diff options
author | Eli Schwartz <eschwartz@archlinux.org> | 2018-10-21 19:28:41 +0200 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2018-11-03 12:56:09 +0100 |
commit | 635a9c911c419932e4f27eeae349bb265011ca86 (patch) | |
tree | 6617d7bea18032a37f42587190b1d5271c5285e0 /doc | |
parent | d230ec6f17a2b64ed61936013234414c74e7c29f (diff) | |
download | pacman-635a9c911c419932e4f27eeae349bb265011ca86.tar.gz pacman-635a9c911c419932e4f27eeae349bb265011ca86.tar.xz |
pacman-key: just accept one file to verify, and enforce detached sigs
Simply pass options on to gpg the same way gpg uses them -- no looping
through and checking lots of signatures.
This prevents a situation where the signature file to be verified is
manipulated to contain an embedded signature which is valid, but not a
detached signature for the file you are actually trying to verify.
gpg does not offer an option to verify many files at once by naming each
signature/file pair, and there's no reason for us to do so either, since
it would be quite tiresome to do so.
In the event that there is no signature/file pair specified to
pacman-key itself,
- preserve gpg's behavior, *if* the matching file does not exist, by
- assuming the signature is an embedded signature
- deviate from gpg's behavior, by
- offering a security warning about which one is happening
- when there is an embedded signature *and* a matching detached file,
assume the latter is desired
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/pacman-key.8.asciidoc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/pacman-key.8.asciidoc b/doc/pacman-key.8.asciidoc index f0b5ac08..e32fe5d8 100644 --- a/doc/pacman-key.8.asciidoc +++ b/doc/pacman-key.8.asciidoc @@ -97,7 +97,13 @@ Operations Displays the program version. *-v, \--verify*:: - Verify the file(s) specified by the signature(s). + Assume that the first argument is a signature and verify it. If a second + argument is provided, it is the file to be verified. ++ +With only one argument given, assume that the signature is a detached +signature, and look for a matching data file to verify by stripping the file +extension. If no matching data file is found, fall back on GnuPG semantics and +attempt to verify a file with an embedded signature. Options |