texlive[50692] Master: gpg sigs: also recognize sigs of revoked keys
commits+preining at tug.org
commits+preining at tug.org
Mon Apr 1 17:01:10 CEST 2019
Revision: 50692
http://tug.org/svn/texlive?view=revision&revision=50692
Author: preining
Date: 2019-04-01 17:01:10 +0200 (Mon, 01 Apr 2019)
Log Message:
-----------
gpg sigs: also recognize sigs of revoked keys
Modified Paths:
--------------
trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl
trunk/Master/tlpkg/TeXLive/TLCrypto.pm
Modified: trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl
===================================================================
--- trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl 2019-04-01 14:50:20 UTC (rev 50691)
+++ trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl 2019-04-01 15:01:10 UTC (rev 50692)
@@ -6908,7 +6908,10 @@
tldie("$prg: verification of checksum for $location failed: $msg\n");
} elsif ($ret == $VS_EXPKEYSIG) {
# do nothing, try to get new tlpdb and hope sig is better?
- debug("$prg: gpg key expired, continuing anyway!\n");
+ debug("$prg: good signature bug gpg key expired, continuing anyway!\n");
+ } elsif ($ret == $VS_REVKEYSIG) {
+ # do nothing, try to get new tlpdb and hope sig is better?
+ debug("$prg: good signature but from revoked gpg key, continuing anyway!\n");
} elsif ($ret == $VS_VERIFIED) {
$remotetlpdb = TeXLive::TLPDB->new(root => $location,
tlpdbfile => $loc_copy_of_remote_tlpdb);
Modified: trunk/Master/tlpkg/TeXLive/TLCrypto.pm
===================================================================
--- trunk/Master/tlpkg/TeXLive/TLCrypto.pm 2019-04-01 14:50:20 UTC (rev 50691)
+++ trunk/Master/tlpkg/TeXLive/TLCrypto.pm 2019-04-01 15:01:10 UTC (rev 50692)
@@ -57,13 +57,13 @@
%VerificationStatusDescription
$VS_VERIFIED $VS_CHECKSUM_ERROR $VS_SIGNATURE_ERROR $VS_CONNECTION_ERROR
$VS_UNSIGNED $VS_GPG_UNAVAILABLE $VS_PUBKEY_MISSING $VS_UNKNOWN
- $VS_EXPKEYSIG
+ $VS_EXPKEYSIG $VS_REVKEYSIG
);
@EXPORT = qw(
%VerificationStatusDescription
$VS_VERIFIED $VS_CHECKSUM_ERROR $VS_SIGNATURE_ERROR $VS_CONNECTION_ERROR
$VS_UNSIGNED $VS_GPG_UNAVAILABLE $VS_PUBKEY_MISSING $VS_UNKNOWN
- $VS_EXPKEYSIG
+ $VS_EXPKEYSIG $VS_REVKEYSIG
);
}
@@ -234,8 +234,10 @@
C<$VS_UNSIGNED> on missing signature file,
C<$VS_GPG_UNAVAILABLE> if no gpg program is available,
C<$VS_PUBKEY_MISSING> if the pubkey is not available,
-C<$VS_CHECKSUM_ERROR> on checksum errors,and
-C<$VS_SIGNATURE_ERROR> on signature errors.
+C<$VS_CHECKSUM_ERROR> on checksum errors,
+C<$VS_EXPKEYSIG> if the signature is good but was made with an expired key,
+C<$VS_REVKEYSIG> if the signature is good but was made with a revoked key,
+and C<$VS_SIGNATURE_ERROR> on signature errors.
In case of errors returns an informal message as second argument.
=cut
@@ -414,6 +416,8 @@
Returns
$VS_VERIFIED on success,
+$VS_REVKEYSIG on good signature but from revoked key,
+$VS_EXPKEYSIG on good signature but from expired key,
$VS_UNSIGNED on missing signature file,
$VS_SIGNATURE_ERROR on signature error,
$VS_GPG_UNAVAILABLE if no gpg is available, and
@@ -460,6 +464,8 @@
return($VS_PUBKEY_MISSING, $out);
} elsif ($ret == $VS_EXPKEYSIG) {
return($VS_EXPKEYSIG, $out);
+ } elsif ($ret == $VS_REVKEYSIG) {
+ return($VS_REVKEYSIG, $out);
} else {
return($VS_SIGNATURE_ERROR, <<GPGERROR);
cryptographic signature verification of
@@ -516,6 +522,9 @@
if (grep(/EXPKEYSIG/, @status_lines)) {
return($VS_EXPKEYSIG, "expired key");
}
+ if (grep(/REVKEYSIG/, @status_lines)) {
+ return($VS_REVKEYSIG, "revoked key");
+ }
debug("verification succeeded, output:\n$out\n");
return ($VS_VERIFIED, $out);
} else {
@@ -545,6 +554,7 @@
our $VS_PUBKEY_MISSING = -4;
our $VS_EXPKEYSIG = -5;
our $VS_EXPSIG = -6;
+our $VS_REVKEYSIG = -7;
our $VS_UNKNOWN = -100;
our %VerificationStatusDescription = (
More information about the tex-live-commits
mailing list