1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-22 15:58:50 -05:00

signing.c: warn if time went backwards

GPG signatures have a timestamp which is checked and if it's in the
future, verification will fail.

Dan: slight wording change.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
This commit is contained in:
Florian Pritz 2012-07-09 10:28:03 +02:00 committed by Dan McGee
parent 89319b5bfd
commit f7558856b1

View File

@ -515,6 +515,11 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
string_validity(gpgsig->validity), string_validity(gpgsig->validity),
gpgme_strerror(gpgsig->validity_reason)); gpgme_strerror(gpgsig->validity_reason));
if((time_t)gpgsig->timestamp > time(NULL)) {
_alpm_log(handle, ALPM_LOG_WARNING,
_("System time is greater than signature timestamp.\n"));
}
result = siglist->results + sigcount; result = siglist->results + sigcount;
err = gpgme_get_key(ctx, gpgsig->fpr, &key, 0); err = gpgme_get_key(ctx, gpgsig->fpr, &key, 0);
if(gpg_err_code(err) == GPG_ERR_EOF) { if(gpg_err_code(err) == GPG_ERR_EOF) {