reduce misuse of error codes from errno.h

2021-06-19 16:09:30 +03:00 · 2021-06-19 16:09:30 +03:00 · d89c219173
parent 17684141fe
commit d89c219173
17 changed files with 141 additions and 118 deletions
--- a/src/adb.c
+++ b/src/adb.c
@ -20,9 +20,9 @@ static inline struct adb_block *adb_block_validate(struct adb_block *blk, apk_bl
 {
 	size_t pos = (char *)blk - b.ptr;
 	if (pos == b.len) return NULL;
-	if (sizeof(struct adb_block) > b.len - pos) return ERR_PTR(-EBADMSG);
+	if (sizeof(struct adb_block) > b.len - pos) return ERR_PTR(-APKE_ADB_BLOCK);
-	if (adb_block_rawsize(blk) < sizeof(struct adb_block)) return ERR_PTR(-EBADMSG);
+	if (adb_block_rawsize(blk) < sizeof(struct adb_block)) return ERR_PTR(-APKE_ADB_BLOCK);
-	if (adb_block_size(blk) > b.len - pos) return ERR_PTR(-EBADMSG);
+	if (adb_block_size(blk) > b.len - pos) return ERR_PTR(-APKE_ADB_BLOCK);
 	return blk;
 }
@ -69,7 +69,7 @@ static int __adb_m_parse(struct adb *db, struct apk_trust *t)
 {
 	struct adb_verify_ctx vfy = {};
 	struct adb_block *blk;
-	int r = -EBADMSG;
+	int r = -APKE_ADB_BLOCK;
 	int trusted = t ? 0 : 1;
 	adb_foreach_block(blk, db->data) {
@ -91,7 +91,7 @@ static int __adb_m_parse(struct adb *db, struct apk_trust *t)
 		}
 	}
 	if (IS_ERR(blk)) r = PTR_ERR(blk);
-	else if (!trusted) r = -ENOKEY;
+	else if (!trusted) r = -APKE_SIGNATURE_UNTRUSTED;
 	else if (db->adb.ptr) r = 0;
 	if (r != 0) {
@ -110,7 +110,7 @@ int adb_m_map(struct adb *db, int fd, uint32_t expected_schema, struct apk_trust
 {
 	struct stat st;
 	struct adb_header *hdr;
-	int r = -EBADMSG;
+	int r = -APKE_ADB_HEADER;
 	if (fstat(fd, &st) != 0) return -errno;
 	if (st.st_size < sizeof *hdr) return -EIO;
@ -152,8 +152,8 @@ int adb_m_stream(struct adb *db, struct apk_istream *is, uint32_t expected_schem
 	do {
 		r = apk_istream_read(is, &blk, sizeof blk);
 		if (r == 0) {
-			if (!trusted) r = -ENOKEY;
+			if (!trusted) r = -APKE_SIGNATURE_UNTRUSTED;
-			else if (!db->adb.ptr) r = -ENOMSG;
+			else if (!db->adb.ptr) r = -APKE_ADB_BLOCK;
 			goto done;
 		}
 		if (r < 0 || r != sizeof blk) goto err;
@ -183,7 +183,7 @@ int adb_m_stream(struct adb *db, struct apk_istream *is, uint32_t expected_schem
 		case ADB_BLOCK_DATA:
 			if (APK_BLOB_IS_NULL(db->adb)) goto bad_msg;
 			if (!trusted) {
-				r = -ENOKEY;
+				r = -APKE_SIGNATURE_UNTRUSTED;
 				goto err;
 			}
 			r = datacb(db, adb_block_length(&blk),
@ -199,9 +199,9 @@ int adb_m_stream(struct adb *db, struct apk_istream *is, uint32_t expected_schem
 		}
 	} while (1);
 bad_msg:
-	r = -EBADMSG;
+	r = -APKE_ADB_BLOCK;
 err:
-	if (r >= 0) r = -EBADMSG;
+	if (r >= 0) r = -APKE_ADB_BLOCK;
 done:
 	apk_istream_close(is);
 	return r;
@ -675,13 +675,13 @@ adb_val_t adb_w_fromstring(struct adb *db, const uint8_t *kind, apk_blob_t val)
 		struct adb_obj obj;
 		struct adb_object_schema *schema = container_of(kind, struct adb_object_schema, kind);
 		adb_wo_alloca(&obj, schema, db);
-		if (!schema->fromstring) return ADB_ERROR(EAPKDBFORMAT);
+		if (!schema->fromstring) return ADB_ERROR(APKE_ADB_NO_FROMSTRING);
 		r = schema->fromstring(&obj, val);
 		if (r) return ADB_ERROR(r);
 		return adb_w_obj(&obj);
 		}
 	default:
-		return ADB_ERROR(ENOSYS);
+		return ADB_ERROR(APKE_ADB_NO_FROMSTRING);
 	}
 }
