mirror of
https://github.com/moparisthebest/pacman
synced 2024-08-13 17:03:46 -04:00
Do not reuse old signature
After updating a database, remove the old signature to prevent it being used in validation if the new signature fails to download. Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
parent
38da050f31
commit
a8b22e16ef
@ -139,14 +139,21 @@ int SYMEXPORT alpm_db_update(int force, pmdb_t *db)
|
|||||||
|
|
||||||
/* Download and check the signature of the database if needed */
|
/* Download and check the signature of the database if needed */
|
||||||
if(db->pgp_verify != PM_PGP_VERIFY_NEVER) {
|
if(db->pgp_verify != PM_PGP_VERIFY_NEVER) {
|
||||||
char *sigfile;
|
char *sigfile, *sigfilepath;
|
||||||
int sigret;
|
int sigret;
|
||||||
|
|
||||||
len = strlen(dbfile) + 5;
|
len = strlen(dbfile) + 5;
|
||||||
MALLOC(sigfile, len, RET_ERR(PM_ERR_MEMORY, -1));
|
MALLOC(sigfile, len, RET_ERR(PM_ERR_MEMORY, -1));
|
||||||
sprintf(sigfile, "%s.sig", dbfile);
|
sprintf(sigfile, "%s.sig", dbfile);
|
||||||
|
|
||||||
sigret = _alpm_download_single_file(sigfile, db->servers, syncpath, 1);
|
/* prevent old signature being used if the following download fails */
|
||||||
|
len = strlen(syncpath) + strlen(sigfile) + 1;
|
||||||
|
MALLOC(sigfilepath, len, RET_ERR(PM_ERR_MEMORY, -1));
|
||||||
|
sprintf(sigfilepath, "%s%s", syncpath, sigfile);
|
||||||
|
_alpm_rmrf(sigfilepath);
|
||||||
|
free(sigfilepath);
|
||||||
|
|
||||||
|
sigret = _alpm_download_single_file(sigfile, db->servers, syncpath, 0);
|
||||||
free(sigfile);
|
free(sigfile);
|
||||||
|
|
||||||
if(sigret == -1 && db->pgp_verify == PM_PGP_VERIFY_ALWAYS) {
|
if(sigret == -1 && db->pgp_verify == PM_PGP_VERIFY_ALWAYS) {
|
||||||
|
@ -147,7 +147,7 @@ int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig)
|
|||||||
err = gpgme_op_verify(ctx, sigdata, filedata, NULL);
|
err = gpgme_op_verify(ctx, sigdata, filedata, NULL);
|
||||||
CHECK_ERR();
|
CHECK_ERR();
|
||||||
result = gpgme_op_verify_result(ctx);
|
result = gpgme_op_verify_result(ctx);
|
||||||
gpgsig = result->signatures;
|
gpgsig = result->signatures;
|
||||||
if (!gpgsig || gpgsig->next) {
|
if (!gpgsig || gpgsig->next) {
|
||||||
_alpm_log(PM_LOG_ERROR, _("Unexpected number of signatures\n"));
|
_alpm_log(PM_LOG_ERROR, _("Unexpected number of signatures\n"));
|
||||||
ret = -1;
|
ret = -1;
|
||||||
|
Loading…
Reference in New Issue
Block a user