summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2009-08-24 16:52:23 -0500
committerDan McGee <dan@archlinux.org>2011-03-23 00:26:54 -0500
commit38f94da47d71780fdaaf0f06e0bf4dd37456fc00 (patch)
tree66e5adfdfcb7983d1c97fd52b050046a4f3fdcf6
parenta4120f2015ae4d5880642e16c81acadbab77555d (diff)
repo-add: add -v/--verify option
This is intended to verify an existing signature on a database before making further changes to it and performing updates. Rarely would you use this without immediately resigning it via the -s/--sign option. Instead, it is intended as a "chain of trust" operation where the previous signature is verified to give you some sense that what you sign off on is also safe. Still todo: don't make changes unless the signature is not only good, but also in the accepted list of keys. Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--scripts/repo-add.sh.in26
1 files changed, 26 insertions, 0 deletions
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index ebe226a1..8a738b4b 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -31,6 +31,7 @@ QUIET=0
DELTA=0
WITHFILES=0
SIGN=0
+VERIFY=0
REPO_DB_FILE=
LOCKFILE=
CLEAN_LOCK=0
@@ -203,6 +204,29 @@ create_signature() {
fi
}
+# verify the existing package database signature
+verify_signature() {
+ (( ! VERIFY )) && return
+ local dbfile="$1"
+ local ret=0
+ msg "$(gettext "Verifying database signature...")"
+ if [ ! $(type -p "gpg") ]; then
+ error "$(gettext "Cannot find the gpg binary! Is gnupg installed?")"
+ exit 1 # $E_MISSING_PROGRAM
+ fi
+ if [[ ! -f $dbfile.sig ]]; then
+ warning "$(gettext "No existing signature found, skipping verification.")"
+ return
+ fi
+ gpg --verify "$dbfile.sig" || ret=$?
+ if (( ! ret )); then
+ msg2 "$(gettext "Database signature file verified.")"
+ else
+ error "$(gettext "Database signature was NOT valid!")"
+ exit 1
+ fi
+}
+
# write an entry to the pacman database
# arg1 - path to package
db_write_entry()
@@ -377,6 +401,7 @@ check_repo_db()
exit 1
fi
fi
+ verify_signature "$REPO_DB_FILE"
msg "$(gettext "Extracting database to a temporary location...")"
bsdtar -xf "$REPO_DB_FILE" -C "$tmpdir"
else
@@ -508,6 +533,7 @@ for arg in "$@"; do
-d|--delta) DELTA=1;;
-f|--files) WITHFILES=1;;
-s|--sign) SIGN=1;;
+ -v|--verify) VERIFY=1;;
*)
if [[ -z $REPO_DB_FILE ]]; then
REPO_DB_FILE="$arg"