From 9beeac9f37b45a15cc7ce58babafec289dabf606 Mon Sep 17 00:00:00 2001 From: Duncan Mac-Vicar P Date: Tue, 18 Apr 2006 15:53:27 +0000 Subject: [PATCH] When the signature is not found, warn the user about a unsigned source. When the key is not found, do nothing, it can be in the keyring already. see: https://bugzilla.novell.com/show_bug.cgi?id=166016 --- zypp/KeyRing.cc | 5 ++-- zypp/source/susetags/SuseTagsImpl.cc | 51 +++++++++++++----------------------- 2 files changed, 20 insertions(+), 36 deletions(-) diff --git a/zypp/KeyRing.cc b/zypp/KeyRing.cc index 95c0108..918f1cd 100644 --- a/zypp/KeyRing.cc +++ b/zypp/KeyRing.cc @@ -229,12 +229,11 @@ namespace zypp callback::SendReport emitSignal; MIL << "Going to verify signature for " << file << " with " << signature << std::endl; - if( signature.empty() ) + // if signature does not exists, ask user if he wants to accept unsigned file. + if( signature.empty() || (!PathInfo(signature).isExist()) ) { bool res = report->askUserToAcceptUnsignedFile( file ); - MIL << "User decision on unsigned file: " << res << endl; - return res; } diff --git a/zypp/source/susetags/SuseTagsImpl.cc b/zypp/source/susetags/SuseTagsImpl.cc index 7d7f2da..f1e6ab1 100644 --- a/zypp/source/susetags/SuseTagsImpl.cc +++ b/zypp/source/susetags/SuseTagsImpl.cc @@ -378,50 +378,35 @@ namespace zypp _content_file_key = provideFile( _path + "content.key"); else if (filename == "content.asc") _content_file_sig = provideFile( _path + "content.asc"); + + // if they not exists both will be Pathname() } } - // now check signature of content file. - if (PathInfo(_content_file_sig).isExist() && PathInfo(_content_file_key).isExist() ) + ZYpp::Ptr z = getZYpp(); + // import content.key if it exists + if ( PathInfo(_content_file_key).isExist() ) { - MIL << "SuseTags source: checking 'content' file vailidity using digital signature.." << endl; - // can verify signature - ZYpp::Ptr z = getZYpp(); - // import it to the untrusted keyring. z->keyRing()->importKey(_content_file_key, false); - - // import the gpg-* keys - std::list otherkeys = publicKeys(); - for ( std::list::const_iterator it = otherkeys.begin(); it != otherkeys.end(); ++it) - { - Pathname key = *it; - z->keyRing()->importKey(key, false); - } - - // verify the content file - bool valid = z->keyRing()->verifyFileSignatureWorkflow( _content_file, _content_file_sig); - - // the source is not valid and the user did not want to continue - if (!valid) - ZYPP_THROW (Exception( "Error. Source signature does not validate and user does not want to continue. ")); } - else if (!PathInfo(_content_file_sig).isExist() && !PathInfo(_content_file_key).isExist() ) - { - // old source? - - // verify the content file anyway (with empty signature) - bool valid = getZYpp()->keyRing()->verifyFileSignatureWorkflow( _content_file, Pathname() ); - // the source is not valid and the user did not want to continue - if (!valid) - ZYPP_THROW (Exception( "Error. Source signature does not validate and user does not want to continue. ")); - } - else + // import the gpg-* keys + std::list otherkeys = publicKeys(); + for ( std::list::const_iterator it = otherkeys.begin(); it != otherkeys.end(); ++it) { - ZYPP_THROW (Exception( "Error. New source format with crypto verification. But either key or signature is missing. ") ); + Pathname key = *it; + z->keyRing()->importKey(key, false); } + MIL << "SuseTags source: checking 'content' file vailidity using digital signature.." << endl; + // verify the content file + bool valid = z->keyRing()->verifyFileSignatureWorkflow( _content_file, _content_file_sig); + + // the source is not valid and the user did not want to continue + if (!valid) + ZYPP_THROW (Exception( "Error. Source signature does not validate and user does not want to continue. ")); + SourceFactory factory; try { -- 2.7.4