repo-add: implicitly sign when verifying
Currently it is possible to verify a database signature, without signing the database. This causes the database to be altered, but the (then invalid) signature to be preserved. Fix this by implicitly signing when verifying. Signed-off-by: Christian Hesse <mail@eworm.de>
This commit is contained in:
Christian Hesse
parent
8e30cd4e38
commit
7c3f4949ca
2 changed files with 2 additions and 1 deletions
|
|
@ -54,7 +54,7 @@ Common Options
|
||||||
*-v, \--verify*::
|
*-v, \--verify*::
|
||||||
Verify the PGP signature of the database before updating the database.
|
Verify the PGP signature of the database before updating the database.
|
||||||
If the signature is invalid, an error is produced and the update does not
|
If the signature is invalid, an error is produced and the update does not
|
||||||
proceed.
|
proceed. This implicitly enabled signing.
|
||||||
|
|
||||||
*\--nocolor*::
|
*\--nocolor*::
|
||||||
Remove color from 'repo-add' and 'repo-remove' output.
|
Remove color from 'repo-add' and 'repo-remove' output.
|
||||||
|
|
|
||||||
|
|
@ -631,6 +631,7 @@ while true; do
|
||||||
GPGKEY=$1
|
GPGKEY=$1
|
||||||
;;
|
;;
|
||||||
-v|--verify)
|
-v|--verify)
|
||||||
|
SIGN=1
|
||||||
VERIFY=1
|
VERIFY=1
|
||||||
;;
|
;;
|
||||||
-p|--prevent-downgrade)
|
-p|--prevent-downgrade)
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue