On 3/10/19 12:40 am, Jonas Witschel wrote:
> Currently pacman relies on the SKS keyserver network to fetch unknown
> PGP keys. These keyservers are vulnerable to signature spamming attacks,
> potentionally making it impossible to import the required keys. An
> alternative to keyservers is a so-called Web Key Directory (WKD), a
> well-known, trusted location on a server from where the keys can be
> fetched.
>
> This commit adds the ability to retrieve keys from a WKD. Due to the
> mentioned vulnerabilities, the WKD is tried first, falling back to the
> keyservers only if no appropriate key is found there.
>
> In contrast to keyservers, keys in a WKD are not looked up using their
> fingerprint, but by email address. Since the email address of the
> signing key is usually not included in the signature, we will use the
> packager email address to perform the lookup.
>
> Also see FS#63171.
>
> Signed-off-by: Jonas Witschel <diabo...@archlinux.org>
> ---
> lib/libalpm/signing.c | 96 +++++++++++++++++++++++++++++++++++++------
> 1 file changed, 83 insertions(+), 13 deletions(-)
>
Thanks - looks good apart from one change I made:
> + /* Try to import the key from a WKD first */
> + email_from_uid(uid, &email);
> + ret = key_import_wkd(handle, email);
CC libalpm_la-signing.lo
signing.c: In function ‘_alpm_key_import’:
signing.c:285:12: error: ‘email’ may be used uninitialized in this
function [-Werror=maybe-uninitialized]
285 | gpg_err = gpgme_get_key(ctx, email, &key, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
signing.c:506:8: note: ‘email’ was declared here
506 | char *email;
| ^~~~~
cc1: all warnings being treated as errors
if(email_from_uid(uid, &email) == 0) {
ret = key_import_wkd(handle, email);
}