@ -938,6 +938,8 @@ int adb_c_block_data(struct apk_ostream *os, apk_blob_t hdr, uint32_t size, stru
 int adb_c_block_copy(struct apk_ostream *os, struct adb_block *b, struct apk_istream *is, struct adb_verify_ctx *vfy)
 {
 	size_t blk_sz = adb_block_length(b);
 	size_t padding = adb_block_padding(b);
 	int r;
 	r = apk_ostream_write(os, b, sizeof *b);
@ -948,12 +950,16 @@ int adb_c_block_copy(struct apk_ostream *os, struct adb_block *b, struct apk_ist
 		const uint8_t alg = APK_DIGEST_SHA512;
 		apk_digest_ctx_init(&dctx, alg);
-		r = apk_stream_copy(is, os, adb_block_size(b), 0, 0, &dctx);
+		r = apk_stream_copy(is, os, blk_sz, 0, 0, &dctx);
 		apk_digest_ctx_final(&dctx, &vfy->sha512);
 		vfy->calc |= (1 << alg);
 		apk_digest_ctx_free(&dctx);
 	} else {
-		r = apk_stream_copy(is, os, adb_block_size(b), 0, 0, 0);
+		r = apk_stream_copy(is, os, blk_sz, 0, 0, 0);
 	}
 	if (padding) {
 		r = apk_ostream_write(os, padding_zeroes, padding);
 		if (r < 0) return r;
 	}
 	return r;
 }
@ -963,7 +969,7 @@ int adb_c_adb(struct apk_ostream *os, struct adb *db, struct apk_trust *t)
 	if (IS_ERR(os))
 		return apk_ostream_cancel(os, PTR_ERR(os));
 	if (db->hdr.magic != htole32(ADB_FORMAT_MAGIC))
-		return apk_ostream_cancel(os, -EAPKFORMAT);
+		return apk_ostream_cancel(os, -APKE_ADB_HEADER);
 	adb_c_header(os, db);
 	adb_c_block(os, ADB_BLOCK_ADB, db->adb);
@ -989,11 +995,11 @@ static int adb_digest_adb(struct adb_verify_ctx *vfy, unsigned int hash_alg, apk
 		d = &vfy->sha512;
 		break;
 	default:
-		return -ENOTSUP;
+		return -APKE_CRYPTO_NOT_SUPPORTED;
 	}
 	if (!(vfy->calc & (1 << hash_alg))) {
-		if (APK_BLOB_IS_NULL(data)) return -ENOMSG;
+		if (APK_BLOB_IS_NULL(data)) return -APKE_ADB_BLOCK;
 		r = apk_digest_calc(d, hash_alg, data.ptr, data.len);
 		if (r != 0) return r;
 		vfy->calc |= (1 << hash_alg);
@ -1064,12 +1070,12 @@ int adb_trust_verify_signature(struct apk_trust *trust, struct adb *db, struct a
 	struct adb_sign_v0 *sig0;
 	apk_blob_t md;
-	if (APK_BLOB_IS_NULL(db->adb)) return -ENOMSG;
+	if (APK_BLOB_IS_NULL(db->adb)) return -APKE_ADB_BLOCK;
-	if (sigb.len < sizeof(struct adb_sign_hdr)) return -EBADMSG;
+	if (sigb.len < sizeof(struct adb_sign_hdr)) return -APKE_ADB_SIGNATURE;
 	sig  = (struct adb_sign_hdr *) sigb.ptr;
 	sig0 = (struct adb_sign_v0 *) sigb.ptr;
-	if (sig->sign_ver != 0) return -ENOSYS;
+	if (sig->sign_ver != 0) return -APKE_ADB_SIGNATURE;
 	list_for_each_entry(tkey, &trust->trusted_key_list, key_node) {
 		if (memcmp(sig0->id, tkey->key.id, sizeof sig0->id) != 0) continue;
@ -1083,7 +1089,7 @@ int adb_trust_verify_signature(struct apk_trust *trust, struct adb *db, struct a
 		return 0;
 	}
-	return -EKEYREJECTED;
+	return -APKE_SIGNATURE_UNTRUSTED;
 }
 /* Container transformation interface */
@ -1125,9 +1131,9 @@ int adb_c_xfrm(struct adb_xfrm *x, int (*cb)(struct adb_xfrm *, struct adb_block
 		}
 	} while (1);
 bad_msg:
-	r = -EBADMSG;
+	r = -APKE_ADB_BLOCK;
 err:
-	if (r >= 0) r = -EBADMSG;
+	if (r >= 0) r = -APKE_ADB_BLOCK;
 	apk_ostream_cancel(x->os, r);
 	return r;
 }
--- a/src/adb_walk_genadb.c
+++ b/src/adb_walk_genadb.c
@ -10,11 +10,11 @@ static int adb_walk_genadb_schema(struct adb_walk *d, uint32_t schema_id)
 	dt->db.hdr.schema = htole32(schema_id);
 	for (s = d->schemas; s->magic; s++)
