From db3b86e7f34f4c3ccb42e98465f2069aa642a85f Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Tue, 7 Jun 2011 17:29:55 -0500
Subject: Do database signature checking at load time

This is the ideal place to do it as all clients should be checking the
return value and ensuring there are no errors. This is similar to
pkg_load().

We also add an additional step of validation after we download a new
database; a subsequent '-y' operation can potentially invalidate the
original check at registration time.

Note that this implementation is still a bit naive; if a signature is
invalid it is currently impossible to refresh and re-download the file
without manually deleting it first. Similarly, if one downloads a
database and the check fails, the database object is still there and can
be used. These shortcomings will be addressed in a future commit.

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 test/pacman/tests/sign001.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'test/pacman')

diff --git a/test/pacman/tests/sign001.py b/test/pacman/tests/sign001.py
index 0ae417b7..14add09c 100644
--- a/test/pacman/tests/sign001.py
+++ b/test/pacman/tests/sign001.py
@@ -1,8 +1,8 @@
-self.description = "Add a signature to a package DB"
+self.description = "Add a bogus signature to a package DB"
 
 sp = pmpkg("pkg1")
 sp.pgpsig = "asdfasdfsdfasdfsdafasdfsdfasd"
-self.addpkg2db("sync+Always", sp)
+self.addpkg2db("sync+Optional", sp)
 
 self.args = "-Ss"
 
-- 
cgit v1.2.3


From 79e98316ea89486d107466858543e965bcfbb0a9 Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Tue, 7 Jun 2011 20:42:15 -0500
Subject: Add a 'valid' flag to the database object

Start by converting all of our flags to a 'status' bitmask (pkgcache
status, grpcache status). Add a new 'valid' flag as well. This will let
us keep track if the database itself has been marked valid in whatever
fashion.

For local databases at the moment we ensure there are no depends files;
for sync databases we ensure the PGP signature is valid if
required/requested. The loading of the pkgcache is prohibited if the
database is invalid.

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 test/pacman/tests/ignore007.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'test/pacman')

diff --git a/test/pacman/tests/ignore007.py b/test/pacman/tests/ignore007.py
index 90ff4ef6..7670e770 100644
--- a/test/pacman/tests/ignore007.py
+++ b/test/pacman/tests/ignore007.py
@@ -18,4 +18,4 @@ self.args = "--ask=1 -S grp"
 self.addrule("PACMAN_RETCODE=0")
 self.addrule("!PKG_EXIST=%s" % pkg1.name)
 self.addrule("PKG_EXIST=%s" % pkg2.name)
-self.addrule("PACMAN_OUTPUT=is in IgnorePkg")
+self.addrule("PKG_EXIST=%s" % pkg3.name)
-- 
cgit v1.2.3