Skip to content

Commit

Permalink
Merge pull request #3764 from lucab/lucab/to-upstream/pull-3
Browse files Browse the repository at this point in the history
Use gpgv for signature verification in cargo
  • Loading branch information
catamorphism committed Oct 17, 2012
2 parents f5e71f5 + 01aaeef commit 5cf0c65
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 31 deletions.
37 changes: 18 additions & 19 deletions src/cargo/cargo.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1162,20 +1162,20 @@ fn sync_one_file(c: &Cargo, dir: &Path, src: @Source) -> bool {
}
match (src.key, src.keyfp) {
(Some(_), Some(f)) => {
let r = pgp::verify(&c.root, &pkgfile, &sigfile, f);
let r = pgp::verify(&c.root, &pkgfile, &sigfile);

if !r {
error(fmt!("signature verification failed for source %s",
name));
error(fmt!("signature verification failed for source %s with key %s",
name, f));
return false;
}

if has_src_file {
let e = pgp::verify(&c.root, &srcfile, &srcsigfile, f);
let e = pgp::verify(&c.root, &srcfile, &srcsigfile);

if !e {
error(fmt!("signature verification failed for source %s",
name));
error(fmt!("signature verification failed for source %s with key %s",
name, f));
return false;
}
}
Expand Down Expand Up @@ -1273,21 +1273,21 @@ fn sync_one_git(c: &Cargo, dir: &Path, src: @Source) -> bool {
}
match (src.key, src.keyfp) {
(Some(_), Some(f)) => {
let r = pgp::verify(&c.root, &pkgfile, &sigfile, f);
let r = pgp::verify(&c.root, &pkgfile, &sigfile);

if !r {
error(fmt!("signature verification failed for source %s",
name));
error(fmt!("signature verification failed for source %s with key %s",
name, f));
rollback(name, dir, false);
return false;
}

if has_src_file {
let e = pgp::verify(&c.root, &srcfile, &srcsigfile, f);
let e = pgp::verify(&c.root, &srcfile, &srcsigfile);

if !e {
error(fmt!("signature verification failed for source %s",
name));
error(fmt!("signature verification failed for source %s with key %s",
name, f));
rollback(name, dir, false);
return false;
}
Expand Down Expand Up @@ -1370,11 +1370,11 @@ fn sync_one_curl(c: &Cargo, dir: &Path, src: @Source) -> bool {
return false;
}

let r = pgp::verify(&c.root, &pkgfile, &sigfile, f);
let r = pgp::verify(&c.root, &pkgfile, &sigfile);

if !r {
error(fmt!("signature verification failed for source %s",
name));
error(fmt!("signature verification failed for source %s with key %s",
name, f));
return false;
}

Expand All @@ -1390,11 +1390,11 @@ fn sync_one_curl(c: &Cargo, dir: &Path, src: @Source) -> bool {
return false;
}

let e = pgp::verify(&c.root, &srcfile, &srcsigfile, f);
let e = pgp::verify(&c.root, &srcfile, &srcsigfile);

if !e {
error(~"signature verification failed for " +
~"source " + name);
~"source " + name + ~" with key " + f);
return false;
}
}
Expand Down Expand Up @@ -1463,8 +1463,7 @@ fn cmd_init(c: &Cargo) {
return;
}

let r = pgp::verify(&c.root, &srcfile, &sigfile,
pgp::signing_key_fp());
let r = pgp::verify(&c.root, &srcfile, &sigfile);
if !r {
error(fmt!("signature verification failed for '%s'",
srcfile.to_str()));
Expand Down
23 changes: 11 additions & 12 deletions src/cargo/pgp.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
fn gpg(args: ~[~str]) -> { status: int, out: ~str, err: ~str } {
return run::program_output(~"gpg", args);
fn gpgv(args: ~[~str]) -> { status: int, out: ~str, err: ~str } {
return run::program_output(~"gpgv", args);
}

fn signing_key() -> ~str {
Expand Down Expand Up @@ -59,7 +59,7 @@ fn signing_key_fp() -> ~str {
}

fn supported() -> bool {
let r = gpg(~[~"--version"]);
let r = gpgv(~[~"--version"]);
r.status == 0
}

Expand Down Expand Up @@ -88,15 +88,14 @@ fn add(root: &Path, key: &Path) {
}
}
fn verify(root: &Path, data: &Path, sig: &Path, keyfp: ~str) -> bool {
fn verify(root: &Path, data: &Path, sig: &Path) -> bool {
let path = root.push("gpg");
let p = gpg(~[~"--homedir", path.to_str(),
~"--with-fingerprint",
~"--verify", sig.to_str(),
data.to_str()]);
let res = ~"Primary key fingerprint: " + keyfp;
for str::split_char_each(p.err, '\n') |line| {
if line == res { return true; }
let res = gpgv(~[~"--homedir", path.to_str(),
~"--keyring", ~"pubring.gpg",
~"--verbose",
sig.to_str(), data.to_str()]);
if res.status != 0 {
return false;
}
return false;
return true;
}

0 comments on commit 5cf0c65

Please sign in to comment.