From 7c3f4949ca5aa4d1ccb1316ca38ac13236456ab3 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 23 Apr 2024 11:09:41 +0200 Subject: [PATCH] repo-add: implicitly sign when verifying Currently it is possible to verify a database signature, without signing the database. This causes the database to be altered, but the (then invalid) signature to be preserved. Fix this by implicitly signing when verifying. Signed-off-by: Christian Hesse --- doc/repo-add.8.asciidoc | 2 +- scripts/repo-add.sh.in | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/repo-add.8.asciidoc b/doc/repo-add.8.asciidoc index 9b903ab1..dc6e0baf 100644 --- a/doc/repo-add.8.asciidoc +++ b/doc/repo-add.8.asciidoc @@ -54,7 +54,7 @@ Common Options *-v, \--verify*:: Verify the PGP signature of the database before updating the database. If the signature is invalid, an error is produced and the update does not - proceed. + proceed. This implicitly enabled signing. *\--nocolor*:: Remove color from 'repo-add' and 'repo-remove' output. diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 4656f270..56e403ce 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -631,6 +631,7 @@ while true; do GPGKEY=$1 ;; -v|--verify) + SIGN=1 VERIFY=1 ;; -p|--prevent-downgrade)