mirror of
https://github.com/genodelabs/genode.git
synced 2024-12-23 23:42:32 +00:00
verify: propagate error on corrupted .sig files
In case the signature file is corrupt, e.g. it could not be downloaded successfully, the gnupg code just prints an error message but will not return the error to the user. So we patch the code to return the error and check the value in the calling code.
This commit is contained in:
parent
65f1100453
commit
8dda68a1bd
@ -5,3 +5,5 @@ DOWNLOADS := gnupg.archive
|
||||
URL(gnupg) := https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$(VERSION).tar.bz2
|
||||
SHA(gnupg) := 732266e8888c6f41c084d043c7a0058332ff3580
|
||||
DIR(gnupg) := src/app/gnupg
|
||||
|
||||
PATCHES := src/app/verify/patches/verify.patch
|
||||
|
@ -121,18 +121,19 @@ enum Gnupg_verify_result gnupg_verify_detached_signature(char const *pubkey_path
|
||||
*/
|
||||
int const orig_errors_seen = g10_errors_seen;
|
||||
|
||||
|
||||
/*
|
||||
* Call into GnuPG to verify the data with a detached signature. The
|
||||
* 'verify_signatures' function indirectly calls 'get_pubkey' and
|
||||
* 'get_pubkeyblock', which hand out our '_pubkey_packet'.
|
||||
*/
|
||||
char *file_names[2] = { strdup(sig_path), strdup(data_path) };
|
||||
verify_signatures(ctrl, 2, file_names);
|
||||
int const err = verify_signatures(ctrl, 2, file_names);
|
||||
for (unsigned i = 0; i < 2; i++)
|
||||
free(file_names[i]);
|
||||
|
||||
return (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK
|
||||
: GNUPG_VERIFY_SIGNATURE_INVALID;
|
||||
return !err && (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK
|
||||
: GNUPG_VERIFY_SIGNATURE_INVALID;
|
||||
}
|
||||
|
||||
|
||||
|
11
repos/ports/src/app/verify/patches/verify.patch
Normal file
11
repos/ports/src/app/verify/patches/verify.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- src/app/gnupg/g10/verify.c.orig
|
||||
+++ src/app/gnupg/g10/verify.c
|
||||
@@ -116,7 +116,7 @@
|
||||
log_error(_("the signature could not be verified.\n"
|
||||
"Please remember that the signature file (.sig or .asc)\n"
|
||||
"should be the first file given on the command line.\n") );
|
||||
- rc = 0;
|
||||
+ rc = 1;
|
||||
}
|
||||
|
||||
leave:
|
Loading…
Reference in New Issue
Block a user