summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLuiz Ramos2012-07-22 21:45:47 -0300
committerJason Woodward2012-08-02 13:47:05 +0000
commitcab5cd008c766df8c3708745416491eb4888b749 (patch)
tree2e8931dec2a471164a3b94726c26158d2ad09836
parentf9ad0aab997785b1bb0348f8ea9f1e9b5f0989f2 (diff)
downloadslapt-get-cab5cd008c766df8c3708745416491eb4888b749.tar.gz
show some additional information when signature is not verified
-rw-r--r--src/common.c24
-rw-r--r--src/common.h12
-rw-r--r--src/gpgme.c29
-rw-r--r--src/package.c4
4 files changed, 60 insertions, 9 deletions
diff --git a/src/common.c b/src/common.c
index a4a417d..4bf71bc 100644
--- a/src/common.c
+++ b/src/common.c
@@ -321,8 +321,28 @@ const char *slapt_strerror(slapt_code_t code)
return gettext("GPG key already present");
case SLAPT_CHECKSUMS_VERIFIED:
return gettext("Checksums signature successfully verified");
- case SLAPT_CHECKSUMS_NOT_VERIFIED:
- return gettext("Checksums signature could not be verified");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_NULL_CONTEXT:
+ return gettext("Not verified: null context");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_READ_CHECKSUMS:
+ return gettext("Checksums not read");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_READ_SIGNATURE:
+ return gettext("Signature not read");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_KEY_REVOKED:
+ return gettext("Not Verified: key revoked");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_KEY_EXPIRED:
+ return gettext("Not Verified: key expired");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_SIG_EXPIRED:
+ return gettext("Not Verified: signature expired");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_CRL_MISSING:
+ return gettext("Not Verified: missing CRL");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_CRL_TOO_OLD:
+ return gettext("Not Verified: CRL too old");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_BAD_POLICY:
+ return gettext("Not Verified: bad policy");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_SYS_ERROR:
+ return gettext("Not Verified: system error");
+ case SLAPT_CHECKSUMS_NOT_VERIFIED_UNKNOWN:
+ return gettext("Not Verified: unknown error");
case SLAPT_CHECKSUMS_MISSING_KEY:
return gettext("No key for verification");
#endif
diff --git a/src/common.h b/src/common.h
index 3c29153..37c36d4 100644
--- a/src/common.h
+++ b/src/common.h
@@ -21,7 +21,17 @@ typedef enum {
SLAPT_GPG_KEY_UNCHANGED,
SLAPT_CHECKSUMS_VERIFIED,
SLAPT_CHECKSUMS_MISSING_KEY,
- SLAPT_CHECKSUMS_NOT_VERIFIED,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_NULL_CONTEXT,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_READ_CHECKSUMS,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_READ_SIGNATURE,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_KEY_REVOKED,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_KEY_EXPIRED,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_SIG_EXPIRED,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_CRL_MISSING,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_CRL_TOO_OLD,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_BAD_POLICY,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_SYS_ERROR,
+ SLAPT_CHECKSUMS_NOT_VERIFIED_UNKNOWN,
#endif
SLAPT_DOWNLOAD_INCOMPLETE
} slapt_code_t;
diff --git a/src/gpgme.c b/src/gpgme.c
