mirror of
https://github.com/moparisthebest/pacman
synced 2024-12-22 15:58:50 -05:00
signing.c: warn if time went backwards
GPG signatures have a timestamp which is checked and if it's in the future, verification will fail. Dan: slight wording change. Signed-off-by: Florian Pritz <bluewind@xinu.at>
This commit is contained in:
parent
89319b5bfd
commit
f7558856b1
@ -515,6 +515,11 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
|
|||||||
string_validity(gpgsig->validity),
|
string_validity(gpgsig->validity),
|
||||||
gpgme_strerror(gpgsig->validity_reason));
|
gpgme_strerror(gpgsig->validity_reason));
|
||||||
|
|
||||||
|
if((time_t)gpgsig->timestamp > time(NULL)) {
|
||||||
|
_alpm_log(handle, ALPM_LOG_WARNING,
|
||||||
|
_("System time is greater than signature timestamp.\n"));
|
||||||
|
}
|
||||||
|
|
||||||
result = siglist->results + sigcount;
|
result = siglist->results + sigcount;
|
||||||
err = gpgme_get_key(ctx, gpgsig->fpr, &key, 0);
|
err = gpgme_get_key(ctx, gpgsig->fpr, &key, 0);
|
||||||
if(gpg_err_code(err) == GPG_ERR_EOF) {
|
if(gpg_err_code(err) == GPG_ERR_EOF) {
|
||||||
|
Loading…
Reference in New Issue
Block a user