bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libmakepkg: Implement extendable signature verification

Browse source 
Lookup the existence of matching functions for each protocol, and
fallback on the generic file handler. New verification protocols can
then be added via thirdparty libmakepkg drop-ins without requiring
modifications to verify_signature.sh

Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Eli Schwartz 2018-05-29 00:24:35 -04:00 committed by Allan McRae
parent 9c817b6549
commit 1e040153bc
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
scripts/libmakepkg/integrity/verify_signature.sh.in
View file

@ -49,8 +49,8 @@ check_pgpsigs() {
for netfile in "${all_sources[@]}"; do for netfile in "${all_sources[@]}"; do
proto="$(get_protocol "$netfile")" proto="$(get_protocol "$netfile")"
if [[ $proto = git ]]; then if declare -f verify_${proto}_signature > /dev/null; then
verify_git_signature "$netfile" "$statusfile" || continue verify_${proto}_signature "$netfile" "$statusfile" || continue
else else
verify_file_signature "$netfile" "$statusfile" || continue verify_file_signature "$netfile" "$statusfile" || continue
fi fi
@ -263,7 +263,8 @@ source_has_signatures() {
proto="$(get_protocol "$netfile")" proto="$(get_protocol "$netfile")"
query=$(get_uri_query "$netfile") query=$(get_uri_query "$netfile")
if [[ ${netfile%%::*} = *.@(sig?(n)|asc) || ( $proto = git && $query = signed ) ]]; then if [[ ${netfile%%::*} = *.@(sig?(n)|asc) ]] || \
( declare -f verify_${proto}_signature > /dev/null && [[ $query = signed ]] ); then
return 0 return 0
fi fi
done done