 		if (s->magic == schema_id) break;
-	if (!s) return -EAPKDBFORMAT;
+	if (!s) return -APKE_ADB_SCHEMA;
 	adb_wo_init(&dt->objs[0], &dt->vals[0], s->root, &dt->db);
 	dt->num_vals += s->root->num_fields;
-	if (dt->num_vals >= ARRAY_SIZE(dt->vals)) return -E2BIG;
+	if (dt->num_vals >= ARRAY_SIZE(dt->vals)) return -APKE_ADB_LIMIT;
 	dt->nest = 0;
 	return 0;
@ -29,12 +29,12 @@ static int adb_walk_genadb_start_object(struct adb_walk *d)
 {
 	struct adb_walk_genadb *dt = container_of(d, struct adb_walk_genadb, d);
-	if (!dt->db.hdr.schema) return -EAPKDBFORMAT;
+	if (!dt->db.hdr.schema) return -APKE_ADB_SCHEMA;
-	if (dt->nest >= ARRAY_SIZE(dt->objs)) return -EAPKDBFORMAT;
+	if (dt->nest >= ARRAY_SIZE(dt->objs)) return -APKE_ADB_LIMIT;
 	if (dt->curkey[dt->nest] == 0 &&
 	    dt->objs[dt->nest].schema->kind == ADB_KIND_OBJECT)
-		return -EAPKDBFORMAT;
+		return -APKE_ADB_SCHEMA;
 	dt->nest++;
 	adb_wo_init_val(
@ -43,7 +43,7 @@ static int adb_walk_genadb_start_object(struct adb_walk *d)
 	if (*adb_ro_kind(&dt->objs[dt->nest-1], dt->curkey[dt->nest-1]) == ADB_KIND_ADB) {
 		struct adb_adb_schema *schema = container_of(&dt->objs[dt->nest-1].schema->kind, struct adb_adb_schema, kind);
-		if (dt->nestdb >= ARRAY_SIZE(dt->idb)) return -E2BIG;
+		if (dt->nestdb >= ARRAY_SIZE(dt->idb)) return -APKE_ADB_LIMIT;
 		adb_reset(&dt->idb[dt->nestdb]);
 		dt->idb[dt->nestdb].hdr.schema = htole32(schema->schema_id);
 		dt->objs[dt->nest].db = &dt->idb[dt->nestdb];
@ -51,7 +51,7 @@ static int adb_walk_genadb_start_object(struct adb_walk *d)
 	}
 	dt->num_vals += dt->objs[dt->nest].schema->num_fields;
-	if (dt->num_vals >= ARRAY_SIZE(dt->vals)) return -E2BIG;
+	if (dt->num_vals >= ARRAY_SIZE(dt->vals)) return -APKE_ADB_LIMIT;
 	return 0;
 }
@ -102,11 +102,11 @@ static int adb_walk_genadb_key(struct adb_walk *d, apk_blob_t key)
 	uint8_t kind = dt->objs[dt->nest].schema->kind;
 	if (kind != ADB_KIND_OBJECT && kind != ADB_KIND_ADB)
-		return -EAPKDBFORMAT;
+		return -APKE_ADB_SCHEMA;
 	dt->curkey[dt->nest] = adb_s_field_by_name_blob(dt->objs[dt->nest].schema, key);
 	if (dt->curkey[dt->nest] == 0)
-		return -EAPKDBFORMAT;
+		return -APKE_ADB_SCHEMA;
 	return 0;
 }
--- a/src/apk_adb.c
+++ b/src/apk_adb.c
@ -28,7 +28,7 @@ int apk_dep_split(apk_blob_t *b, apk_blob_t *bdep)
 adb_val_t adb_wo_pkginfo(struct adb_obj *obj, unsigned int f, apk_blob_t val)
 {
 	struct apk_checksum csum;
-	adb_val_t v = ADB_ERROR(EAPKFORMAT);
+	adb_val_t v = ADB_ERROR(APKE_ADB_PACKAGE_FORMAT);
 	/* FIXME: get rid of this function, and handle the conversion via schema? */
 	switch (f) {
@ -325,7 +325,7 @@ static int dependency_fromstring(struct adb_obj *obj, apk_blob_t bdep)
 	return 0;
 fail:
-	return -EAPKDEPFORMAT;
+	return -APKE_ADB_DEPENDENCY_FORMAT;
 }
 static int dependency_cmp(const struct adb_obj *o1, const struct adb_obj *o2)
--- a/src/apk_crypto.h
+++ b/src/apk_crypto.h
@ -10,9 +10,9 @@
 #define APK_CRYPTO_H
 #include <assert.h>
 #include <errno.h>
 #include <string.h>
 #include <openssl/evp.h>
 #include "apk_defines.h"
 #include "apk_openssl.h"
 // Digest
@ -75,7 +75,7 @@ static inline int apk_digest_calc(struct apk_digest *d, uint8_t alg, const void
 {
 	unsigned int md_sz = sizeof d->data;
 	if (EVP_Digest(ptr, sz, d->data, &md_sz, apk_digest_alg_to_evp(alg), 0) != 1)
-		return -EIO;
+		return -APKE_CRYPTO_ERROR;
 	d->alg = alg;
 	d->len = md_sz;
 	return 0;
@ -98,14 +98,14 @@ static inline void apk_digest_ctx_free(struct apk_digest_ctx *dctx) {
 }
 static inline int apk_digest_ctx_update(struct apk_digest_ctx *dctx, const void *ptr, size_t sz) {
-	return EVP_DigestUpdate(dctx->mdctx, ptr, sz) == 1 ? 0 : -EIO;
+	return EVP_DigestUpdate(dctx->mdctx, ptr, sz) == 1 ? 0 : -APKE_CRYPTO_ERROR;
 }
 static inline int apk_digest_ctx_final(struct apk_digest_ctx *dctx, struct apk_digest *d) {
 	unsigned int mdlen = sizeof d->data;
 	if (EVP_DigestFinal_ex(dctx->mdctx, d->data, &mdlen) != 1) {
 		apk_digest_reset(d);
-		return -EIO;
+		return -APKE_CRYPTO_ERROR;
 	}
 	d->alg = dctx->alg;
 	d->len = mdlen;
--- a/src/apk_defines.h
+++ b/src/apk_defines.h
@ -13,6 +13,7 @@
 #include <endian.h>
 #include <stdint.h>
 #include <string.h>
 #include <errno.h>
 #include <time.h>
 #define ARRAY_SIZE(x)	(sizeof(x) / sizeof((x)[0]))
@ -32,11 +33,33 @@
 #define NULL 0L
 #endif
-#define EAPKBADURL		1024
+enum {
-#define EAPKSTALEINDEX		1025
+	APKE_EOF = 1024,
-#define EAPKFORMAT		1026
+	APKE_DNS,
-#define EAPKDEPFORMAT		1027
+	APKE_URL_FORMAT,
-#define EAPKDBFORMAT		1028
+	APKE_CRYPTO_ERROR,
 	APKE_CRYPTO_NOT_SUPPORTED,
 	APKE_CRYPTO_KEY_FORMAT,
 	APKE_SIGNATURE_FAIL,
 	APKE_SIGNATURE_UNTRUSTED,
 	APKE_SIGNATURE_INVALID,
 	APKE_ADB_HEADER,
 	APKE_ADB_SCHEMA,
 	APKE_ADB_BLOCK,
 	APKE_ADB_SIGNATURE,
 	APKE_ADB_NO_FROMSTRING,
 	APKE_ADB_LIMIT,
 	APKE_ADB_DEPENDENCY_FORMAT,
 	APKE_ADB_PACKAGE_FORMAT,
 	APKE_V2DB_FORMAT,
 	APKE_V2PKG_FORMAT,
 	APKE_V2PKG_INTEGRITY,
 	APKE_V2NDX_FORMAT,
 	APKE_PACKAGE_NOT_FOUND,
 	APKE_INDEX_STALE,
 	APKE_FILE_INTEGRITY,
 	APKE_UVOL
 };
 static inline void *ERR_PTR(long error) { return (void*) error; }
 static inline void *ERR_CAST(const void *ptr) { return (void*) ptr; }
--- a/src/app_convndx.c
+++ b/src/app_convndx.c
@ -61,7 +61,7 @@ static int load_index(struct conv_ctx *ctx, struct apk_istream *is)
 		apk_istream_gunzip_mpart(is, apk_sign_ctx_mpart_cb, &ctx->sctx),
 		load_apkindex, ctx, apk_ctx_get_id_cache(ctx->ac));
 	apk_sign_ctx_free(&ctx->sctx);
-	if (r >= 0 && ctx->found == 0) r = -ENOMSG;
+	if (r >= 0 && ctx->found == 0) r = -APKE_V2NDX_FORMAT;
 	return r;
 }
--- a/src/app_extract.c
+++ b/src/app_extract.c
@ -97,7 +97,7 @@ static int uvol_run(struct apk_ctx *ac, char *action, char *volname, char *arg1,
 	waitpid(pid, &status, 0);
 	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
 		apk_err(out, "%s: uvol exited with error %d", volname, WEXITSTATUS(status));
-		return -EIO;
+		return -APKE_UVOL;
 	}
 	return 0;
 }
@ -124,7 +124,7 @@ static int uvol_extract(struct apk_ctx *ac, char *action, char *volname, char *a
 	r = apk_istream_splice(is, pipefds[1], sz, 0, 0, dctx);
 	close(pipefds[1]);
 	if (r != sz) {
-		if (r >= 0) r = -EIO;
+		if (r >= 0) r = -APKE_UVOL;
 		apk_err(out, "%s: uvol write error: %s", volname, apk_error_str(r));
 		return r;
 	}
@ -132,7 +132,7 @@ static int uvol_extract(struct apk_ctx *ac, char *action, char *volname, char *a
 	waitpid(pid, &status, 0);
 	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
 		apk_err(out, "%s: uvol exited with error %d", volname, WEXITSTATUS(status));
