mbox

[pacman-dev,v3,0/3] Manage signing keys using a WKD (FS#63171)

Message ID 20191002144056.61623-1-diabonas@archlinux.org
Headers show

Message

Jonas Witschel Oct. 2, 2019, 2:40 p.m. UTC
Based on the feedback on #archlinux-pacman, I have reworked the WKD
patches: we now ask the user whether they want to import a missing PGP
key before doing any remote lookup, which eliminates the need for a
second temporary keyring. Without a remote lookup, we only know the ID
of the package signing key, so we display the packager in addition to
the key ID for user convenience.

This patch series entirely replaces all previously sent patches
regarding WKD support.

- PATCH v3 1/3 restructures the user confirmation in the described way.
  It incorporates the previous patches 3/5 and 4/5 because to have a
  standalone patch, we need to retrieve the user ID to display a
  user-friendly confirmation message. Other than that, it's mostly moving
  existing code around to fit the new workflow.

- PATCH v3 2/3 is a simplified version of the previous patch 2/5, since
  doing the confirmation first allows us to drop the temporary keyring.
  Note that in contrast to the previous approach, we don't check any more
  whether the key retrieved from the WKD has the correct key ID, it is now
  the responsibility of the WKD maintainer to ensure this. The reason for
  this change is that at the time we are able to check the key ID, we have
  already imported the key anyway.

- PATCH v3 3/3 is unchanged from "[PATCH v2] libmakepkg: check if
  PACKAGER has the expected format for WKD lookup", included simply for
  the convenience of having a complete patch series.

Jonas Witschel (3):
  signing: move key import confirmation before key_search
  signing: add ability to import keys using a WKD
  libmakepkg: check if PACKAGER has the expected format for WKD lookup

 lib/libalpm/be_package.c                      |  12 +-
 lib/libalpm/signing.c                         | 120 ++++++++++++++----
 lib/libalpm/signing.h                         |   2 +-
 lib/libalpm/sync.c                            |  22 +++-
 scripts/libmakepkg/lint_config/variable.sh.in |   6 +
 src/pacman/callback.c                         |  13 +-
 6 files changed, 136 insertions(+), 39 deletions(-)