diff options
| -rwxr-xr-x | gurpmi2 | 3 | ||||
| -rw-r--r-- | urpm.pm | 65 | ||||
| -rw-r--r-- | urpm/signature.pm | 75 | ||||
| -rwxr-xr-x | urpmi | 3 |
4 files changed, 79 insertions, 67 deletions
@@ -14,6 +14,7 @@ BEGIN { #- set up a safe path and environment use gurpmi; use urpm::install; use urpm::media; +use urpm::signature; use Gtk2; #- GUI globals @@ -259,7 +260,7 @@ sub do_install_3 () { ); my %transaction_sources_install = %{$urpm->extract_packages_to_install(\%transaction_sources, $state) || {}}; if ($urpm->{options}{'verify-rpm'} || grep { $_->{'verify-rpm'} } @{$urpm->{media}}) { - my @bad_signatures = $urpm->check_sources_signatures(\%transaction_sources_install, \%transaction_sources); + my @bad_signatures = urpm::signature::check($urpm, \%transaction_sources_install, \%transaction_sources); if (@bad_signatures) { ask_continue_blocking(N( "The following packages have bad signatures:\n%s\n\nDo you want to continue installation ?", @@ -848,71 +848,6 @@ sub translate_why_removed_one { $fullname . ($s ? "\n ($s)" : ''); } -#- options: callback, basename -sub check_sources_signatures { - my ($urpm, $sources_install, $sources, %options) = @_; - sort(_check_sources_signatures($urpm, $sources_install, %options), - _check_sources_signatures($urpm, $sources, %options)); -} -sub _check_sources_signatures { - my ($urpm, $sources, %options) = @_; - my ($medium, %invalid_sources); - - foreach my $id (keys %$sources) { - my $filepath = $sources->{$id}; - my $verif = URPM::verify_signature($filepath); - - if ($verif =~ /NOT OK/) { - $verif =~ s/\n//g; - $invalid_sources{$filepath} = N("Invalid signature (%s)", $verif); - } else { - unless ($medium && urpm::media::is_valid_medium($medium) && - $medium->{start} <= $id && $id <= $medium->{end}) - { - $medium = undef; - foreach (@{$urpm->{media}}) { - urpm::media::is_valid_medium($_) && $_->{start} <= $id && $id <= $_->{end} - and $medium = $_, last; - } - } - #- no medium found for this rpm ? - next if !$medium; - #- check whether verify-rpm is specifically disabled for this medium - next if defined $medium->{'verify-rpm'} && !$medium->{'verify-rpm'}; - - my $key_ids = $medium->{'key-ids'} || $urpm->{options}{'key-ids'}; - #- check that the key ids of the medium match the key ids of the package. - if ($key_ids) { - my $valid_ids = 0; - my $invalid_ids = 0; - - foreach my $key_id ($verif =~ /(?:key id \w{8}|#)(\w+)/gi) { - if (grep { hex($_) == hex($key_id) } split /[,\s]+/, $key_ids) { - ++$valid_ids; - } else { - ++$invalid_ids; - } - } - - if ($invalid_ids) { - $invalid_sources{$filepath} = N("Invalid Key ID (%s)", $verif); - } elsif (!$valid_ids) { - $invalid_sources{$filepath} = N("Missing signature (%s)", $verif); - } - } - #- invoke check signature callback. - $options{callback} and $options{callback}->( - $urpm, $filepath, - id => $id, - verif => $verif, - why => $invalid_sources{$filepath}, - ); - } - } - map { ($options{basename} ? basename($_) : $_) . ": $invalid_sources{$_}" } - keys %invalid_sources; -} - #- get reason of update for packages to be updated #- use all update medias if none given sub get_updates_description { diff --git a/urpm/signature.pm b/urpm/signature.pm new file mode 100644 index 00000000..88f272c8 --- /dev/null +++ b/urpm/signature.pm @@ -0,0 +1,75 @@ +package urpm::signature; + +# $Id$ + +use urpm::msg; +use urpm::media; +use urpm::util; + + +#- options: callback, basename +sub check { + my ($urpm, $sources_install, $sources, %options) = @_; + sort(_check($urpm, $sources_install, %options), + _check($urpm, $sources, %options)); +} +sub _check { + my ($urpm, $sources, %options) = @_; + my ($medium, %invalid_sources); + + foreach my $id (keys %$sources) { + my $filepath = $sources->{$id}; + my $verif = URPM::verify_signature($filepath); + + if ($verif =~ /NOT OK/) { + $verif =~ s/\n//g; + $invalid_sources{$filepath} = N("Invalid signature (%s)", $verif); + } else { + unless ($medium && urpm::media::is_valid_medium($medium) && + $medium->{start} <= $id && $id <= $medium->{end}) + { + $medium = undef; + foreach (@{$urpm->{media}}) { + urpm::media::is_valid_medium($_) && $_->{start} <= $id && $id <= $_->{end} + and $medium = $_, last; + } + } + #- no medium found for this rpm ? + next if !$medium; + #- check whether verify-rpm is specifically disabled for this medium + next if defined $medium->{'verify-rpm'} && !$medium->{'verify-rpm'}; + + my $key_ids = $medium->{'key-ids'} || $urpm->{options}{'key-ids'}; + #- check that the key ids of the medium match the key ids of the package. + if ($key_ids) { + my $valid_ids = 0; + my $invalid_ids = 0; + + foreach my $key_id ($verif =~ /(?:key id \w{8}|#)(\w+)/gi) { + if (grep { hex($_) == hex($key_id) } split /[,\s]+/, $key_ids) { + ++$valid_ids; + } else { + ++$invalid_ids; + } + } + + if ($invalid_ids) { + $invalid_sources{$filepath} = N("Invalid Key ID (%s)", $verif); + } elsif (!$valid_ids) { + $invalid_sources{$filepath} = N("Missing signature (%s)", $verif); + } + } + #- invoke check signature callback. + $options{callback} and $options{callback}->( + $urpm, $filepath, + id => $id, + verif => $verif, + why => $invalid_sources{$filepath}, + ); + } + } + map { ($options{basename} ? basename($_) : $_) . ": $invalid_sources{$_}" } + keys %invalid_sources; +} + +1; @@ -25,6 +25,7 @@ use urpm::args; use urpm::msg; use urpm::install; use urpm::media; +use urpm::signature; use urpm::util qw(untaint difference2 member); #- contains informations to parse installed system. @@ -641,7 +642,7 @@ foreach my $set (@{$state->{transaction} || []}) { my %transaction_sources_install = %{$urpm->extract_packages_to_install(\%transaction_sources, $state) || {}}; if (!$force && ($urpm->{options}{'verify-rpm'} || grep { $_->{'verify-rpm'} } @{$urpm->{media}})) { - my @bad_signatures = $urpm->check_sources_signatures(\%transaction_sources_install, \%transaction_sources); + my @bad_signatures = urpm::signature::check($urpm, \%transaction_sources_install, \%transaction_sources); if (@bad_signatures) { my $msg = N("The following packages have bad signatures"); |