texlive[50689] Master: finish support of expired key warnings

commits+preining at tug.org commits+preining at tug.org
Mon Apr 1 16:29:23 CEST 2019


Revision: 50689
          http://tug.org/svn/texlive?view=revision&revision=50689
Author:   preining
Date:     2019-04-01 16:29:23 +0200 (Mon, 01 Apr 2019)
Log Message:
-----------
finish support of expired key warnings

Modified Paths:
--------------
    trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl
    trunk/Master/tlpkg/TeXLive/TLCrypto.pm
    trunk/Master/tlpkg/TeXLive/TLPDB.pm

Modified: trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl
===================================================================
--- trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl	2019-04-01 14:29:12 UTC (rev 50688)
+++ trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl	2019-04-01 14:29:23 UTC (rev 50689)
@@ -6906,6 +6906,9 @@
         # TODO should we die here? Probably yes because one of 
         # checksum file or signature file has changed!
         tldie("$prg: verification of checksum for $location failed: $msg\n");
+      } elsif ($ret == $VS_EXPKEYSIG) {
+        # do nothing, try to get new tlpdb and hope sig is better?
+        debug("$prg: gpg key expired, continuing anyway!\n");
       } elsif ($ret == $VS_VERIFIED) {
         $remotetlpdb = TeXLive::TLPDB->new(root => $location,
           tlpdbfile => $loc_copy_of_remote_tlpdb);

Modified: trunk/Master/tlpkg/TeXLive/TLCrypto.pm
===================================================================
--- trunk/Master/tlpkg/TeXLive/TLCrypto.pm	2019-04-01 14:29:12 UTC (rev 50688)
+++ trunk/Master/tlpkg/TeXLive/TLCrypto.pm	2019-04-01 14:29:23 UTC (rev 50689)
@@ -57,11 +57,13 @@
     %VerificationStatusDescription
     $VS_VERIFIED $VS_CHECKSUM_ERROR $VS_SIGNATURE_ERROR $VS_CONNECTION_ERROR
     $VS_UNSIGNED $VS_GPG_UNAVAILABLE $VS_PUBKEY_MISSING $VS_UNKNOWN
+    $VS_EXPKEYSIG
   );
   @EXPORT = qw(
     %VerificationStatusDescription
     $VS_VERIFIED $VS_CHECKSUM_ERROR $VS_SIGNATURE_ERROR $VS_CONNECTION_ERROR
     $VS_UNSIGNED $VS_GPG_UNAVAILABLE $VS_PUBKEY_MISSING $VS_UNKNOWN
+    $VS_EXPKEYSIG
   );
 }
 
@@ -450,12 +452,14 @@
         }
       }
       my ($ret, $out) = gpg_verify_signature($file, $signature_file);
-      if ($ret == 1) {
+      if ($ret == $VS_VERIFIED) {
         # no need to show the output
         debug("cryptographic signature of $url verified\n");
         return($VS_VERIFIED);
-      } elsif ($ret == -1) {
+      } elsif ($ret == $VS_PUBKEY_MISSING) {
         return($VS_PUBKEY_MISSING, $out);
+      } elsif ($ret == $VS_EXPKEYSIG) {
+        return($VS_EXPKEYSIG, $out);
       } else {
         return($VS_SIGNATURE_ERROR, <<GPGERROR);
 cryptographic signature verification of
@@ -504,21 +508,23 @@
   # read status file
   open($status_fd, "<", $status_file) || die("Cannot open status file: $!");
   my @status_lines = <$status_fd>;
+  close($status_fd);
   chomp(@status_lines);
+  debug(join("\n", "STATUS OUTPUT", @status_lines));
   if ($ret == 0) {
+    # verification still might return success but key is expired!
+    if (grep(/KEYEXPIRED/, @status_lines)) {
+      return($VS_EXPKEYSIG, "expired key");
+    }
     debug("verification succeeded, output:\n$out\n");
-    debug(join("\n", "STATUS OUTPUT", @status_lines));
-    return (1, $out);
+    return ($VS_VERIFIED, $out);
   } else {
-    open($status_fd, "<", $status_file) || die("Cannot open status file: $!");
-    while (<$status_fd>) {
-      if (m/^\[GNUPG:\] NO_PUBKEY (.*)/) {
-        close($status_fd);
-        debug("missing pubkey $1\n");
-        return (-1, "missing pubkey $1");
-      }
+    if (grep(/^\[GNUPG:\] NO_PUBKEY (.*)/, @status_lines)) {
+      debug("missing pubkey $1\n");
+      return ($VS_PUBKEY_MISSING, "missing pubkey $1");
     }
-    return (0, $out);
+    # we could do more checks on what is the actual problem here!
+    return ($VS_SIGNATURE_ERROR, $out);
   }
 }
 

Modified: trunk/Master/tlpkg/TeXLive/TLPDB.pm
===================================================================
--- trunk/Master/tlpkg/TeXLive/TLPDB.pm	2019-04-01 14:29:12 UTC (rev 50688)
+++ trunk/Master/tlpkg/TeXLive/TLPDB.pm	2019-04-01 14:29:23 UTC (rev 50689)
@@ -406,6 +406,9 @@
       } elsif ($r == $VS_PUBKEY_MISSING) {
         debug("$0: TLPDB: pubkey missing, continuing anyway!\n");
         $self->verification_status($r);
+      } elsif ($r == $VS_EXPKEYSIG) {
+        debug("$0: TLPDB: signature verified, but key expired, continuing anyway!\n");
+        $self->verification_status($r);
       } elsif ($r == $VS_VERIFIED) {
         $is_verified = 1;
         $self->verification_status($r);



More information about the tex-live-commits mailing list