index 0136560..f45b49f 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -259,22 +259,24 @@ slapt_code_t slapt_add_pkg_source_gpg_key (FILE *key)
return imported;
}
+static slapt_code_t _slapt_gpg_get_gpgme_error(gpgme_sigsum_t sum);
+
slapt_code_t slapt_gpg_verify_checksums(FILE *checksums,
FILE *signature)
{
gpgme_error_t e;
gpgme_ctx_t *ctx = _slapt_init_gpgme_ctx();
gpgme_data_t chk_data, asc_data;
- slapt_code_t verified = SLAPT_CHECKSUMS_NOT_VERIFIED;
+ slapt_code_t verified = SLAPT_CHECKSUMS_NOT_VERIFIED_UNKNOWN;
if (ctx == NULL)
- return verified;
+ return SLAPT_CHECKSUMS_NOT_VERIFIED_NULL_CONTEXT;
e = gpgme_data_new_from_stream (&chk_data, checksums);
if (e != GPG_ERR_NO_ERROR)
{
_slapt_free_gpgme_ctx(ctx);
- return verified;
+ return SLAPT_CHECKSUMS_NOT_VERIFIED_READ_CHECKSUMS;
}
e = gpgme_data_new_from_stream (&asc_data, signature);
@@ -282,7 +284,7 @@ slapt_code_t slapt_gpg_verify_checksums(FILE *checksums,
{
gpgme_data_release (chk_data);
_slapt_free_gpgme_ctx(ctx);
- return verified;
+ return SLAPT_CHECKSUMS_NOT_VERIFIED_READ_SIGNATURE;
}
e = gpgme_op_verify (*ctx, asc_data, chk_data, NULL);
@@ -300,6 +302,8 @@ slapt_code_t slapt_gpg_verify_checksums(FILE *checksums,
verified = SLAPT_CHECKSUMS_VERIFIED;
} else if (sum & GPGME_SIGSUM_KEY_MISSING) {
verified = SLAPT_CHECKSUMS_MISSING_KEY;
+ } else {
+ verified = _slapt_gpg_get_gpgme_error(sum);
}
}
@@ -312,3 +316,20 @@ slapt_code_t slapt_gpg_verify_checksums(FILE *checksums,
return verified;
}
+slapt_code_t _slapt_gpg_get_gpgme_error(gpgme_sigsum_t sum)
+{
+ switch (sum)
+ {
+ case GPGME_SIGSUM_KEY_REVOKED: return SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_KEY_REVOKED;
+ case GPGME_SIGSUM_KEY_EXPIRED: return SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_KEY_EXPIRED;
+ case GPGME_SIGSUM_SIG_EXPIRED: return SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_SIG_EXPIRED;
+ case GPGME_SIGSUM_CRL_MISSING: return SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_CRL_MISSING;
+ case GPGME_SIGSUM_CRL_TOO_OLD: return SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_CRL_TOO_OLD;
+ case GPGME_SIGSUM_BAD_POLICY: return SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_BAD_POLICY;
+ case GPGME_SIGSUM_SYS_ERROR: return SLAPT_CHECKSUMS_NOT_VERIFIED_GPGME_SYS_ERROR;
+ default: break;
+ }
+
+ return SLAPT_CHECKSUMS_NOT_VERIFIED_UNKNOWN;
+}
+
diff --git a/src/package.c b/src/package.c
index 68b63a4..e5d58cc 100644
--- a/src/package.c
+++ b/src/package.c
@@ -2015,7 +2015,7 @@ int slapt_update_pkg_cache(const slapt_rc_config *global_config)
}
if (tmp_signature_f != NULL && tmp_checksum_to_verify_f != NULL) {
- slapt_code_t verified = SLAPT_CHECKSUMS_NOT_VERIFIED;
+ slapt_code_t verified = SLAPT_CHECKSUMS_NOT_VERIFIED_UNKNOWN;
printf(gettext("Verifying checksum signature [%s]..."), source_url);
verified = slapt_gpg_verify_checksums(tmp_checksum_to_verify_f, tmp_signature_f);
if (verified == SLAPT_CHECKSUMS_VERIFIED) {
@@ -2023,7 +2023,7 @@ int slapt_update_pkg_cache(const slapt_rc_config *global_config)
} else if (verified == SLAPT_CHECKSUMS_MISSING_KEY) {
printf("%s\n",gettext("No key for verification"));
} else {
- printf("%s\n",gettext("Not Verified"));
+ printf("%s\n",gettext(slapt_strerror(verified)));
source_dl_failed = 1;
fclose(tmp_checksum_f);
tmp_checksum_f = NULL;