From 1ce0c6368d0908e25f9bd1bb8183b5f29053fac8 Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Sat, 2 Apr 2011 13:19:05 +0200 Subject: Add simple checks for handling signed packages In addition to this dbscripts wont accept unsigned pacakges when REQUIRE_SIGNATURE is set to true. Note: At this point no signature verification is performed at all. --- db-functions | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'db-functions') diff --git a/db-functions b/db-functions index b469039..a3e2168 100644 --- a/db-functions +++ b/db-functions @@ -284,6 +284,9 @@ getpkgfile() { elif [ ! -f "${1}" ]; then error "Package ${1} not found!" exit 1 + elif ${REQUIRE_SIGNATURE} && [ ! -f "${1}.sig" ]; then + error "Package signature ${1}.sig not found!" + exit 1 fi echo ${1} @@ -300,6 +303,9 @@ getpkgfiles() { if [ ! -f "${f}" ]; then error "Package ${f} not found!" exit 1 + elif ${REQUIRE_SIGNATURE} && [ ! -f "${f}.sig" ]; then + error "Package signature ${f}.sig not found!" + exit 1 fi done @@ -411,14 +417,18 @@ check_pkgrepos() { [ $? -ge 1 ] && return 1 [ -f "${FTP_BASE}/${PKGPOOL}/${pkgname}-${pkgver}-${pkgarch}"${PKGEXT} ] && return 1 + [ -f "${FTP_BASE}/${PKGPOOL}/${pkgname}-${pkgver}-${pkgarch}"${PKGEXT}.sig ] && return 1 [ -f "${FTP_BASE}/${PKGPOOL}/$(basename ${pkgfile})" ] && return 1 + [ -f "${FTP_BASE}/${PKGPOOL}/$(basename ${pkgfile}).sig" ] && return 1 local repo local arch for repo in ${PKGREPOS[@]}; do for arch in ${ARCHES[@]}; do [ -f "${FTP_BASE}/${repo}/os/${arch}/${pkgname}-${pkgver}-${pkgarch}"${PKGEXT} ] && return 1 + [ -f "${FTP_BASE}/${repo}/os/${arch}/${pkgname}-${pkgver}-${pkgarch}"${PKGEXT}.sig ] && return 1 [ -f "${FTP_BASE}/${repo}/os/${arch}/$(basename ${pkgfile})" ] && return 1 + [ -f "${FTP_BASE}/${repo}/os/${arch}/$(basename ${pkgfile}).sig" ] && return 1 done done -- cgit v1.2.3-24-g4f1b