summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThierry Vignaud <tv@mageia.org>2012-08-31 16:44:28 +0000
committerThierry Vignaud <tv@mageia.org>2012-08-31 16:44:28 +0000
commitb859aef11d27e9a2f496436449013b252aee098a (patch)
tree61c698be16b2948a8938ee0cadcf44fa588b58ec
parent3ccb8f6d26f9ae146b863a16a02863497612fc2c (diff)
downloadurpmi-b859aef11d27e9a2f496436449013b252aee098a.tar
urpmi-b859aef11d27e9a2f496436449013b252aee098a.tar.gz
urpmi-b859aef11d27e9a2f496436449013b252aee098a.tar.bz2
urpmi-b859aef11d27e9a2f496436449013b252aee098a.tar.xz
urpmi-b859aef11d27e9a2f496436449013b252aee098a.zip
(_check) honor per medium "verify-rpm" option for missing signature check
aka do not check too early about unsigned packages (missing signatures) (fix testsuite, regression introduced in commit r5393) rationale: we wanted to warn about missing signatures on packages from media without signatures, but in doing so we did it too early before the 'verify-rpm' option check since we already have a check after (when we have a medium key), we can just check here for packages that do not came from any mirror (which we would have skiped just after)
-rw-r--r--NEWS2
-rw-r--r--urpm/signature.pm11
2 files changed, 9 insertions, 4 deletions
diff --git a/NEWS b/NEWS
index 6dc39918..44403d9b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,6 @@
- fix testsuite
+- security:
+ o honor per medium "verify-rpm" option for missing signature check
- unrequested package list management (for orphans) (mga#7167):
o do not wrongly tell we updated the unrequested package list when we didn't
(eg: when not having the proper rights such as running urpmq as !root)
diff --git a/urpm/signature.pm b/urpm/signature.pm
index f75b9bd6..5d723c6b 100644
--- a/urpm/signature.pm
+++ b/urpm/signature.pm
@@ -31,9 +31,6 @@ sub _check {
if ($verif =~ /NOT OK/) {
$verif =~ s/\n//g;
$invalid_sources{$filepath} = N("Invalid signature (%s)", $verif);
- } elsif ($verif =~ /OK \(\(none\)\)/) {
- $verif =~ s/\n//g;
- $invalid_sources{$filepath} = N("Missing signature (%s)", $verif);
} else {
unless ($medium && urpm::media::is_valid_medium($medium) &&
$medium->{start} <= $id && $id <= $medium->{end})
@@ -45,7 +42,13 @@ sub _check {
}
}
#- no medium found for this rpm ?
- next if !$medium;
+ if (!$medium) {
+ if ($verif =~ /OK \(\(none\)\)/) {
+ $verif =~ s/\n//g;
+ $invalid_sources{$filepath} = N("Missing signature (%s)", $verif);
+ }
+ next;
+ }
#- check whether verify-rpm is specifically disabled for this medium
if (defined $medium->{'verify-rpm'} && !$medium->{'verify-rpm'}) {
$urpm->{log}(N("NOT checking %s\n", $filepath));