diff options
author | Dan McGee <dan@archlinux.org> | 2009-08-24 16:52:23 -0500 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2011-03-23 00:26:54 -0500 |
commit | 38f94da47d71780fdaaf0f06e0bf4dd37456fc00 (patch) | |
tree | 66e5adfdfcb7983d1c97fd52b050046a4f3fdcf6 | |
parent | a4120f2015ae4d5880642e16c81acadbab77555d (diff) |
repo-add: add -v/--verify option
This is intended to verify an existing signature on a database before
making further changes to it and performing updates. Rarely would you
use this without immediately resigning it via the -s/--sign option.
Instead, it is intended as a "chain of trust" operation where the
previous signature is verified to give you some sense that what you sign
off on is also safe.
Still todo: don't make changes unless the signature is not only good,
but also in the accepted list of keys.
Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r-- | scripts/repo-add.sh.in | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index ebe226a1..8a738b4b 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -31,6 +31,7 @@ QUIET=0 DELTA=0 WITHFILES=0 SIGN=0 +VERIFY=0 REPO_DB_FILE= LOCKFILE= CLEAN_LOCK=0 @@ -203,6 +204,29 @@ create_signature() { fi } +# verify the existing package database signature +verify_signature() { + (( ! VERIFY )) && return + local dbfile="$1" + local ret=0 + msg "$(gettext "Verifying database signature...")" + if [ ! $(type -p "gpg") ]; then + error "$(gettext "Cannot find the gpg binary! Is gnupg installed?")" + exit 1 # $E_MISSING_PROGRAM + fi + if [[ ! -f $dbfile.sig ]]; then + warning "$(gettext "No existing signature found, skipping verification.")" + return + fi + gpg --verify "$dbfile.sig" || ret=$? + if (( ! ret )); then + msg2 "$(gettext "Database signature file verified.")" + else + error "$(gettext "Database signature was NOT valid!")" + exit 1 + fi +} + # write an entry to the pacman database # arg1 - path to package db_write_entry() @@ -377,6 +401,7 @@ check_repo_db() exit 1 fi fi + verify_signature "$REPO_DB_FILE" msg "$(gettext "Extracting database to a temporary location...")" bsdtar -xf "$REPO_DB_FILE" -C "$tmpdir" else @@ -508,6 +533,7 @@ for arg in "$@"; do -d|--delta) DELTA=1;; -f|--files) WITHFILES=1;; -s|--sign) SIGN=1;; + -v|--verify) VERIFY=1;; *) if [[ -z $REPO_DB_FILE ]]; then REPO_DB_FILE="$arg" |