * }
> + * * * * * * * }
> + * * * }
> +
> * * * */* add a default cachedir if one wasn't specified */
> * * * *if(alpm_option_get_cachedirs() == NULL) {
> * * * * * * * *alpm_option_add_cachedir(CACHEDIR);
> diff --git a/src/pacman/conf.h b/src/pacman/conf.h
> index 76c76cf..d08f83c 100644
> --- a/src/pacman/conf.h
> +++ b/src/pacman/conf.h
> @@ -41,6 +41,7 @@ typedef struct __config_t {
> * * * *char *dbpath;
> * * * *char *logfile;
> * * * *char *gpgdir;
> + * * * char *sigverify;
> * * * */* TODO how to handle cachedirs? */
>
> * * * *unsigned short op_q_isfile;
> @@ -111,7 +112,8 @@ enum {
> * * * *OP_ASEXPLICIT,
> * * * *OP_ARCH,
> * * * *OP_PRINTFORMAT,
> - * * * OP_GPGDIR
> + * * * OP_GPGDIR,
> + * * * OP_VERIFY
> *};
>
> */* clean method */
> diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c
> index 8458c97..1e58890 100644
> --- a/src/pacman/pacman.c
> +++ b/src/pacman/pacman.c
> @@ -438,6 +438,9 @@ static int parsearg_global(int opt)
> * * * * * * * * * * * *config->logfile = strndup(optarg, PATH_MAX);
> * * * * * * * * * * * *break;
> * * * * * * * *case OP_NOCONFIRM: config->noconfirm = 1; break;
> + * * * * * * * case OP_VERIFY:
> + * * * * * * * * * * * config->sigverify = strdup(optarg);
> + * * * * * * * * * * * break;
> * * * * * * * *case 'b':
> * * * * * * * * * * * *check_optarg();
> * * * * * * * * * * * *config->dbpath = strdup(optarg);
> @@ -635,6 +638,7 @@ static int parseargs(int argc, char *argv[])
> * * * * * * * *{"arch", * * * required_argument, 0, OP_ARCH},
> * * * * * * * *{"print-format", required_argument, 0, OP_PRINTFORMAT},
> * * * * * * * *{"gpgdir", * * required_argument, 0, OP_GPGDIR},
> + * * * * * * * {"verify", * * required_argument, 0, OP_VERIFY},
> * * * * * * * *{0, 0, 0, 0}
> * * * *};
>
> --
> 1.7.5.rc0.101.g3d23c
>
>
>
 
Old 06-02-2011, 12:26 AM
Pang Yan Han
 
Default Add --verify option for signature level

The --verify option allows the user to change pacman's default signature
verification level. It can take in one of "always", "optional" or "never".

Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
---
doc/pacman.8.txt | 5 +++++
src/pacman/conf.c | 14 ++++++++++++++
src/pacman/conf.h | 4 +++-
src/pacman/pacman.c | 5 +++++
4 files changed, 27 insertions(+), 1 deletions(-)

diff --git a/doc/pacman.8.txt b/doc/pacman.8.txt
index 531c992..8e048ba 100644
--- a/doc/pacman.8.txt
+++ b/doc/pacman.8.txt
@@ -165,6 +165,11 @@ Options
Bypass any and all ``Are you sure?' messages. It's not a good idea to do
this unless you want to run pacman from a script.

+*--verify* <level>::
+ Sets the default signature verification level to <level>. Valid values for level
+ are "always", "optional" and "never". This can be used to override the "VerifySig"
+ option in linkmanacman.conf[5].
+
Transaction Options (apply to '-S', '-R' and '-U')
--------------------------------------------------
*-d, --nodeps*::
diff --git a/src/pacman/conf.c b/src/pacman/conf.c
index 06c6eca..6ed4d82 100644
--- a/src/pacman/conf.c
+++ b/src/pacman/conf.c
@@ -68,6 +68,7 @@ int config_free(config_t *oldconfig)
free(oldconfig->rootdir);
free(oldconfig->dbpath);
free(oldconfig->logfile);
+ free(oldconfig->sigverify);
free(oldconfig->xfercommand);
free(oldconfig->print_format);
free(oldconfig);
@@ -474,6 +475,19 @@ static int setlibpaths(void)
}
}

+ /* Set the signature verification level to what the user requested */
+ if(config->sigverify) {
+ pgp_verify_t verify = option_verifysig(config->sigverify);
+ if (verify != PM_PGP_VERIFY_UNKNOWN) {
+ ret = alpm_option_set_default_sigverify(verify);
+ if(ret != 0) {
+ pm_printf(PM_LOG_ERROR, _("problem setting sigverify '%s' (%s)
"),
+ config->sigverify, alpm_strerrorlast());
+ return ret;
+ }
+ }
+ }
+
/* add a default cachedir if one wasn't specified */
if(alpm_option_get_cachedirs() == NULL) {
alpm_option_add_cachedir(CACHEDIR);
diff --git a/src/pacman/conf.h b/src/pacman/conf.h
index 76c76cf..d08f83c 100644
--- a/src/pacman/conf.h
+++ b/src/pacman/conf.h
@@ -41,6 +41,7 @@ typedef struct __config_t {
char *dbpath;
char *logfile;
char *gpgdir;
+ char *sigverify;
/* TODO how to handle cachedirs? */

unsigned short op_q_isfile;
@@ -111,7 +112,8 @@ enum {
OP_ASEXPLICIT,
OP_ARCH,
OP_PRINTFORMAT,
- OP_GPGDIR
+ OP_GPGDIR,
+ OP_VERIFY
};

/* clean method */
diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c
index 8458c97..eaecc3c 100644
--- a/src/pacman/pacman.c
+++ b/src/pacman/pacman.c
@@ -206,6 +206,7 @@ static void usage(int op, const char * const myname)
addlist(_(" --gpgdir <path> set an alternate home directory for GnuPG
"));
addlist(_(" --logfile <path> set an alternate log file
"));
addlist(_(" --noconfirm do not ask for any confirmation
"));
+ addlist(_(" --verify set an alternate signature verification level
"));
}
list = alpm_list_msort(list, alpm_list_count(list), options_cmp);
for (i = list; i; i = alpm_list_next(i)) {
@@ -438,6 +439,9 @@ static int parsearg_global(int opt)
config->logfile = strndup(optarg, PATH_MAX);
break;
case OP_NOCONFIRM: config->noconfirm = 1; break;
+ case OP_VERIFY:
+ config->sigverify = strdup(optarg);
+ break;
case 'b':
check_optarg();
config->dbpath = strdup(optarg);
@@ -635,6 +639,7 @@ static int parseargs(int argc, char *argv[])
{"arch", required_argument, 0, OP_ARCH},
{"print-format", required_argument, 0, OP_PRINTFORMAT},
{"gpgdir", required_argument, 0, OP_GPGDIR},
+ {"verify", required_argument, 0, OP_VERIFY},
{0, 0, 0, 0}
};

--
1.7.5.rc0.101.g3d23c
 

Thread Tools




All times are GMT. The time now is 06:35 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org