summaryrefslogtreecommitdiff
path: root/db-functions
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2011-04-02 13:19:05 +0200
committerPierre Schmitz <pierre@archlinux.de>2011-04-02 13:19:05 +0200
commit1ce0c6368d0908e25f9bd1bb8183b5f29053fac8 (patch)
tree225c1d19b42c5b4a5d9319adb49bfece95a49952 /db-functions
parenta7b293ad4d819fa77592818af27f7c2a3b9b2ca4 (diff)
Add simple checks for handling signed packages
In addition to this dbscripts wont accept unsigned pacakges when REQUIRE_SIGNATURE is set to true. Note: At this point no signature verification is performed at all.
Diffstat (limited to 'db-functions')
-rw-r--r--db-functions10
1 files changed, 10 insertions, 0 deletions
diff --git a/db-functions b/db-functions
index b469039..a3e2168 100644
--- a/db-functions
+++ b/db-functions
@@ -284,6 +284,9 @@ getpkgfile() {
elif [ ! -f "${1}" ]; then
error "Package ${1} not found!"
exit 1
+ elif ${REQUIRE_SIGNATURE} && [ ! -f "${1}.sig" ]; then
+ error "Package signature ${1}.sig not found!"
+ exit 1
fi
echo ${1}
@@ -300,6 +303,9 @@ getpkgfiles() {
if [ ! -f "${f}" ]; then
error "Package ${f} not found!"
exit 1
+ elif ${REQUIRE_SIGNATURE} && [ ! -f "${f}.sig" ]; then
+ error "Package signature ${f}.sig not found!"
+ exit 1
fi
done
@@ -411,14 +417,18 @@ check_pkgrepos() {
[ $? -ge 1 ] && return 1
[ -f "${FTP_BASE}/${PKGPOOL}/${pkgname}-${pkgver}-${pkgarch}"${PKGEXT} ] && return 1
+ [ -f "${FTP_BASE}/${PKGPOOL}/${pkgname}-${pkgver}-${pkgarch}"${PKGEXT}.sig ] && return 1
[ -f "${FTP_BASE}/${PKGPOOL}/$(basename ${pkgfile})" ] && return 1
+ [ -f "${FTP_BASE}/${PKGPOOL}/$(basename ${pkgfile}).sig" ] && return 1
local repo
local arch
for repo in ${PKGREPOS[@]}; do
for arch in ${ARCHES[@]}; do
[ -f "${FTP_BASE}/${repo}/os/${arch}/${pkgname}-${pkgver}-${pkgarch}"${PKGEXT} ] && return 1
+ [ -f "${FTP_BASE}/${repo}/os/${arch}/${pkgname}-${pkgver}-${pkgarch}"${PKGEXT}.sig ] && return 1
[ -f "${FTP_BASE}/${repo}/os/${arch}/$(basename ${pkgfile})" ] && return 1
+ [ -f "${FTP_BASE}/${repo}/os/${arch}/$(basename ${pkgfile}).sig" ] && return 1
done
done