On 18/7/19 6:06 am, Jonas Witschel wrote:
> We assume that the packager is of the form
> "Example Name <[email protected]>" and that the key used to sign the
> package can be resolved using WKD with this address. This means that the
> package signing key should have one user ID with the given email
> address, which does not need to be a valid address, but needs to be
> published in the WKD.
>
> Signed-off-by: Jonas Witschel <[email protected]>
> ---
> lib/libalpm/sync.c | 9 +++++++--
> lib/libalpm/util.c | 23 +++++++++++++++++++++++
> lib/libalpm/util.h | 1 +
> 3 files changed, 31 insertions(+), 2 deletions(-)
>
> diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
> index efad77ba..02acdf6d 100644
> --- a/lib/libalpm/sync.c
> +++ b/lib/libalpm/sync.c
> @@ -872,6 +872,7 @@ static int check_keyring(alpm_handle_t *handle)
> size_t current = 0, numtargs;
> alpm_list_t *i, *errors = NULL;
> alpm_event_t event;
> + char *email;
>
> event.type = ALPM_EVENT_KEYRING_START;
> EVENT(handle, &event);
> @@ -905,6 +906,8 @@ static int check_keyring(alpm_handle_t *handle)
> char *key = k->data;
> if(!alpm_list_find_str(errors,
> key) &&
>
> _alpm_key_in_keychain(handle, key) == 0) {
> +
> _alpm_email_from_uid(pkg->packager, &email);
> + errors =
> alpm_list_add(errors, email);
> errors =
> alpm_list_add(errors, strdup(key));
I don't like this. Storing two strings as adjacent items in the list.
I'd prefer a small two item struct.
Any other opinions on this?
<snip>
> }
> diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c
> index d33eef2a..2089f84d 100644
> --- a/lib/libalpm/util.c
> +++ b/lib/libalpm/util.c
> @@ -1491,3 +1491,26 @@ void _alpm_alloc_fail(size_t size)
> {
> fprintf(stderr, "alloc failure: could not allocate %zu bytes\n", size);
> }
> +
> +/** Extract the email address from a User ID
> + * @param uid User ID to parse in the form "Example Name
> <[email protected]>"
> + * @param email to hold email address
> + * @return 0 on success, -1 on error
> + */
> +int _alpm_email_from_uid(const char *uid, char **email)
> +{
> + char *start, *end;
> +
> + start = strrchr(uid, '<');
This makes a strong assumption that "<" is not used within an email
address. The use of that character is technically valid, provided it is
quoted.
I am happy with that assumption, but we need to add a check in
libmakpkeg to reject emails containing it.
In fact, our PACKAGER variable has no enforced format at all...
> + if(start) {
> + end = strrchr(start, '>');
> + }
> +
> + if(start && end) {
> + STRNDUP(*email, start+1, end-start-1, return -1);
> + return 0;
> + } else {
> + email = NULL;
> + return -1;
> + }
> +}
> diff --git a/lib/libalpm/util.h b/lib/libalpm/util.h
> index 9a3942f1..1190f10f 100644
> --- a/lib/libalpm/util.h
> +++ b/lib/libalpm/util.h
> @@ -147,6 +147,7 @@ int _alpm_fnmatch_patterns(alpm_list_t *patterns, const
> char *string);
> int _alpm_fnmatch(const void *pattern, const void *string);
> void *_alpm_realloc(void **data, size_t *current, const size_t required);
> void *_alpm_greedy_grow(void **data, size_t *current, const size_t required);
> +int _alpm_email_from_uid(const char *uid, char **email);
Rename to:
_alpm_email_from_packager()
>
> #ifndef HAVE_STRSEP
> char *strsep(char **, const char *);
> --
> 2.22.0
> .
>
