summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEli Schwartz <eschwartz@archlinux.org>2018-10-21 19:28:41 +0200
committerAllan McRae <allan@archlinux.org>2018-11-03 12:56:09 +0100
commit635a9c911c419932e4f27eeae349bb265011ca86 (patch)
tree6617d7bea18032a37f42587190b1d5271c5285e0
parentd230ec6f17a2b64ed61936013234414c74e7c29f (diff)
downloadpacman-635a9c911c419932e4f27eeae349bb265011ca86.tar.gz
pacman-635a9c911c419932e4f27eeae349bb265011ca86.tar.xz
pacman-key: just accept one file to verify, and enforce detached sigs
Simply pass options on to gpg the same way gpg uses them -- no looping through and checking lots of signatures. This prevents a situation where the signature file to be verified is manipulated to contain an embedded signature which is valid, but not a detached signature for the file you are actually trying to verify. gpg does not offer an option to verify many files at once by naming each signature/file pair, and there's no reason for us to do so either, since it would be quite tiresome to do so. In the event that there is no signature/file pair specified to pacman-key itself, - preserve gpg's behavior, *if* the matching file does not exist, by - assuming the signature is an embedded signature - deviate from gpg's behavior, by - offering a security warning about which one is happening - when there is an embedded signature *and* a matching detached file, assume the latter is desired Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r--doc/pacman-key.8.asciidoc8
-rw-r--r--scripts/pacman-key.sh.in31
2 files changed, 26 insertions, 13 deletions
diff --git a/doc/pacman-key.8.asciidoc b/doc/pacman-key.8.asciidoc
index f0b5ac08..e32fe5d8 100644
--- a/doc/pacman-key.8.asciidoc
+++ b/doc/pacman-key.8.asciidoc
@@ -97,7 +97,13 @@ Operations
Displays the program version.
*-v, \--verify*::
- Verify the file(s) specified by the signature(s).
+ Assume that the first argument is a signature and verify it. If a second
+ argument is provided, it is the file to be verified.
++
+With only one argument given, assume that the signature is a detached
+signature, and look for a matching data file to verify by stripping the file
+extension. If no matching data file is found, fall back on GnuPG semantics and
+attempt to verify a file with an embedded signature.
Options
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 66336e9a..b05754e5 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -485,18 +485,25 @@ refresh_keys() {
}
verify_sig() {
- local ret=0
- for sig; do
- msg "Checking %s..." "$sig"
- if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
- error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
- return 1
- fi
- if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
- error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
- ret=1
- fi
- done
+ local ret=0 sig=$1 file=$2
+ if [[ -z $file && -f ${sig%.*} ]]; then
+ file=${sig%.*}
+ fi
+ if [[ -n $file ]]; then
+ local files=("$sig" "$file")
+ msg "Checking %s... (detached)" "$sig"
+ else
+ local files=("$sig")
+ msg "Checking %s... (embedded)" "$sig"
+ fi
+ if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
+ error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
+ exit 1
+ fi
+ if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
+ error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
+ ret=1
+ fi
exit $ret
}