bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libmakepkg/integrity: Verify file signatures in a separate function

Browse source 
This makes it easier to add signature verification for new protos.

Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Eli Schwartz 2017-01-03 15:10:17 -05:00 committed by Allan McRae
parent 0994893b0e
commit 42e7020281
1 changed files with 46 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
scripts/libmakepkg/integrity/verify_signature.sh.in
View file

@ -32,7 +32,7 @@ check_pgpsigs() {
msg "$(gettext "Verifying source file signatures with %s...")" "gpg" msg "$(gettext "Verifying source file signatures with %s...")" "gpg"
local file ext decompress found pubkey success status fingerprint trusted local netfile pubkey success status fingerprint trusted
local warning=0 local warning=0
local errors=0 local errors=0
local statusfile=$(mktemp) local statusfile=$(mktemp)
@ -46,44 +46,9 @@ check_pgpsigs() {
get_all_sources_for_arch 'all_sources' get_all_sources_for_arch 'all_sources'
;; ;;
esac esac
for file in "${all_sources[@]}"; do for netfile in "${all_sources[@]}"; do
file="$(get_filename "$file")" verify_file_signature "$netfile" "$statusfile" || continue
if [[ $file != *.@(sig?(n)|asc) ]]; then
continue
fi
printf " %s ... " "${file%.*}" >&2
if ! file="$(get_filepath "$file")"; then
printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
errors=1
continue
fi
found=0
for ext in "" gz bz2 xz lrz lzo Z; do
if sourcefile="$(get_filepath "${file%.*}${ext:+.$ext}")"; then
found=1
break;
fi
done
if (( ! found )); then
printf '%s\n' "$(gettext "SOURCE FILE NOT FOUND")" >&2
errors=1
continue
fi
case "$ext" in
gz) decompress="gzip -c -d -f" ;;
bz2) decompress="bzip2 -c -d -f" ;;
xz) decompress="xz -c -d" ;;
lrz) decompress="lrzip -q -d" ;;
lzo) decompress="lzop -c -d -q" ;;
Z) decompress="uncompress -c -f" ;;
"") decompress="cat" ;;
esac
$decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null
# these variables are assigned values in parse_gpg_statusfile # these variables are assigned values in parse_gpg_statusfile
success=0 success=0
status= status=
@ -145,6 +110,49 @@ check_pgpsigs() {
fi fi
} }
verify_file_signature() {
local netfile="$1" statusfile="$2"
local file ext decompress found sourcefile
file="$(get_filename "$netfile")"
if [[ $file != *.@(sig?(n)|asc) ]]; then
return 1
fi
printf " %s ... " "${file%.*}" >&2
if ! file="$(get_filepath "$netfile")"; then
printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
errors=1
return 1
fi
found=0
for ext in "" gz bz2 xz lrz lzo Z; do
if sourcefile="$(get_filepath "${file%.*}${ext:+.$ext}")"; then
found=1
break;
fi
done
if (( ! found )); then
printf '%s\n' "$(gettext "SOURCE FILE NOT FOUND")" >&2
errors=1
return 1
fi
case "$ext" in
gz) decompress="gzip -c -d -f" ;;
bz2) decompress="bzip2 -c -d -f" ;;
xz) decompress="xz -c -d" ;;
lrz) decompress="lrzip -q -d" ;;
lzo) decompress="lzop -c -d -q" ;;
Z) decompress="uncompress -c -f" ;;
"") decompress="cat" ;;
esac
$decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null
}
parse_gpg_statusfile() { parse_gpg_statusfile() {
local type arg1 arg6 arg10 local type arg1 arg6 arg10