pacman-key: just accept one file to verify, and enforce detached sigs
Simply pass options on to gpg the same way gpg uses them -- no looping through and checking lots of signatures. This prevents a situation where the signature file to be verified is manipulated to contain an embedded signature which is valid, but not a detached signature for the file you are actually trying to verify. gpg does not offer an option to verify many files at once by naming each signature/file pair, and there's no reason for us to do so either, since it would be quite tiresome to do so. In the event that there is no signature/file pair specified to pacman-key itself, - preserve gpg's behavior, *if* the matching file does not exist, by - assuming the signature is an embedded signature - deviate from gpg's behavior, by - offering a security warning about which one is happening - when there is an embedded signature *and* a matching detached file, assume the latter is desired Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Eli Schwartz
Allan McRae
parent
d230ec6f17
commit
635a9c911c
2 changed files with 26 additions and 13 deletions
|
|
@ -97,7 +97,13 @@ Operations
|
||||||
Displays the program version.
|
Displays the program version.
|
||||||
|
|
||||||
*-v, \--verify*::
|
*-v, \--verify*::
|
||||||
Verify the file(s) specified by the signature(s).
|
Assume that the first argument is a signature and verify it. If a second
|
||||||
|
argument is provided, it is the file to be verified.
|
||||||
|
+
|
||||||
|
With only one argument given, assume that the signature is a detached
|
||||||
|
signature, and look for a matching data file to verify by stripping the file
|
||||||
|
extension. If no matching data file is found, fall back on GnuPG semantics and
|
||||||
|
attempt to verify a file with an embedded signature.
|
||||||
|
|
||||||
|
|
||||||
Options
|
Options
|
||||||
|
|
|
||||||
|
|
@ -485,18 +485,25 @@ refresh_keys() {
|
||||||
}
|
}
|
||||||
|
|
||||||
verify_sig() {
|
verify_sig() {
|
||||||
local ret=0
|
local ret=0 sig=$1 file=$2
|
||||||
for sig; do
|
if [[ -z $file && -f ${sig%.*} ]]; then
|
||||||
msg "Checking %s..." "$sig"
|
file=${sig%.*}
|
||||||
|
fi
|
||||||
|
if [[ -n $file ]]; then
|
||||||
|
local files=("$sig" "$file")
|
||||||
|
msg "Checking %s... (detached)" "$sig"
|
||||||
|
else
|
||||||
|
local files=("$sig")
|
||||||
|
msg "Checking %s... (embedded)" "$sig"
|
||||||
|
fi
|
||||||
if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
|
if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
|
||||||
error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
|
error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
|
||||||
return 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
|
if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
|
||||||
error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
|
error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
|
||||||
ret=1
|
ret=1
|
||||||
fi
|
fi
|
||||||
done
|
|
||||||
exit $ret
|
exit $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue