diff options
author | Thierry Vignaud <tv@mageia.org> | 2012-08-31 16:44:28 +0000 |
---|---|---|
committer | Thierry Vignaud <tv@mageia.org> | 2012-08-31 16:44:28 +0000 |
commit | b859aef11d27e9a2f496436449013b252aee098a (patch) | |
tree | 61c698be16b2948a8938ee0cadcf44fa588b58ec | |
parent | 3ccb8f6d26f9ae146b863a16a02863497612fc2c (diff) | |
download | urpmi-b859aef11d27e9a2f496436449013b252aee098a.tar urpmi-b859aef11d27e9a2f496436449013b252aee098a.tar.gz urpmi-b859aef11d27e9a2f496436449013b252aee098a.tar.bz2 urpmi-b859aef11d27e9a2f496436449013b252aee098a.tar.xz urpmi-b859aef11d27e9a2f496436449013b252aee098a.zip |
(_check) honor per medium "verify-rpm" option for missing signature check
aka do not check too early about unsigned packages (missing signatures)
(fix testsuite, regression introduced in commit r5393)
rationale:
we wanted to warn about missing signatures on packages from media
without signatures, but in doing so we did it too early before the
'verify-rpm' option check
since we already have a check after (when we have a medium key), we can
just check here for packages that do not came from any mirror (which we
would have skiped just after)
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | urpm/signature.pm | 11 |
2 files changed, 9 insertions, 4 deletions
@@ -1,4 +1,6 @@ - fix testsuite +- security: + o honor per medium "verify-rpm" option for missing signature check - unrequested package list management (for orphans) (mga#7167): o do not wrongly tell we updated the unrequested package list when we didn't (eg: when not having the proper rights such as running urpmq as !root) diff --git a/urpm/signature.pm b/urpm/signature.pm index f75b9bd6..5d723c6b 100644 --- a/urpm/signature.pm +++ b/urpm/signature.pm @@ -31,9 +31,6 @@ sub _check { if ($verif =~ /NOT OK/) { $verif =~ s/\n//g; $invalid_sources{$filepath} = N("Invalid signature (%s)", $verif); - } elsif ($verif =~ /OK \(\(none\)\)/) { - $verif =~ s/\n//g; - $invalid_sources{$filepath} = N("Missing signature (%s)", $verif); } else { unless ($medium && urpm::media::is_valid_medium($medium) && $medium->{start} <= $id && $id <= $medium->{end}) @@ -45,7 +42,13 @@ sub _check { } } #- no medium found for this rpm ? - next if !$medium; + if (!$medium) { + if ($verif =~ /OK \(\(none\)\)/) { + $verif =~ s/\n//g; + $invalid_sources{$filepath} = N("Missing signature (%s)", $verif); + } + next; + } #- check whether verify-rpm is specifically disabled for this medium if (defined $medium->{'verify-rpm'} && !$medium->{'verify-rpm'}) { $urpm->{log}(N("NOT checking %s\n", $filepath)); |