diff options
author | Pierre Schmitz <pierre@archlinux.de> | 2012-03-04 13:25:56 +0100 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2012-03-05 18:57:30 +0100 |
commit | 1fe6cabc4d3868510427e32b60c9aa869886acab (patch) | |
tree | a3351e4cc97733951588aab1c3e2c963cfc4f028 /scripts/pacman-key.sh.in | |
parent | 4ffa0401d22347332d663f1d400e182d5a181ea2 (diff) | |
download | pacman-1fe6cabc4d3868510427e32b60c9aa869886acab.tar.gz pacman-1fe6cabc4d3868510427e32b60c9aa869886acab.tar.xz |
pacman-key: Remove useless signature verification in --populate command
Verifing the keyring at this point is useless as a malicious package is already
installed and as such has several options to bypass this check anyway.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'scripts/pacman-key.sh.in')
-rw-r--r-- | scripts/pacman-key.sh.in | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 4b678041..3ea8947f 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -214,43 +214,6 @@ check_keyring() { fi } -validate_with_gpg() { - msg2 "$(gettext "Verifying %s...")" "$1" - if [[ ! -f "$1.sig" ]]; then - error "$(gettext "File %s is unsigned, cannot continue.")" "$1" - return 1 - elif ! "${GPG_PACMAN[@]}" --verify "$1.sig"; then - error "$(gettext "The signature of file %s is not valid.")" "$1" - return 1 - fi - return 0 -} - -verify_keyring_input() { - local ret=0; - local KEYRING_IMPORT_DIR='@pkgdatadir@/keyrings' - - # Verify signatures of keyring files and trusted/revoked files if they exist - msg "$(gettext "Verifying keyring file signatures...")" - local keyring keyfile - for keyring in "${KEYRINGIDS[@]}"; do - keyfile="${KEYRING_IMPORT_DIR}/${keyring}.gpg" - validate_with_gpg "${keyfile}" || ret=1 - - keyfile="${KEYRING_IMPORT_DIR}/${keyring}-trusted" - if [[ -f "${keyfile}" ]]; then - validate_with_gpg "${keyfile}" || ret=1 - fi - - keyfile="${KEYRING_IMPORT_DIR}/${keyring}-revoked" - if [[ -f "${keyfile}" ]]; then - validate_with_gpg "${keyfile}" || ret=1 - fi - done - - return $ret -} - populate_keyring() { local KEYRING_IMPORT_DIR='@pkgdatadir@/keyrings' @@ -281,8 +244,6 @@ populate_keyring() { exit 1 fi - verify_keyring_input || exit 1 - # Variable used for iterating on keyrings local key local key_id |