-		return -EIO;
+		return -APKE_UVOL;
 	}
 	return 0;
@ -172,7 +172,7 @@ static int apk_extract_file(struct extract_ctx *ctx, off_t sz, struct apk_istrea
 	int r;
 	apk_digest_from_blob(&fi.digest, adb_ro_blob(&ctx->file, ADBI_FI_HASHES));
-	if (fi.digest.alg == APK_DIGEST_NONE) return -EAPKFORMAT;
+	if (fi.digest.alg == APK_DIGEST_NONE) return -APKE_ADB_SCHEMA;
 	apk_extract_acl(&fi, adb_ro_obj(&ctx->file, ADBI_FI_ACL, &acl), apk_ctx_get_id_cache(ctx->ac));
 	fi.mode |= S_IFREG;
@ -187,7 +187,7 @@ static int apk_extract_file(struct extract_ctx *ctx, off_t sz, struct apk_istrea
 	apk_digest_ctx_final(&dctx, &d);
 	apk_digest_ctx_free(&dctx);
 	if (r != 0) return r;
-	if (apk_digest_cmp(&fi.digest, &d) != 0) return -EAPKDBFORMAT;
+	if (apk_digest_cmp(&fi.digest, &d) != 0) return -APKE_FILE_INTEGRITY;
 	return 0;
 }
@ -260,7 +260,7 @@ static int apk_extract_data_block(struct adb *db, size_t sz, struct apk_istream
 	r = apk_extract_next_file(ctx);
 	if (r != 0) {
-		if (r > 0) r = -EAPKFORMAT;
+		if (r > 0) r = -APKE_ADB_BLOCK;
 		return r;
 	}
@ -272,7 +272,7 @@ static int apk_extract_data_block(struct adb *db, size_t sz, struct apk_istream
 	    hdr->file_idx != ctx->cur_file ||
 	    sz != adb_ro_int(&ctx->file, ADBI_FI_SIZE)) {
 		// got data for some unexpected file
-		return -EAPKFORMAT;
+		return -APKE_ADB_BLOCK;
 	}
 	return apk_extract_file(ctx, sz, is);
@ -289,7 +289,7 @@ static int apk_extract_pkg(struct extract_ctx *ctx, const char *fn)
 		ADB_SCHEMA_PACKAGE, trust, apk_extract_data_block);
 	if (r == 0) {
 		r = apk_extract_next_file(ctx);
-		if (r == 0) r = -EAPKFORMAT;
+		if (r == 0) r = -APKE_ADB_BLOCK;
 		if (r == 1) r = 0;
 	}
 	adb_free(&ctx->db);
--- a/src/app_fetch.c
+++ b/src/app_fetch.c
@ -130,7 +130,7 @@ static int fetch_package(apk_hash_item item, void *pctx)
 	repo = apk_db_select_repo(db, pkg);
 	if (repo == NULL) {
-		r = -ENOPKG;
+		r = -APKE_PACKAGE_NOT_FOUND;
 		goto err;
 	}
--- a/src/app_mkndx.c
+++ b/src/app_mkndx.c
@ -129,7 +129,7 @@ static adb_val_t mkndx_read_v2_pkginfo(struct adb *db, struct apk_istream *is, s
 		if (adb_ro_val(&pkginfo, f->ndx) != ADB_NULL) {
 			/* Workaround abuild bug that emitted multiple license lines */
 			if (f->ndx == ADBI_PI_LICENSE) continue;
-			 e = ADB_ERROR(EAPKFORMAT);
+			 e = ADB_ERROR(APKE_ADB_PACKAGE_FORMAT);
 			 continue;
 		}
--- a/src/crypto_openssl.c
+++ b/src/crypto_openssl.c
@ -73,7 +73,7 @@ int apk_pkey_init(struct apk_pkey *pkey, EVP_PKEY *key)
 	unsigned int dlen = sizeof dig;
 	int len;
-	if ((len = i2d_PublicKey(key, &pub)) < 0) return -EIO;
+	if ((len = i2d_PublicKey(key, &pub)) < 0) return -APKE_CRYPTO_ERROR;
 	EVP_Digest(pub, len, dig, &dlen, EVP_sha512(), NULL);
 	memcpy(pkey->id, dig, sizeof pkey->id);
 	OPENSSL_free(pub);
@ -107,7 +107,7 @@ int apk_pkey_load(struct apk_pkey *pkey, int dirfd, const char *fn)
 	ERR_clear_error();
 	BIO_free(bio);
-	if (!key) return -EBADMSG;
+	if (!key) return -APKE_CRYPTO_KEY_FORMAT;
 	apk_pkey_init(pkey, key);
 	return 0;
@ -117,7 +117,7 @@ int apk_sign_start(struct apk_digest_ctx *dctx, struct apk_pkey *pkey)
 {
 	if (EVP_MD_CTX_reset(dctx->mdctx) != 1 ||
 	    EVP_DigestSignInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1)
-		return -EIO;
+		return -APKE_CRYPTO_ERROR;
