Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts/pacman-key.sh.in
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2012-03-04 13:25:56 +0100
committerDan McGee <dan@archlinux.org>2012-03-05 11:57:30 -0600
commit1fe6cabc4d3868510427e32b60c9aa869886acab (patch)
treea3351e4cc97733951588aab1c3e2c963cfc4f028 /scripts/pacman-key.sh.in
parent4ffa0401d22347332d663f1d400e182d5a181ea2 (diff)
pacman-key: Remove useless signature verification in --populate command
Verifing the keyring at this point is useless as a malicious package is already installed and as such has several options to bypass this check anyway. Signed-off-by: Pierre Schmitz <pierre@archlinux.de> Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'scripts/pacman-key.sh.in')
-rw-r--r--scripts/pacman-key.sh.in39
1 files changed, 0 insertions, 39 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 4b678041..3ea8947f 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -214,43 +214,6 @@ check_keyring() {
fi
}
-validate_with_gpg() {
- msg2 "$(gettext "Verifying %s...")" "$1"
- if [[ ! -f "$1.sig" ]]; then
- error "$(gettext "File %s is unsigned, cannot continue.")" "$1"
- return 1
- elif ! "${GPG_PACMAN[@]}" --verify "$1.sig"; then
- error "$(gettext "The signature of file %s is not valid.")" "$1"
- return 1
- fi
- return 0
-}
-
-verify_keyring_input() {
- local ret=0;
- local KEYRING_IMPORT_DIR='@pkgdatadir@/keyrings'
-
- # Verify signatures of keyring files and trusted/revoked files if they exist
- msg "$(gettext "Verifying keyring file signatures...")"
- local keyring keyfile
- for keyring in "${KEYRINGIDS[@]}"; do
- keyfile="${KEYRING_IMPORT_DIR}/${keyring}.gpg"
- validate_with_gpg "${keyfile}" || ret=1
-
- keyfile="${KEYRING_IMPORT_DIR}/${keyring}-trusted"
- if [[ -f "${keyfile}" ]]; then
- validate_with_gpg "${keyfile}" || ret=1
- fi
-
- keyfile="${KEYRING_IMPORT_DIR}/${keyring}-revoked"
- if [[ -f "${keyfile}" ]]; then
- validate_with_gpg "${keyfile}" || ret=1
- fi
- done
-
- return $ret
-}
-
populate_keyring() {
local KEYRING_IMPORT_DIR='@pkgdatadir@/keyrings'
@@ -281,8 +244,6 @@ populate_keyring() {
exit 1
fi
- verify_keyring_input || exit 1
-
# Variable used for iterating on keyrings
local key
local key_id