summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-03-23Add some error codes for signature verificationDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add signature directory as option on libalpm handleDan McGee
This will serve as the home directory we pass to GPGME when making calls so we can have a libalpm-utilized keyring. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Actually read PGPSIG field in sync DB codeDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Merge branch 'gpg-libalpm-basics'Dan McGee
2011-03-23Add a few pactests for PGP integrationDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Remove libfetch error codeDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Read in .sig files when opening a package fileDan McGee
If a .sig file sits side-by-side on the filesystem with a package archive, read it in during the package struct creation process so we can verify it at a later time if necessary. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23Add PGP signature support to pactestDan McGee
Allow pkg.pgpsig to end up in the created sync databases. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Allow PGP signature to be read from sync databaseDan McGee
Add a new field to the package struct to hold PGP information and instruct db_read to pick it up from the database. It is currently unused internally but this is the first step. Due to the fact that we store the PGP sig as binary data, we need to store both the data and the length so we have a small utility struct to assist us. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23Add base64 algorithms from PolarSSL to libalpmDan McGee
We will need these for GPG functionality (decoding the base64 encoded signature stored in the databases). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23Merge branch 'gpg-build-tools'Dan McGee
2011-03-23repo-add: add sha256sum values to repo databaseDan McGee
Implements FS#23103. Also modify libalpm so it ignores this value without any warning as we know it is likely to exist. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Merge branch 'gpg-pacman-key'Dan McGee
2011-03-23Merge branch 'maint'Dan McGee
2011-03-23Bump version to 3.5.1Dan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Updated 3.5.1 translations from TransifexDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add new Serbian translation from TransifexSlobodan Terzić
Thanks! Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-233.5.1 NEWS updatesDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Documentation consistency fixesDan McGee
Fix the way we were referring to paths (use ``), .pac* extensions (use ''), and other general things across our main manpages. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Fix documentation typo in makepkg.8Dan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23pacman-key manpage updatesDan McGee
Make consistent in formatting, syntax, and prose with the rest of our documentation. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23pacman-key help, round threeDan McGee
Make it actually like all our other tools rather than some homegrown format. Also make it translator friendly by not wrapping messages across lines in different strings. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add man-page for pacman-keyGuillaume Alaux
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23pacman-key: improve usage outputAllan McRae
Make the usage output display nicely on 80 character width terminals. Also fix parsing of "-h" and "-v" options and avoid root check when run with no commands. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23pacman-key: remake of --reload commandDenis A. Altoé Falqueto
The --reload command was refactored to allow a more flexible management. There are two sets of keys that will be added, one that will be removed and one that will be kept. The set of keys to be kept are configured in pacman.conf, with the option HoldKeys, with the same meaning of HoldPkgs. It can be repeated and several values can be put in the same entry. The new behavior allows a key to be marked for removal, but the user can decide if that key must be kept. For example, if a developer has a public repository, signed with his own key, that key must be added to the HoldKeys option. If the key is marked for removal from pacman's keyring, it will not be removed for the users that have configured HoldKeys correctly. There are other minor fixes, mainly in the handling of --add command when there is no aditional parameter. In that case, pacman-key will behave just like gpg, adding the contents of stdin into pacman's keyring. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
2011-03-23pacman-key: keyring management toolDenis A. Altoé Falqueto
The script pacman-key will manage pacman's keyring. It imports, exports, fetches from keyservers, helps in the process of trusting and updates the trust database. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23repo-add: add symlink to signature fileAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23repo-add: Fix up usage with GPG optionsDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23repo-add: add -v/--verify optionDan McGee
This is intended to verify an existing signature on a database before making further changes to it and performing updates. Rarely would you use this without immediately resigning it via the -s/--sign option. Instead, it is intended as a "chain of trust" operation where the previous signature is verified to give you some sense that what you sign off on is also safe. Still todo: don't make changes unless the signature is not only good, but also in the accepted list of keys. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23repo-add: allow signing of the package databaseDan McGee