 	return 0;
 }
@ -125,7 +125,7 @@ int apk_sign(struct apk_digest_ctx *dctx, void *sig, size_t *len)
 {
 	if (EVP_DigestSignFinal(dctx->mdctx, sig, len) != 1) {
 		ERR_print_errors_fp(stderr);
-		return -EBADMSG;
+		return -APKE_SIGNATURE_FAIL;
 	}
 	return 0;
 }
@ -134,7 +134,7 @@ int apk_verify_start(struct apk_digest_ctx *dctx, struct apk_pkey *pkey)
 {
 	if (EVP_MD_CTX_reset(dctx->mdctx) != 1 ||
 	    EVP_DigestVerifyInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1)
-		return -EIO;
+		return -APKE_CRYPTO_ERROR;
 	return 0;
 }
@ -142,7 +142,7 @@ int apk_verify(struct apk_digest_ctx *dctx, void *sig, size_t len)
 {
 	if (EVP_DigestVerifyFinal(dctx->mdctx, sig, len) != 1) {
 		ERR_print_errors_fp(stderr);
-		return -EBADMSG;
+		return -APKE_SIGNATURE_INVALID;
 	}
 	return 0;
 }
--- a/src/database.c
+++ b/src/database.c
@ -910,7 +910,7 @@ old_apk_tools:
 bad_entry:
 	apk_err(out, "FDB format error (line %d, entry '%c')", lineno, field);
 err_fmt:
-	is->err = -EAPKDBFORMAT;
+	is->err = -APKE_V2DB_FORMAT;
 	return apk_istream_close(is);
 }
@ -2196,7 +2196,7 @@ static int load_index(struct apk_database *db, struct apk_istream *is,
 		apk_sign_ctx_free(&ctx.sctx);
 		if (r >= 0 && ctx.found == 0)
-			r = -ENOMSG;
+			r = -APKE_V2NDX_FORMAT;
 	} else {
 		apk_db_index_read(db, apk_istream_gunzip(is), repo);
 	}
@ -2778,7 +2778,7 @@ static int apk_db_unpack_pkg(struct apk_database *db,
 	if (pkg->filename == NULL) {
 		repo = apk_db_select_repo(db, pkg);
 		if (repo == NULL) {
-			r = -ENOPKG;
+			r = -APKE_PACKAGE_NOT_FOUND;
 			goto err_msg;
 		}
 		r = apk_repo_format_item(db, repo, pkg, &filefd, file, sizeof(file));
@ -2800,7 +2800,7 @@ static int apk_db_unpack_pkg(struct apk_database *db,
 	if (IS_ERR_OR_NULL(is)) {
 		r = PTR_ERR(is);
 		if (r == -ENOENT && pkg->filename == NULL)
-			r = -EAPKSTALEINDEX;
+			r = -APKE_INDEX_STALE;
 		goto err_msg;
 	}
 	if (need_copy) {
--- a/src/io.c
+++ b/src/io.c
@ -127,7 +127,7 @@ void *apk_istream_get(struct apk_istream *is, size_t len)
 	if (is->end-is->ptr == is->buf_size)
 		return ERR_PTR(-ENOBUFS);
 	if (is->err > 0)
-		return ERR_PTR(-ENOMSG);
+		return ERR_PTR(-APKE_EOF);
 	return ERR_PTR(-EIO);
 }
@ -498,7 +498,7 @@ ssize_t apk_stream_copy(struct apk_istream *is, struct apk_ostream *os, size_t s
 		d = apk_istream_get_max(is, size - done);
 		if (APK_BLOB_IS_NULL(d)) {
 			if (d.len) return d.len;
-			if (size != APK_IO_ALL) return -EBADMSG;
+			if (size != APK_IO_ALL) return -APKE_EOF;
 			break;
 		}
 		if (dctx) apk_digest_ctx_update(dctx, d.ptr, d.len);
@ -547,7 +547,7 @@ ssize_t apk_istream_splice(struct apk_istream *is, int fd, size_t size,
 		if (r <= 0) {
 			if (r) goto err;
 			if (size != APK_IO_ALL && done != size) {
-				r = -EBADMSG;
+				r = -APKE_EOF;
 				goto err;
 			}
 			break;
--- a/src/io_archive.c
+++ b/src/io_archive.c
@ -258,7 +258,7 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
 	if (r == 0) goto ok;
 err:
 	/* Check that there was no partial (or non-zero) record */
-	if (r >= 0) r = -EBADMSG;
+	if (r >= 0) r = -APKE_EOF;
 ok:
 	free(pax.ptr);
 	free(longname.ptr);
--- a/src/io_url.c
+++ b/src/io_url.c
@ -51,13 +51,13 @@ static int fetch_maperror(int ec)
 		[FETCH_NETWORK] = -ENETUNREACH,
 		/* [FETCH_OK] = , */
