diff options
author | Thierry Vignaud <tv@mageia.org> | 2012-08-24 11:17:00 +0000 |
---|---|---|
committer | Thierry Vignaud <tv@mageia.org> | 2012-08-24 11:17:00 +0000 |
commit | 93e333ecde929c31f9e5c85b94b31886194b51c1 (patch) | |
tree | c4c6ff1c50f388b6c10a6226ad665bd714348fb2 | |
parent | 24cac3777cc6d90dc68c890e86fb9303707ad470 (diff) | |
download | urpmi-93e333ecde929c31f9e5c85b94b31886194b51c1.tar urpmi-93e333ecde929c31f9e5c85b94b31886194b51c1.tar.gz urpmi-93e333ecde929c31f9e5c85b94b31886194b51c1.tar.bz2 urpmi-93e333ecde929c31f9e5c85b94b31886194b51c1.tar.xz urpmi-93e333ecde929c31f9e5c85b94b31886194b51c1.zip |
(_check) warn about missing signatures and ask whether to install or not
(in the case where a package is unsigned and came from media without
signatures)
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | urpm/signature.pm | 3 |
2 files changed, 5 insertions, 0 deletions
@@ -1,6 +1,8 @@ - decrease total package count when some files are missing - fix installing a package if user acks bogus signature (regression introduced in 7.0) +- security: + o warn about missing signatures on packages from media without signatures Version 7.3 - 24 August 2012 diff --git a/urpm/signature.pm b/urpm/signature.pm index 235867bf..7852e0f0 100644 --- a/urpm/signature.pm +++ b/urpm/signature.pm @@ -31,6 +31,9 @@ sub _check { if ($verif =~ /NOT OK/) { $verif =~ s/\n//g; $invalid_sources{$filepath} = N("Invalid signature (%s)", $verif); + } elsif ($verif =~ /OK \(\(none\)\)/ ) { + $verif =~ s/\n//g; + $invalid_sources{$filepath} = N("Missing signature (%s)", $verif); } else { unless ($medium && urpm::media::is_valid_medium($medium) && $medium->{start} <= $id && $id <= $medium->{end}) |