summaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2009-08-24 20:23:44 +0200
committerDan McGee <dan@archlinux.org>2011-03-23 06:26:54 +0100
commita4120f2015ae4d5880642e16c81acadbab77555d (patch)
tree0fd937049a90694f082738af3b1ef297c76bc742 /scripts
parent8fde399fe62c3a08310e1830bb15b6e93ed360f9 (diff)
downloadpacman-a4120f2015ae4d5880642e16c81acadbab77555d.tar.gz
pacman-a4120f2015ae4d5880642e16c81acadbab77555d.tar.xz
repo-add: allow signing of the package database
In order to be fully secure, we can't only sign packages. We also need to sign our repository metadata to prevent database falsification, dependency injection, etc. Add an '-s/--sign' option that allows this functionality, and will generate a .sig file side-by-side with the package database. While at it, fix the issue where a signature file would never be found because of 'cd' madness (this needs fixing in another commit). Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'scripts')
-rw-r--r--scripts/repo-add.sh.in23
1 files changed, 23 insertions, 0 deletions
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 70cfd63c..ebe226a1 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -30,6 +30,7 @@ confdir='@sysconfdir@'
QUIET=0
DELTA=0
WITHFILES=0
+SIGN=0
REPO_DB_FILE=
LOCKFILE=
CLEAN_LOCK=0
@@ -184,6 +185,24 @@ db_remove_delta()
return 1
} # end db_remove_delta
+# sign the package database once repackaged
+create_signature() {
+ (( ! SIGN )) && return
+ local dbfile="$1"
+ local ret=0
+ msg "$(gettext "Signing database...")"
+ if [ ! $(type -p "gpg") ]; then
+ error "$(gettext "Cannot find the gpg binary! Is gnupg installed?")"
+ exit 1 # $E_MISSING_PROGRAM
+ fi
+ gpg --detach-sign --use-agent "$dbfile" || ret=$?
+ if (( ! ret )); then
+ msg2 "$(gettext "Created signature file %s.")" "$dbfile.sig"
+ else
+ warning "$(gettext "Failed to sign package database.")"
+ fi
+}
+
# write an entry to the pacman database
# arg1 - path to package
db_write_entry()
@@ -488,6 +507,7 @@ for arg in "$@"; do
-q|--quiet) QUIET=1;;
-d|--delta) DELTA=1;;
-f|--files) WITHFILES=1;;
+ -s|--sign) SIGN=1;;
*)
if [[ -z $REPO_DB_FILE ]]; then
REPO_DB_FILE="$arg"
@@ -520,6 +540,7 @@ if (( success )); then
pushd "$tmpdir" >/dev/null
if [[ -n $(ls) ]]; then
bsdtar -c${TAR_OPT}f "$filename" *
+ create_signature "$filename"
else
# we have no packages remaining? zip up some emptyness
warning "$(gettext "No packages remain, creating empty database.")"
@@ -528,7 +549,9 @@ if (( success )); then
popd >/dev/null
[[ -f $REPO_DB_FILE ]] && mv -f "$REPO_DB_FILE" "${REPO_DB_FILE}.old"
+ [[ -f $REPO_DB_FILE.sig ]] && rm -f "$REPO_DB_FILE.sig"
[[ -f $tmpdir/$filename ]] && mv "$tmpdir/$filename" "$REPO_DB_FILE"
+ [[ -f $tmpdir/$filename.sig ]] && mv "$tmpdir/$filename.sig" "$REPO_DB_FILE.sig"
dblink="${REPO_DB_FILE%.tar.*}"
target=${REPO_DB_FILE##*/}
ln -sf "$target" "$dblink" 2>/dev/null || \