 		[FETCH_PROTO] = -EPROTO,
-		[FETCH_RESOLV] = -ENXIO,
+		[FETCH_RESOLV] = -APKE_DNS,
 		[FETCH_SERVER] = -EREMOTEIO,
 		[FETCH_TEMP] = -EAGAIN,
 		[FETCH_TIMEOUT] = -ETIMEDOUT,
 		[FETCH_UNAVAIL] = -ENOENT,
 		[FETCH_UNKNOWN] = -EIO,
-		[FETCH_URL] = -EAPKBADURL,
+		[FETCH_URL] = -APKE_URL_FORMAT,
 		[FETCH_UNCHANGED] = -EALREADY,
 	};
@ -111,7 +111,7 @@ static struct apk_istream *apk_istream_fetch(const char *url, time_t since)
 	u = fetchParseURL(url);
 	if (!u) {
-		rc = -EAPKBADURL;
+		rc = -APKE_URL_FORMAT;
 		goto err;
 	}
 	fis = malloc(sizeof *fis + apk_io_bufsize);
--- a/src/package.c
+++ b/src/package.c
@ -521,7 +521,7 @@ static int check_signing_key_trust(struct apk_sign_ctx *sctx)
 		if (sctx->signature.pkey == NULL) {
 			if (sctx->allow_untrusted)
 				break;
-			return -ENOKEY;
+			return -APKE_SIGNATURE_UNTRUSTED;
 		}
 	}
 	return 0;
@ -554,10 +554,10 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
 		 * This does not make any sense if the file has v2.0
 		 * style .PKGINFO */
 		if (ctx->has_data_checksum)
-			return -ENOMSG;
+			return -APKE_V2PKG_FORMAT;
 		/* Error out early if identity part is missing */
 		if (ctx->action == APK_SIGN_VERIFY_IDENTITY)
-			return -EKEYREJECTED;
+			return -APKE_V2PKG_FORMAT;
 		ctx->data_started = 1;
 		ctx->control_started = 1;
 		r = check_signing_key_trust(ctx);
@ -669,7 +669,7 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
 	/* Still in signature blocks? */
 	if (!sctx->control_started) {
 		if (part == APK_MPART_END)
-			return -EKEYREJECTED;
+			return -APKE_V2PKG_FORMAT;
 		goto reset_digest;
 	}
@ -692,10 +692,10 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
 		if (EVP_MD_CTX_size(sctx->mdctx) == 0 ||
 		    memcmp(calculated, sctx->data_checksum,
 		           EVP_MD_CTX_size(sctx->mdctx)) != 0)
-			return -EKEYREJECTED;
+			return -APKE_V2PKG_INTEGRITY;
 		sctx->data_verified = 1;
 		if (!sctx->allow_untrusted && !sctx->control_verified)
-			return -ENOKEY;
+			return -APKE_SIGNATURE_UNTRUSTED;
 		return 0;
 	}
@ -715,11 +715,11 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
 				sctx->signature.data.len,
 				sctx->signature.pkey);
 			if (r != 1 && !sctx->allow_untrusted)
-				return -EKEYREJECTED;
+				return -APKE_SIGNATURE_INVALID;
 		} else {
 			r = 0;
 			if (!sctx->allow_untrusted)
-				return -ENOKEY;
+				return -APKE_SIGNATURE_UNTRUSTED;
 		}
 		if (r == 1) {
 			sctx->control_verified = 1;
@ -736,7 +736,7 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
 		EVP_DigestFinal_ex(sctx->mdctx, calculated, NULL);
 		if (memcmp(calculated, sctx->identity.data,
 			   sctx->identity.type) != 0)
-			return -EKEYREJECTED;
+			return -APKE_V2PKG_INTEGRITY;
 		sctx->control_verified = 1;
 		if (!sctx->has_data_checksum && part == APK_MPART_END)
 			sctx->data_verified = 1;
--- a/src/print.c
+++ b/src/print.c
@ -24,42 +24,36 @@ const char *apk_error_str(int error)
 	if (error < 0)
 		error = -error;
 	switch (error) {
-	case ENOKEY:
+	case ECONNABORTED:			return "network connection aborted";
-		return "UNTRUSTED signature";
+	case ECONNREFUSED:			return "could not connect to server (check repositories file)";
-	case EKEYREJECTED:
+	case ENETUNREACH:			return "network error (check Internet connection and firewall)";
