[pacman-dev] [PATCH 3/3] libmakepkg: Implement extendable signature verification
Eli Schwartz
eschwartz at archlinux.org
Tue May 29 04:30:56 UTC 2018
Lookup the existence of matching functions for each protocol, and
fallback on the generic file handler. New verification protocols can
then be added via thirdparty libmakepkg drop-ins without requiring
modifications to verify_signature.sh
Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
---
scripts/libmakepkg/integrity/verify_signature.sh.in | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
index 38f8afa1..3fa5cd53 100644
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
@@ -49,8 +49,8 @@ check_pgpsigs() {
for netfile in "${all_sources[@]}"; do
proto="$(get_protocol "$netfile")"
- if [[ $proto = git ]]; then
- verify_git_signature "$netfile" "$statusfile" || continue
+ if declare -f verify_${proto}_signature > /dev/null; then
+ verify_${proto}_signature "$netfile" "$statusfile" || continue
else
verify_file_signature "$netfile" "$statusfile" || continue
fi
@@ -263,7 +263,8 @@ source_has_signatures() {
proto="$(get_protocol "$netfile")"
query=$(get_uri_query "$netfile")
- if [[ ${netfile%%::*} = *.@(sig?(n)|asc) || ( $proto = git && $query = signed ) ]]; then
+ if [[ ${netfile%%::*} = *.@(sig?(n)|asc) ]] || \
+ ( declare -f verify_${proto}_signature > /dev/null && [[ $query = signed ]] ); then
return 0
fi
done
--
2.17.0
More information about the pacman-dev
mailing list