aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Ciaran McCreesh <ciaran.mccreesh@googlemail.com> 2006-11-04 01:39:40 +0000
committerAvatar Ciaran McCreesh <ciaran.mccreesh@googlemail.com> 2006-11-04 01:39:40 +0000
commitcfbc5f8f04f6131e6f9b148b8706961b28390a14 (patch)
treef37045854acd5936a147cb91ceeaf21bec1c7011
parent89d4afdfb048dae7a9b3ff476b5f8f911b9e3b93 (diff)
downloadpaludis-cfbc5f8f04f6131e6f9b148b8706961b28390a14.tar.gz
paludis-cfbc5f8f04f6131e6f9b148b8706961b28390a14.tar.xz
Distinguish between bad, unsigned and unknown signatures
-rw-r--r--paludis/qa/gpg_check.cc47
1 files changed, 37 insertions, 10 deletions
diff --git a/paludis/qa/gpg_check.cc b/paludis/qa/gpg_check.cc
index c93e2cc..c4318fb 100644
--- a/paludis/qa/gpg_check.cc
+++ b/paludis/qa/gpg_check.cc
@@ -20,12 +20,12 @@
#include <paludis/qa/gpg_check.hh>
#include <paludis/util/system.hh>
#include <paludis/util/fd_holder.hh>
-
-#include <iostream>
+#include <fstream>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
+#include <pcre++.h>
using namespace paludis;
using namespace paludis::qa;
@@ -38,17 +38,44 @@ CheckResult
GPGCheck::operator() (const FSEntry & d) const
{
CheckResult result(d, identifier());
- FSEntry manifest(d / "Manifest");
- FDHolder dev_null(::open("/dev/null", O_WRONLY));
- set_run_command_stdout_fds(dev_null, -1);
- set_run_command_stderr_fds(dev_null, -1);
+ if (! (d / "Manifest").is_regular_file())
+ {
+ result << Message(qal_major, "No Manifest");
+ return result;
+ }
+
+ static pcrepp::Pcre::Pcre r_is_signed("^-----BEGIN PGP SIGNED MESSAGE-----");
+ bool is_signed(false);
+ {
+ std::ifstream ff(stringify(d / "Manifest").c_str());
+ if (! ff)
+ result << Message(qal_major, "Can't read file");
+ else
+ {
+ std::string s;
+ while ((! is_signed) && std::getline(ff, s))
+ if (r_is_signed.search(s))
+ is_signed = true;
+ }
+ }
+
+ if (is_signed)
+ {
+ FSEntry manifest(d / "Manifest");
+ FDHolder dev_null(::open("/dev/null", O_WRONLY));
+
+ set_run_command_stdout_fds(dev_null, -1);
+ set_run_command_stderr_fds(dev_null, -1);
- int status(run_command("gpg --verify " + stringify(manifest)));
+ int status(run_command("gpg --verify " + stringify(manifest)));
- if (1 == status)
- result << Message(qal_major, "Broken Manifest signature");
- else if (2 == status)
+ if (1 == status)
+ result << Message(qal_major, "Broken Manifest signature");
+ else if (2 == status)
+ result << Message(qal_maybe, "Manifest signature cannot be verified");
+ }
+ else
result << Message(qal_minor, "Manifest not signed");
return result;