-		return "BAD signature";
+	case EREMOTEIO:				return "remote server returned error (try 'apk update')";
-	case EIO:
+	case EAGAIN:				return "temporary error (try again later)";
-		return "IO ERROR";
+	case APKE_EOF:				return "unexpected end of file";
-	case EBADMSG:
+	case APKE_DNS:				return "DNS error (try again later)";
-		return "BAD archive";
+	case APKE_URL_FORMAT:			return "invalid URL (check your repositories file)";
-	case ENOMSG:
+	case APKE_CRYPTO_ERROR:			return "crypto error";
-		return "archive does not contain expected data";
+	case APKE_CRYPTO_NOT_SUPPORTED:		return "cryptographic algorithm not supported";
-	case ENOPKG:
+	case APKE_CRYPTO_KEY_FORMAT:		return "cryptographic key format not recognized";
-		return "could not find a repo which provides this package (check repositories file and run 'apk update')";
+	case APKE_SIGNATURE_FAIL:		return "signing failure";
-	case ECONNABORTED:
+	case APKE_SIGNATURE_UNTRUSTED:		return "UNTRUSTED signature";
-		return "network connection aborted";
+	case APKE_SIGNATURE_INVALID:		return "BAD signature";
-	case ECONNREFUSED:
+	case APKE_ADB_HEADER:			return "ADB header error";
-		return "could not connect to server (check repositories file)";
+	case APKE_ADB_SCHEMA:			return "ADB schema error";
-	case ENETUNREACH:
+	case APKE_ADB_BLOCK:			return "ADB block error";
-		return "network error (check Internet connection and firewall)";
+	case APKE_ADB_SIGNATURE:		return "ADB signature block error";
-	case ENXIO:
+	case APKE_ADB_NO_FROMSTRING:		return "ADB schema error (no fromstring)";
-		return "DNS lookup error";
+	case APKE_ADB_LIMIT:			return "ADB schema limit reached";
-	case EREMOTEIO:
+	case APKE_ADB_DEPENDENCY_FORMAT:	return "ADB dependency format";
-		return "remote server returned error (try 'apk update')";
+	case APKE_ADB_PACKAGE_FORMAT:		return "ADB package format";
-	case ETIMEDOUT:
+	case APKE_V2DB_FORMAT:			return "v2 database format error";
-		return "operation timed out";
+	case APKE_V2PKG_FORMAT:			return "v2 package format error";
-	case EAGAIN:
+	case APKE_V2PKG_INTEGRITY:		return "v2 package integrity error";
-		return "temporary error (try again later)";
+	case APKE_V2NDX_FORMAT:			return "v2 index format error";
-	case EAPKBADURL:
+	case APKE_PACKAGE_NOT_FOUND:		return "could not find a repo which provides this package (check repositories file and run 'apk update')";
-		return "invalid URL (check your repositories file)";
+	case APKE_INDEX_STALE:			return "package mentioned in index not found (try 'apk update')";
-	case EAPKSTALEINDEX:
+	case APKE_FILE_INTEGRITY:		return "file integrity error";
-		return "package mentioned in index not found (try 'apk update')";
+	case APKE_UVOL:				return "uvol error";
 	case EAPKFORMAT:
 		return "package file format error";
 	case EAPKDEPFORMAT:
 		return "package dependency format error";
 	case EAPKDBFORMAT:
 		return "database file format error";
 	default:
 		return strerror(error);
 	}
--- a/src/trust.c
+++ b/src/trust.c
@ -13,7 +13,7 @@ static struct apk_trust_key *apk_trust_load_key(int dirfd, const char *filename)
 	r = apk_pkey_load(&key->key, dirfd, filename);
 	if (r) {
 		free(key);
-		return ERR_PTR(-ENOKEY);
+		return ERR_PTR(r);
 	}
 	list_init(&key->key_node);