bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libmakepkg: Implement extendable signature verification

Browse source 
Lookup the existence of matching functions for each protocol, and
fallback on the generic file handler. New verification protocols can
then be added via thirdparty libmakepkg drop-ins without requiring
modifications to verify_signature.sh

Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Eli Schwartz 2018-05-29 00:24:35 -04:00 committed by Allan McRae
parent 9c817b6549
commit 1e040153bc
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
scripts/libmakepkg/integrity/verify_signature.sh.in
View file

@ -49,8 +49,8 @@ check_pgpsigs() {
for netfile in "${all_sources[@]}"; do
proto="$(get_protocol "$netfile")"
if [[ $proto = git ]]; then
verify_git_signature "$netfile" "$statusfile" || continue
if declare -f verify_${proto}_signature > /dev/null; then
verify_${proto}_signature "$netfile" "$statusfile" || continue
else
verify_file_signature "$netfile" "$statusfile" || continue
fi
@ -263,7 +263,8 @@ source_has_signatures() {
proto="$(get_protocol "$netfile")"
query=$(get_uri_query "$netfile")
if [[ ${netfile%%::*} = *.@(sig?(n)|asc) || ( $proto = git && $query = signed ) ]]; then
if [[ ${netfile%%::*} = *.@(sig?(n)|asc) ]] || \
( declare -f verify_${proto}_signature > /dev/null && [[ $query = signed ]] ); then
return 0
fi
done