From 68a12cd37e94aa18180b0e888ca4330fcd687054 Mon Sep 17 00:00:00 2001
From: Thierry Vignaud <tv@mageia.org>
Date: Fri, 24 Aug 2012 11:17:02 +0000
Subject: (_check) log when signature checking is disabled per medium

---
 NEWS              | 1 +
 urpm/signature.pm | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/NEWS b/NEWS
index a5083434..237fb73a 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@
   (regression introduced in 7.0)
 - security:
   o warn about missing signatures on packages from media without signatures
+  o warn when signature checking is disabled per medium
 
 Version 7.3 - 24 August 2012
 
diff --git a/urpm/signature.pm b/urpm/signature.pm
index 7852e0f0..b70f5a99 100644
--- a/urpm/signature.pm
+++ b/urpm/signature.pm
@@ -47,6 +47,10 @@ sub _check {
 	    #- no medium found for this rpm ?
 	    next if !$medium;
 	    #- check whether verify-rpm is specifically disabled for this medium
+	    if (defined $medium->{'verify-rpm'} && !$medium->{'verify-rpm'}) {
+		$urpm->{log}(N("NOT checking %s\n", $filepath));
+		next;
+	    }
 	    next if defined $medium->{'verify-rpm'} && !$medium->{'verify-rpm'};
 
 	    my $key_ids = $medium->{'key-ids'} || $urpm->{options}{'key-ids'};
-- 
cgit v1.2.1