libalpm_sig(3)

Library Functions Manual

libalpm_sig(3)

NAME

libalpm_sig - Signature checking

- Functions to check signatures

SYNOPSIS

Data Structures

struct alpm_pgpkey_t
A PGP key. struct alpm_sigresult_t
Signature result. struct alpm_siglist_t
Signature list.

enum alpm_siglevel_t { ALPM_SIG_PACKAGE = (1 << 0), ALPM_SIG_PACKAGE_OPTIONAL = (1 << 1), ALPM_SIG_PACKAGE_MARGINAL_OK = (1 << 2), ALPM_SIG_PACKAGE_UNKNOWN_OK = (1 << 3), ALPM_SIG_DATABASE = (1 << 10), ALPM_SIG_DATABASE_OPTIONAL = (1 << 11), ALPM_SIG_DATABASE_MARGINAL_OK = (1 << 12), ALPM_SIG_DATABASE_UNKNOWN_OK = (1 << 13), ALPM_SIG_USE_DEFAULT = (1 << 30) }
PGP signature verification options. enum alpm_sigstatus_t { ALPM_SIGSTATUS_VALID, ALPM_SIGSTATUS_KEY_EXPIRED, ALPM_SIGSTATUS_SIG_EXPIRED, ALPM_SIGSTATUS_KEY_UNKNOWN, ALPM_SIGSTATUS_KEY_DISABLED, ALPM_SIGSTATUS_INVALID }
PGP signature verification status return codes. enum alpm_sigvalidity_t { ALPM_SIGVALIDITY_FULL, ALPM_SIGVALIDITY_MARGINAL, ALPM_SIGVALIDITY_NEVER, ALPM_SIGVALIDITY_UNKNOWN }
The trust level of a PGP key.

Functions

int alpm_pkg_check_pgp_signature (alpm_pkg_t *pkg, alpm_siglist_t *siglist)
Check the PGP signature for the given package file. int alpm_db_check_pgp_signature (alpm_db_t *db, alpm_siglist_t *siglist)
Check the PGP signature for the given database. int alpm_siglist_cleanup (alpm_siglist_t *siglist)
Clean up and free a signature result list. int alpm_decode_signature (const char *base64_data, unsigned char **data, size_t *data_len)
Decode a loaded signature in base64 form. int alpm_extract_keyid (alpm_handle_t *handle, const char *identifier, const unsigned char *sig, const size_t len, alpm_list_t **keys)
Extract the Issuer Key ID from a signature.

Detailed Description

Functions to check signatures

Data Structure Documentation

struct alpm_pgpkey_t

A PGP key.

Data Fields:

alpm_time_t created When the key was created.

void * data The actual key data.

char * email Email of the key's owner.

alpm_time_t expires When the key expires.

char * fingerprint The key's fingerprint.

unsigned int length The length of the key.

char * name Name of the key's owner.

char pubkey_algo A character representing the encryption algorithm used by the public key.
? = unknown R = RSA D = DSA E = EDDSA

unsigned int revoked has the key been revoked

char * uid UID of the key.

struct alpm_sigresult_t

Signature result.

Contains the key, status, and validity of a given signature.

Data Fields:

alpm_pgpkey_t key The key of the signature.

alpm_sigstatus_t status The status of the signature.

alpm_sigvalidity_t validity The validity of the signature.

struct alpm_siglist_t

Signature list.

Contains the number of signatures found and a pointer to an array of results. The array is of size count.

Data Fields:

size_t count The amount of results in the array.

alpm_sigresult_t * results An array of sigresults.

Enumeration Type Documentation

enum alpm_siglevel_t

PGP signature verification options.

Enumerator

ALPM_SIG_PACKAGE: Packages require a signature.
ALPM_SIG_PACKAGE_OPTIONAL: Packages do not require a signature, but check packages that do have signatures.
ALPM_SIG_PACKAGE_UNKNOWN_OK: Allow packages with signatures that are unknown trust.
ALPM_SIG_DATABASE: Databases require a signature.
ALPM_SIG_DATABASE_OPTIONAL: Databases do not require a signature, but check databases that do have signatures.
ALPM_SIG_DATABASE_MARGINAL_OK: Allow databases with signatures that are marginal trust.
ALPM_SIG_DATABASE_UNKNOWN_OK: Allow databases with signatures that are unknown trust.
ALPM_SIG_USE_DEFAULT: The Default siglevel.

enum alpm_sigstatus_t

PGP signature verification status return codes.

Enumerator

ALPM_SIGSTATUS_VALID: Signature is valid.
ALPM_SIGSTATUS_KEY_EXPIRED: The key has expired.
ALPM_SIGSTATUS_SIG_EXPIRED: The signature has expired.
ALPM_SIGSTATUS_KEY_UNKNOWN: The key is not in the keyring.
ALPM_SIGSTATUS_KEY_DISABLED: The key has been disabled.
ALPM_SIGSTATUS_INVALID: The signature is invalid.

enum alpm_sigvalidity_t

The trust level of a PGP key.

Enumerator

ALPM_SIGVALIDITY_FULL: The signature is fully trusted.
ALPM_SIGVALIDITY_MARGINAL: The signature is marginally trusted.
ALPM_SIGVALIDITY_NEVER: The signature is never trusted.
ALPM_SIGVALIDITY_UNKNOWN: The signature has unknown trust.

Function Documentation

int alpm_db_check_pgp_signature (alpm_db_t * db, alpm_siglist_t * siglist)

Check the PGP signature for the given database.

Parameters

db the database to check
siglist a pointer to storage for signature results

Returns

0 if valid, -1 if an error occurred or signature is invalid

int alpm_decode_signature (const char * base64_data, unsigned char ** data, size_t * data_len)

Decode a loaded signature in base64 form.

Parameters

base64_data the signature to attempt to decode
data the decoded data; must be freed by the caller
data_len the length of the returned data

Returns

0 on success, -1 on failure to properly decode

int alpm_extract_keyid (alpm_handle_t * handle, const char * identifier, const unsigned char * sig, const size_t len, alpm_list_t ** keys)

Extract the Issuer Key ID from a signature.

Parameters

handle the context handle
identifier the identifier of the key. This may be the name of the package or the path to the package.
sig PGP signature
len length of signature
keys a pointer to storage for key IDs

Returns

0 on success, -1 on error

int alpm_pkg_check_pgp_signature (alpm_pkg_t * pkg, alpm_siglist_t * siglist)

Check the PGP signature for the given package file.

Parameters

pkg the package to check
siglist a pointer to storage for signature results

Returns

0 if valid, -1 if an error occurred or signature is invalid

int alpm_siglist_cleanup (alpm_siglist_t * siglist)

Clean up and free a signature result list. Note that this does not free the siglist object itself in case that was allocated on the stack; this is the responsibility of the caller.

Parameters

siglist a pointer to storage for signature results

Returns

0 on success, -1 on error

Author

Generated automatically by Doxygen for libalpm from the source code.

libalpm