New utility: xbps-rkeys(8) to manage RSA public keys.

lib/initend.c

@@ -253,10 +253,13 @@ xbps_end(struct xbps_handle *xhp)
 
 	xbps_pkgdb_release(xhp);
 	xbps_rpool_release(xhp);
-	xbps_fetch_unset_cache_connection();
-	if (xhp->pkgdb_revdeps != NULL)
-		xbps_object_release(xhp->pkgdb_revdeps);
 
+	if (xbps_object_type(xhp->pkgdb_revdeps) != XBPS_TYPE_UNKNOWN)
+		xbps_object_release(xhp->pkgdb_revdeps);
+	if (xbps_object_type(xhp->repokeys) != XBPS_TYPE_UNKNOWN)
+		xbps_object_release(xhp->repokeys);
+
+	xbps_fetch_unset_cache_connection();
 	cfg_free(xhp->cfg);
 	free(xhp->cachedir_priv);
 	free(xhp->metadir_priv);

lib/repo.c

@@ -172,6 +172,24 @@ xbps_repo_open_idxfiles(struct xbps_repo *repo)
 	repo->idxfiles = repo_get_dict(repo, XBPS_REPOIDX_FILES);
 }
 
+void HIDDEN
+xbps_repo_invalidate(struct xbps_repo *repo)
+{
+	if (repo->ar != NULL) {
+		archive_read_finish(repo->ar);
+		repo->ar = NULL;
+	}
+	if (repo->idx != NULL) {
+		xbps_object_release(repo->idx);
+		repo->idx = NULL;
+	}
+	if (repo->idxfiles != NULL) {
+		xbps_object_release(repo->idxfiles);
+		repo->idxfiles = NULL;
+	}
+	repo->is_verified = false;
+}
+
 void
 xbps_repo_close(struct xbps_repo *repo)
 {

lib/repo_keys.c

@@ -36,7 +36,7 @@
 
 #include "xbps_api_impl.h"
 
-int HIDDEN
+int
 xbps_repo_key_import(struct xbps_repo *repo)
 {
 	xbps_dictionary_t repokeyd, newmetad = NULL;
@@ -58,8 +58,8 @@ xbps_repo_key_import(struct xbps_repo *repo)
 	/*
 	 * Check if the public key has been stored for this repository.
 	 */
+	rkeypath = xbps_xasprintf("%s/%s", repo->xhp->metadir, XBPS_REPOKEYS);
 	if (repo->xhp->repokeys == NULL) {
-		rkeypath = xbps_xasprintf("%s/%s", repo->xhp->metadir, XBPS_REPOKEYS);
 		repo->xhp->repokeys = xbps_dictionary_internalize_from_file(rkeypath);
 		if (xbps_object_type(repo->xhp->repokeys) != XBPS_TYPE_DICTIONARY)
 			repo->xhp->repokeys = xbps_dictionary_create();

lib/rpool.c

@@ -78,23 +78,9 @@ xbps_rpool_init(struct xbps_handle *xhp)
 				rp->repo->is_remote = true;
 		}
 		if (rp->repo->is_remote) {
-			/*
-			 * Import the RSA public key (if it's signed).
-			 */
-			retval = xbps_repo_key_import(rp->repo);
-			if (retval == EAGAIN) {
-				/* signed but public key was not imported */
-				xbps_dbg_printf(xhp, "[rpool] `%s': public-key not yet imported.\n", repouri);
-				rp->repo->is_signed = true;
-				rp->repo->is_verified = false;
-			} else if (retval != 0 && retval != EAGAIN) {
-				/* any error */
-				xbps_dbg_printf(xhp, "[rpool] %s: key_import %s\n",
-				    repouri, strerror(retval));
-			}
 			if (!rp->repo->is_signed) {
 				/* ignore unsigned repositories */
-				xbps_repo_close(rp->repo);
+				xbps_repo_invalidate(rp->repo);
 			} else {
 				/*
 				 * Check the repository index signature against
@@ -107,13 +93,12 @@ xbps_rpool_init(struct xbps_handle *xhp)
 				} else if (retval == EPERM) {
 					/* signed, unverified */
 					xbps_set_cb_state(xhp, XBPS_STATE_REPO_SIGUNVERIFIED, 0, NULL, NULL);
-					xbps_repo_close(rp->repo);
-					rp->repo->is_verified = false;
+					xbps_repo_invalidate(rp->repo);
 				} else {
 					/* any error */
 					xbps_dbg_printf(xhp, "[rpool] %s: key_verify %s\n",
 					    repouri, strerror(retval));
-					xbps_repo_close(rp->repo);
+					xbps_repo_invalidate(rp->repo);
 				}
 			}
 		}
@@ -155,8 +140,6 @@ xbps_rpool_release(struct xbps_handle *xhp)
 		free(rp->repo);
 		free(rp);
 	}
-	xbps_object_release(xhp->repokeys);
-	xhp->repokeys = NULL;
 	xhp->rpool_initialized = false;
 	xbps_dbg_printf(xhp, "[rpool] released ok.\n");
 }