In order to be fully secure, we can't only sign packages. We also need to sign our repository metadata to prevent database falsification, dependency injection, etc. Add an '-s/--sign' option that allows this functionality, and will generate a .sig file side-by-side with the package database. While at it, fix the issue where a signature file would never be found because of 'cd' madness (this needs fixing in another commit). Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add PGPSIG field in repo-addGeoffroy Carrier
Use base64 encoding to store the value in the database if a .sig file exists for the package being added. Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-22makepkg: place signature symlink in build dirAllan McRae
Be consistent in package and signature placements when using PKGDEST. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-22makepkg: allow signatures to work with split packagesDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-22Add GPG signature support to makepkgGeoffroy Carrier
This is a rather simple patch to add signing support to makepkg. Add a create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf, and document the changes in the makepkg.conf manpage. Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-21Minor code cleanupsDan McGee
Wrap lines of long length, noticed while creating and messing around with some of the other maint branch patches. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-21Ensure package removal list does not contain duplicatesDan McGee
Noticed with the openoffice/libreoffice replacement scheme where many packages are listed as replacements to one package, thus electing it for removal multiple times. Ensure a given package is not already present before placing it in the removal list. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-21Fix line_offset not being reset in _alpm_archive_fgets()Dan McGee
This is a rather serious data corruption issue that luckily manifested itself today in a noticable way. A package in testing had replaces entries read in as ["%RE pkgname", "%RE"] which was clearly wrong. This happens when we hit the end of an archive block, do not have a newline, and have to continue reading from the next block to complete the line. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-21Merge branch 'maint'Dan McGee
Conflicts due to change in return calling style. Conflicts: src/pacman/pacman.c src/pacman/sync.c
2011-03-21Don't initialize progress to zero before calling curl_easy_perform().Lukas Fleischer
Drawing progress bars before calling curl_easy_perform() is needless as the curl progress callback is called with zero progress before actually downloading the file anyways. Fixes display of "0%" progress bars when sync'ing package databases that are already up to date. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-21Ensure dlcb is defined before calling itDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-21Do not query group selection when using -SpAllan McRae
Remove unnecessary output when using -Sp. Fixes FS#23340. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-21Some more zsh completion tidy upAllan McRae
Changes for consistency across functions Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-21Fix zsh completionAllan McRae
Fixes completion for "pacman -S <tab>" and "pacman -S repo/<tab>" Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-21Restore --debug/--verbose output without a primary operationDan McGee
This is by no means a guarantee of this behavior remaining the same in the future, but it is easy enough to do what we used to in this case by delaying any sort of error condition until after we are completely done parsing options. Addresses FS#23370. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-20Add a few more notes about translating using TransifexDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-20Update source translation files in prep for 3.5.1Dan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-20Remove unnecessary NULL checkDan McGee
fp can never be NULL at this point in the code, proven by Coccinelle. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-20Fix comparison to 0 rather than NULLDan McGee
Another fix found by Coccinelle example semantic patches. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-20Fix assignment before NULL checkDan McGee
Easy fix, found using null_ref.cocci example Coccinelle script. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-20Style change: return(x) --> return xDan McGee
This was discussed and more or less agreed upon on the mailing list. A huge checkin, but if we just do it and let people adjust the pain will end soon enough. Rebasing should be relatively straighforward for anyone that sees conflicts; just be sure you use the new return style if possible. The following semantic patch was used to do the change, along with some hand-massaging in order to preserve parenthesis where appropriate: The semantic match that finds this problem is as follows, although some hand-massaging was done in order to keep parenthesis where appropriate: (http://coccinelle.lip6.fr/) // <smpl> @@ expression a; @@ - return(a); + return a; // </smpl> A macros_file was also provided with the following content: Additional steps taken, mainly for ASSERT() macros: $ sed -i -e 's#return(NULL)#return NULL#' lib/libalpm/*.c $ sed -i -e 's#return(-1)#return -1#' lib/libalpm/*.c Signed-off-by: Dan McGee <dan@archlinux.org>