[pacman-dev] [PATCH 3/3] libmakepkg: Implement extendable signature verification

Eli Schwartz eschwartz at archlinux.org
Tue May 29 04:30:56 UTC 2018


Lookup the existence of matching functions for each protocol, and
fallback on the generic file handler. New verification protocols can
then be added via thirdparty libmakepkg drop-ins without requiring
modifications to verify_signature.sh

Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
---
 scripts/libmakepkg/integrity/verify_signature.sh.in | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
index 38f8afa1..3fa5cd53 100644
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
@@ -49,8 +49,8 @@ check_pgpsigs() {
 	for netfile in "${all_sources[@]}"; do
 		proto="$(get_protocol "$netfile")"
 
-		if [[ $proto = git ]]; then
-			verify_git_signature "$netfile" "$statusfile" || continue
+		if declare -f verify_${proto}_signature > /dev/null; then
+			verify_${proto}_signature "$netfile" "$statusfile" || continue
 		else
 			verify_file_signature "$netfile" "$statusfile" || continue
 		fi
@@ -263,7 +263,8 @@ source_has_signatures() {
 		proto="$(get_protocol "$netfile")"
 		query=$(get_uri_query "$netfile")
 
-		if [[ ${netfile%%::*} = *.@(sig?(n)|asc) || ( $proto = git && $query = signed ) ]]; then
+		if [[ ${netfile%%::*} = *.@(sig?(n)|asc) ]] || \
+				( declare -f verify_${proto}_signature > /dev/null && [[ $query = signed ]] ); then
 			return 0
 		fi
 	done
-- 
2.17.0


More information about the pacman-dev mailing list