Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts/libmakepkg/integrity/verify_signature.sh.in
AgeCommit message (Collapse)Author
2018-01-06libmakepkg/integrity: fix git signatures not seen with multiple filesEli Schwartz
In eaa82b4d0775252856a4e54a6f2a9ea191cf0b8f source_has_signature() was modified to check if git repositories are marked as signed. However, due to a typo the unused variable $netfile was checked. This worked as long as the last source element was marked as signed, due to $netfile being mistakenly set as a global in check_vcs_software(), but usually failed with multiple sources. Break this more consistently by properly declaring $netfile as a local variable in check_vcs_software() which it should be regardless. Fix it again by completely moving over to $netfile in source_has_signature() as netfile is more descriptive of the current state. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06libmakepkg/integrity: fix regression that broke invalid file sigsEli Schwartz
In 42e7020281d3ae260e1e9693495f527b7f476625 creating the gpg statusfile for a source file was split into a separate function, which used the return code to indicate unsigned files and proto-specific errors. However, the fallback return code was set by the final gpg invocation, which would be 1 if the signature was somehow broken (for example, the key was not available in the gpg keyring). As a result makepkg thought that file did not have a signature and skipped over it rather than erroring out. Fix this by explicitly setting the return code for all verify_*_signature() functions. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: Fix improperly spelled local variable declarationEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg/integrity: Fix error message not sent to stderrEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: Verify git signaturesEli Schwartz
A git repository is marked as signed if it contains the query "signed" as defined by https://tools.ietf.org/html/rfc3986 Adds two utility functions in util/source.sh.in to extract fragments and queries, and modifies source/git.sh.in to use them. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04libmakepkg/integrity: Verify file signatures in a separate functionEli Schwartz
This makes it easier to add signature verification for new protos. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18libmakepkg: extract functions for integrity checkingAshley Whetter
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>