texlive[53820] Master: refactor verify_checksum return code handling
commits+preining at tug.org
commits+preining at tug.org
Mon Feb 17 04:23:15 CET 2020
Revision: 53820
http://tug.org/svn/texlive?view=revision&revision=53820
Author: preining
Date: 2020-02-17 04:23:13 +0100 (Mon, 17 Feb 2020)
Log Message:
-----------
refactor verify_checksum return code handling into separate function
Modified Paths:
--------------
trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl
trunk/Master/tlpkg/TeXLive/TLCrypto.pm
trunk/Master/tlpkg/TeXLive/TLPDB.pm
Modified: trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl
===================================================================
--- trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl 2020-02-17 00:54:54 UTC (rev 53819)
+++ trunk/Master/texmf-dist/scripts/texlive/tlmgr.pl 2020-02-17 03:23:13 UTC (rev 53820)
@@ -7006,12 +7006,13 @@
ddebug("loc copy found!\n");
# we found the tlpdb matching the current location
# check for the remote hash
- my $path = "$location/$InfraLocation/$DatabaseName.$TeXLive::TLConfig::ChecksumExtension";
+ my $path = "$location/$InfraLocation/$DatabaseName";
ddebug("remote path of digest = $path\n");
-
- my ($ret,$msg)
- = TeXLive::TLCrypto::verify_checksum($loc_copy_of_remote_tlpdb, $path);
- if ($ret == $VS_CONNECTION_ERROR) {
+ my ($verified, $status)
+ = TeXLive::TLCrypto::verify_checksum_and_check_return($loc_copy_of_remote_tlpdb, $path,
+ $is_main, 1); # the 1 means local copy mode!
+ # deal with those cases that need special treatment
+ if ($status == $VS_CONNECTION_ERROR) {
info(<<END_NO_INTERNET);
Unable to download the checksum of the remote TeX Live database,
but found a local copy, so using that.
@@ -7027,46 +7028,17 @@
$remotetlpdb = TeXLive::TLPDB->new(root => $location,
tlpdbfile => $loc_copy_of_remote_tlpdb);
$local_copy_tlpdb_used = 1;
- } elsif ($ret == $VS_UNSIGNED) {
- # we require the main database to be signed, but allow for
- # subsidiary to be unsigned
- if ($is_main) {
- tldie("$prg: main database at $location is not signed: $msg\n");
- }
- # the remote database has not be signed, warn
- debug("$prg: remote database is not signed, continuing anyway!\n");
- } elsif ($ret == $VS_GPG_UNAVAILABLE) {
- # no gpg available
- debug("$prg: no gpg available for verification, continuing anyway!\n");
- } elsif ($ret == $VS_PUBKEY_MISSING) {
- # pubkey missing
- debug("$prg: $msg, continuing anyway!\n");
- } elsif ($ret == $VS_CHECKSUM_ERROR) {
- # no problem, checksum is wrong, we need to get new tlpdb
- } elsif ($ret == $VS_SIGNATURE_ERROR) {
- # umpf, signature error
- # TODO should we die here? Probably yes because one of
- # checksum file or signature file has changed!
- tldie("$prg: verification of checksum for $location failed: $msg\n");
- } elsif ($ret == $VS_EXPKEYSIG) {
- # do nothing, try to get new tlpdb and hope sig is better?
- tlwarn("Verification problem of the TL database at $location:\n");
- tlwarn("--> $VerificationStatusDescription{$ret}\n");
- # debug("$prg: good signature bug gpg key expired, continuing anyway!\n");
- } elsif ($ret == $VS_REVKEYSIG) {
- # do nothing, try to get new tlpdb and hope sig is better?
- tlwarn("Verification problem of the TL database at $location:\n");
- tlwarn("--> $VerificationStatusDescription{$ret}\n");
- #debug("$prg: good signature but from revoked gpg key, continuing anyway!\n");
- } elsif ($ret == $VS_VERIFIED) {
+ } elsif ($status == $VS_VERIFIED || $status == $VS_EXPKEYSIG || $status == $VS_REVKEYSIG) {
$remotetlpdb = TeXLive::TLPDB->new(root => $location,
tlpdbfile => $loc_copy_of_remote_tlpdb);
$local_copy_tlpdb_used = 1;
- # we did verify this tlpdb, make sure that is recorded
- $remotetlpdb->is_verified(1);
- } else {
- tldie("$prg: unexpected return value from verify_checksum: $ret\n");
+ # if verification was successful, make sure that is recorded
+ $remotetlpdb->verification_status($status);
+ $remotetlpdb->is_verified($verified);
}
+ # nothing to do in the else case
+ # we tldie already in the verify_checksum_and_check_return
+ # for all other cases
}
}
if (!$local_copy_tlpdb_used) {
Modified: trunk/Master/tlpkg/TeXLive/TLCrypto.pm
===================================================================
--- trunk/Master/tlpkg/TeXLive/TLCrypto.pm 2020-02-17 00:54:54 UTC (rev 53819)
+++ trunk/Master/tlpkg/TeXLive/TLCrypto.pm 2020-02-17 03:23:13 UTC (rev 53820)
