From 635a9c911c419932e4f27eeae349bb265011ca86 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Sun, 21 Oct 2018 13:28:41 -0400 Subject: pacman-key: just accept one file to verify, and enforce detached sigs Simply pass options on to gpg the same way gpg uses them -- no looping through and checking lots of signatures. This prevents a situation where the signature file to be verified is manipulated to contain an embedded signature which is valid, but not a detached signature for the file you are actually trying to verify. gpg does not offer an option to verify many files at once by naming each signature/file pair, and there's no reason for us to do so either, since it would be quite tiresome to do so. In the event that there is no signature/file pair specified to pacman-key itself, - preserve gpg's behavior, *if* the matching file does not exist, by - assuming the signature is an embedded signature - deviate from gpg's behavior, by - offering a security warning about which one is happening - when there is an embedded signature *and* a matching detached file, assume the latter is desired Signed-off-by: Eli Schwartz Signed-off-by: Allan McRae --- doc/pacman-key.8.asciidoc | 8 +++++++- scripts/pacman-key.sh.in | 31 +++++++++++++++++++------------ 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/doc/pacman-key.8.asciidoc b/doc/pacman-key.8.asciidoc index f0b5ac08..e32fe5d8 100644 --- a/doc/pacman-key.8.asciidoc +++ b/doc/pacman-key.8.asciidoc @@ -97,7 +97,13 @@ Operations Displays the program version. *-v, \--verify*:: - Verify the file(s) specified by the signature(s). + Assume that the first argument is a signature and verify it. If a second + argument is provided, it is the file to be verified. ++ +With only one argument given, assume that the signature is a detached +signature, and look for a matching data file to verify by stripping the file +extension. If no matching data file is found, fall back on GnuPG semantics and +attempt to verify a file with an embedded signature. Options diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 66336e9a..b05754e5 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -485,18 +485,25 @@ refresh_keys() { } verify_sig() { - local ret=0 - for sig; do - msg "Checking %s..." "$sig" - if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then - error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig" - return 1 - fi - if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then - error "$(gettext "The signature identified by %s could not be verified.")" "$sig" - ret=1 - fi - done + local ret=0 sig=$1 file=$2 + if [[ -z $file && -f ${sig%.*} ]]; then + file=${sig%.*} + fi + if [[ -n $file ]]; then + local files=("$sig" "$file") + msg "Checking %s... (detached)" "$sig" + else + local files=("$sig") + msg "Checking %s... (embedded)" "$sig" + fi + if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then + error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig" + exit 1 + fi + if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then + error "$(gettext "The signature identified by %s could not be verified.")" "$sig" + ret=1 + fi exit $ret } -- cgit v1.2.3-70-g09d2