[pacman-dev] [PATCH 0/4] Add signature check for local packages

Rémy Oudompheng remyoudompheng at gmail.com
Thu Apr 21 02:35:50 EDT 2011

Packages added from local files are not checked currently.
These patches also introduce changes in the handling
of PM_PGP_VERIFY_UNKNOWN that are not really convincing.
We could skip these changes and just apply the other patches,
however we should probably give some thoughts about that.

Making the check level into an argument of the check function
could also be an option.

Rémy Oudompheng (4):
  sync.c: remove duplicated code for integrity check failures
  handle.c: force sigverify level not to be PM_PGP_VERIFY_UNKNOWN
  sync.c: remove unnecessary check for PM_PGP_VERIFY_UNKNOWN
  sync.c: also check signatures for packages loaded from files

 lib/libalpm/handle.c |    1 +
 lib/libalpm/sync.c   |   58 +++++++++++++++++++++++++-------------------------
 2 files changed, 30 insertions(+), 29 deletions(-)


More information about the pacman-dev mailing list