From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 22 Jul 2021 12:35:18 +0000 (+0000)
Subject: archive: Add scaffolding to return keys on verify
X-Git-Tag: 0.9.28~1024
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5fa89cc958ad925a5892ed2c13d207c9fa93d090;p=pakfire.git

archive: Add scaffolding to return keys on verify

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/_pakfire/archive.c b/src/_pakfire/archive.c
index 979b5226c..50d2872b9 100644
--- a/src/_pakfire/archive.c
+++ b/src/_pakfire/archive.c
@@ -104,7 +104,7 @@ static PyObject* Archive_verify(ArchiveObject* self) {
 	pakfire_archive_verify_status_t status;
 
 	// Verify this archive
-	int r = pakfire_archive_verify(self->archive, &status);
+	int r = pakfire_archive_verify(self->archive, &status, NULL);
 	if (r) {
 		PyErr_SetFromErrno(PyExc_OSError);
 		return NULL;
diff --git a/src/libpakfire/archive.c b/src/libpakfire/archive.c
index a95bb0c05..afa7a5c2b 100644
--- a/src/libpakfire/archive.c
+++ b/src/libpakfire/archive.c
@@ -1534,7 +1534,8 @@ ERROR:
 /*
 	This function walks through the archive looking for signatures and verifies them
 */
-static int pakfire_archive_verify_signatures(struct pakfire_archive* archive) {
+static int pakfire_archive_verify_signatures(struct pakfire_archive* archive,
+		struct pakfire_key*** keys) {
 	char* buffer = NULL;
 	size_t size = 0;
 
@@ -1575,26 +1576,37 @@ ERROR:
 }
 
 PAKFIRE_EXPORT int pakfire_archive_verify(struct pakfire_archive* archive,
-		pakfire_archive_verify_status_t* status) {
+		pakfire_archive_verify_status_t* status, struct pakfire_key*** keys) {
+	int r;
+
 	DEBUG(archive->pakfire, "Verifying archive %p\n", archive);
 
 	// Return previous result if this has already been called
 	if (archive->verify == PAKFIRE_ARCHIVE_VERIFY_UNKNOWN) {
 		// Verify all signatures
-		int r = pakfire_archive_verify_signatures(archive);
+		int r = pakfire_archive_verify_signatures(archive, keys);
 		if (r)
-			return r;
+			goto ERROR;
 
 		// Verify checksums
 		r = pakfire_archive_verify_checksums(archive, PAKFIRE_ARCHIVE_VERIFY_BEST);
 		if (r)
-			return r;
+			goto ERROR;
 	}
 
 	// Store result
 	*status = archive->verify;
 
 	return 0;
+
+ERROR:
+	if (keys && *keys) {
+		for (struct pakfire_key** key = *keys; *key; key++)
+			pakfire_key_unref(*key);
+		free(*keys);
+	}
+
+	return r;
 }
 
 PAKFIRE_EXPORT const char* pakfire_archive_verify_strerror(pakfire_archive_verify_status_t status) {
diff --git a/src/libpakfire/include/pakfire/archive.h b/src/libpakfire/include/pakfire/archive.h
index 63fd3b0a1..21ee3e6c6 100644
--- a/src/libpakfire/include/pakfire/archive.h
+++ b/src/libpakfire/include/pakfire/archive.h
@@ -26,6 +26,7 @@
 struct pakfire_archive;
 
 #include <pakfire/filelist.h>
+#include <pakfire/key.h>
 #include <pakfire/package.h>
 #include <pakfire/repo.h>
 #include <pakfire/scriptlet.h>
@@ -59,7 +60,7 @@ unsigned int pakfire_archive_get_format(struct pakfire_archive* archive);
 struct pakfire_filelist* pakfire_archive_get_filelist(struct pakfire_archive* archive);
 
 int pakfire_archive_verify(struct pakfire_archive* archive,
-	pakfire_archive_verify_status_t* status);
+	pakfire_archive_verify_status_t* status, struct pakfire_key*** keys);
 const char* pakfire_archive_verify_strerror(pakfire_archive_verify_status_t status);
 int pakfire_archive_sign(struct pakfire_archive* archive, struct pakfire_key* key);
 
diff --git a/src/libpakfire/transaction.c b/src/libpakfire/transaction.c
index 7dce2034d..923541662 100644
--- a/src/libpakfire/transaction.c
+++ b/src/libpakfire/transaction.c
@@ -581,7 +581,7 @@ static int pakfire_transaction_verify(struct pakfire_transaction* transaction,
 	pakfire_archive_verify_status_t status;
 
 	// Verify the archive
-	int r = pakfire_archive_verify(archive, &status);
+	int r = pakfire_archive_verify(archive, &status, NULL);
 	if (r)
 		return r;