jobcore/pacman/pacman-early-err-git.patch

55 lines
2 KiB
Diff
Raw Normal View History

2024-03-01 21:02:29 +01:00
From 3aa096a74f717d31650e0eb3cf34e9a5ebadc313 Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Mon, 22 Jan 2024 13:48:15 +0100
Subject: [PATCH] makepkg: Emit early error if signature verification fails
Emit an early error message if tag or commit verification with git or
detached signature verification with gpg fails.
Make `verify_file_signature()` and `verify_git_signature()` return
non-zero in this case and set errors to `1`, so that later checks
in `check_pgpsigs()`, although still run, can not lead to a positive
result.
Signed-off-by: David Runge <dvzrv@archlinux.org>
---
.../libmakepkg/integrity/verify_signature.sh.in | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
index 0c1547ee3..ca1d5a868 100644
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
@@ -157,7 +157,13 @@ verify_file_signature() {
"") decompress="cat" ;;
esac
- $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null
+ # verify the signature and write metadata to a status file
+ if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then
+ printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "gpg" >&2
+ errors=1
+ return 1
+ fi
+
return 0
}
@@ -189,7 +195,13 @@ verify_git_signature() {
printf " %s git repo ... " "${dir##*/}" >&2
- git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile" 2>&1
+ # verify the signature and write metadata to a status file
+ if ! git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile" 2>&1; then
+ printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "git" >&2
+ errors=1
+ return 1
+ fi
+
if ! grep -qs NEWSIG "$statusfile"; then
printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
errors=1
--
GitLab