From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 9 Jul 2021 15:21:17 +0000 (+0000)
Subject: archive: verify: Return status as an argument
X-Git-Tag: 0.9.28~1057
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2b1e88a01b97c446903cb3bcba879e4e7ad5e70;p=pakfire.git

archive: verify: Return status as an argument

This avoids that it can be confused with any error code that is being
returned.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/_pakfire/archive.c b/src/_pakfire/archive.c
index 2745d1b3a..3e3d25e4f 100644
--- a/src/_pakfire/archive.c
+++ b/src/_pakfire/archive.c
@@ -100,14 +100,28 @@ static PyObject* Archive_read(ArchiveObject* self, PyObject* args) {
 }
 
 static PyObject* Archive_verify(ArchiveObject* self) {
-	pakfire_archive_verify_status_t status = pakfire_archive_verify(self->archive);
+	pakfire_archive_verify_status_t status;
 
-	// Return True if everything is fine
-	if (status == PAKFIRE_ARCHIVE_VERIFY_OK || status == PAKFIRE_ARCHIVE_VERIFY_KEY_EXPIRED)
-		Py_RETURN_TRUE;
+	// Verify this archive
+	int r = pakfire_archive_verify(self->archive, &status);
+	if (r) {
+		PyErr_SetFromErrno(PyExc_OSError);
+		return NULL;
+	}
 
-	// Raise an exception if not okay
-	PyErr_SetString(PyExc_BadSignatureError, pakfire_archive_verify_strerror(status));
+	// Evaluate result
+	switch (status) {
+		// Good
+		case PAKFIRE_ARCHIVE_VERIFY_OK:
+		case PAKFIRE_ARCHIVE_VERIFY_KEY_EXPIRED:
+			Py_RETURN_TRUE;
+
+		// Bad
+		default:
+			PyErr_SetString(PyExc_BadSignatureError,
+				pakfire_archive_verify_strerror(status));
+			break;
+	}
 
 	return NULL;
 }
diff --git a/src/libpakfire/archive.c b/src/libpakfire/archive.c
index 084b96011..f58e197cf 100644
--- a/src/libpakfire/archive.c
+++ b/src/libpakfire/archive.c
@@ -1317,24 +1317,27 @@ ERROR:
 	return r;
 }
 
-PAKFIRE_EXPORT pakfire_archive_verify_status_t pakfire_archive_verify(struct pakfire_archive* archive) {
+PAKFIRE_EXPORT int pakfire_archive_verify(struct pakfire_archive* archive,
+		pakfire_archive_verify_status_t* status) {
 	DEBUG(archive->pakfire, "Verifying archive %p\n", archive);
 
 	// Return previous result if this has already been called
-	if (archive->verify != PAKFIRE_ARCHIVE_VERIFY_UNKNOWN)
-		return archive->verify;
-
-	int r = pakfire_archive_verify_signatures(archive);
-	if (r)
-		return r;
+	if (archive->verify == PAKFIRE_ARCHIVE_VERIFY_UNKNOWN) {
+		// Verify all sigantures
+		int r = pakfire_archive_verify_signatures(archive);
+		if (r)
+			return r;
+	}
 
-	return PAKFIRE_ARCHIVE_VERIFY_OK; // XXX DEBUG
+	// Store result
+	*status = archive->verify;
 
-	int status = 0;
+	return 0;
 
+#if 0
 	// Open the archive file
 	struct archive* a;
-	r = open_archive(archive, &a);
+	int r = open_archive(archive, &a);
 	if (r)
 		return PAKFIRE_ARCHIVE_VERIFY_ERROR;
 
diff --git a/src/libpakfire/include/pakfire/archive.h b/src/libpakfire/include/pakfire/archive.h
index d088b93a3..ca072c0c4 100644
--- a/src/libpakfire/include/pakfire/archive.h
+++ b/src/libpakfire/include/pakfire/archive.h
@@ -58,7 +58,8 @@ unsigned int pakfire_archive_get_format(struct pakfire_archive* archive);
 
 struct pakfire_filelist* pakfire_archive_get_filelist(struct pakfire_archive* archive);
 
-pakfire_archive_verify_status_t pakfire_archive_verify(struct pakfire_archive* archive);
+int pakfire_archive_verify(struct pakfire_archive* archive,
+	pakfire_archive_verify_status_t* status);
 const char* pakfire_archive_verify_strerror(pakfire_archive_verify_status_t status);
 
 size_t pakfire_archive_get_size(struct pakfire_archive* archive);
diff --git a/src/libpakfire/transaction.c b/src/libpakfire/transaction.c
index 2010ceacb..7dce2034d 100644
--- a/src/libpakfire/transaction.c
+++ b/src/libpakfire/transaction.c
@@ -578,16 +578,29 @@ static int pakfire_transaction_verify(struct pakfire_transaction* transaction,
 	if (!archive)
 		return 0;
 
+	pakfire_archive_verify_status_t status;
+
 	// Verify the archive
-	pakfire_archive_verify_status_t status = pakfire_archive_verify(archive);
+	int r = pakfire_archive_verify(archive, &status);
+	if (r)
+		return r;
+
+	// This function will return a binary status which is zero for success and
+	// anything else for errors, etc...
+	switch (status) {
+		// Good
+		case PAKFIRE_ARCHIVE_VERIFY_OK:
+		case PAKFIRE_ARCHIVE_VERIFY_KEY_EXPIRED:
+			return 0;
 
-	// Log error
-	if (status) {
-		const char* error = pakfire_archive_verify_strerror(status);
-		ERROR(transaction->pakfire, "Archive verification failed: %s\n", error);
+		// Bad
+		default:
+			ERROR(transaction->pakfire, "Archive verification failed: %s\n",
+				pakfire_archive_verify_strerror(status));
+			break;
 	}
 
-	return status;
+	return 1;
 }
 
 static int pakfire_transaction_run_script(struct pakfire_transaction* transaction,