@@ -1,6 +1,6 @@
# $Id$
# TeXLive::TLCrypto.pm - handle checksums and signatures.
-# Copyright 2016-2019 Norbert Preining
+# Copyright 2016-2020 Norbert Preining
# This file is licensed under the GNU General Public License version 2
# or any later version.
@@ -34,6 +34,7 @@
TeXLive::TLCrypto::tlchecksum($path);
TeXLive::TLCrypto::verify_checksum($file, $url);
+ TeXLive::TLCrypto::verify_checksum_and_check_return($file, $url);
=head2 Signatures
@@ -52,6 +53,7 @@
&tlchecksum
&tl_short_digest
&verify_checksum
+ &verify_checksum_and_check_return
&setup_gpg
&verify_signature
%VerificationStatusDescription
@@ -226,6 +228,63 @@
# emacs-page
=pod
+=item C<< verify_checksum_and_check_return($file, $tlpdburl [, $is_main, $localcopymode ]) >>
+
+Calls C<<verify_checksum>> and checks the various return values
+for critical errors, and dies if necessary.
+
+If C<$is_main> is given and true, an unsigned tlpdb is considered
+fatal. If C<$localcopymode> is given and true, do not die for
+checksum and connection errors, thus allowing for re-downloading
+of a copy.
+
+=cut
+
+sub verify_checksum_and_check_return {
+ my ($file, $path, $is_main, $localcopymode) = @_;
+ my ($r, $m) = verify_checksum($file, "$path.$ChecksumExtension");
+ if ($r == $VS_CHECKSUM_ERROR) {
+ if (!$localcopymode) {
+ tldie("$0: checksum error when downloading $file from $path: $m\n");
+ }
+ } elsif ($r == $VS_SIGNATURE_ERROR) {
+ tldie("$0: signature verification error of $file from $path: $m\n");
+ } elsif ($r == $VS_CONNECTION_ERROR) {
+ if ($localcopymode) {
+ return(0, $r);
+ } else {
+ tldie("$0: cannot download: $m\n");
+ }
+ } elsif ($r == $VS_UNSIGNED) {
+ if ($is_main) {
+ tldie("$0: main database at $path is not signed: $m\n");
+ }
+ debug("$0: remote database checksum is not signed, continuing anyway: $m\n");
+ return(0, $r);
+ } elsif ($r == $VS_EXPKEYSIG) {
+ debug("$0: good signature bug gpg key expired, continuing anyway!\n");
+ return(0, $r);
+ } elsif ($r == $VS_REVKEYSIG) {
+ debug("$0: good signature but from revoked gpg key, continuing anyway!\n");
+ return(0, $r);
+ } elsif ($r == $VS_GPG_UNAVAILABLE) {
+ debug("$0: TLPDB: no gpg available, continuing anyway!\n");
+ return(0, $r);
+ } elsif ($r == $VS_PUBKEY_MISSING) {
+ debug("$0: TLPDB: pubkey missing, continuing anyway!\n");
+ return(0, $r);
+ } elsif ($r == $VS_VERIFIED) {
+ return(1, $r);
+ } else {
+ tldie("$0: unexpected return value from verify_checksum: $r\n");
+ }
+}
+
+
+
+# emacs-page
+=pod
+
=item C<< verify_checksum($file, $checksum_url) >>
Verifies that C<$file> has checksum C<$checksum_url>, and if gpg is
Modified: trunk/Master/tlpkg/TeXLive/TLPDB.pm
===================================================================
--- trunk/Master/tlpkg/TeXLive/TLPDB.pm 2020-02-17 00:54:54 UTC (rev 53819)
+++ trunk/Master/tlpkg/TeXLive/TLPDB.pm 2020-02-17 03:23:13 UTC (rev 53820)
@@ -1,6 +1,6 @@
# $Id$
# TeXLive::TLPDB.pm - tlpdb plain text database files.
-# Copyright 2007-2019 Norbert Preining
+# Copyright 2007-2020 Norbert Preining
# This file is licensed under the GNU General Public License version 2
# or any later version.
@@ -370,57 +370,16 @@
#
# before we open and proceed, verify the downloaded file
if ($params{'verify'} && $media ne 'local_uncompressed') {
- my ($r, $m) = TeXLive::TLCrypto::verify_checksum($tlpdbfile, "$path.$ChecksumExtension");
- if ($r == $VS_CHECKSUM_ERROR) {
- tldie("$0: checksum error when downloading $tlpdbfile from $path: $m\n");
- } elsif ($r == $VS_SIGNATURE_ERROR) {
- tldie("$0: signature verification error of $tlpdbfile from $path: $m\n");
- } elsif ($r == $VS_CONNECTION_ERROR) {
- tldie("$0: cannot download: $m\n");
- } elsif ($r == $VS_UNSIGNED) {
- debug("$0: remote database checksum is not signed, continuing anyway: $m\n");
- $self->verification_status($r);
- } elsif ($r == $VS_GPG_UNAVAILABLE) {
- debug("$0: TLPDB: no gpg available, continuing anyway!\n");
- $self->verification_status($r);
- } elsif ($r == $VS_PUBKEY_MISSING) {
- debug("$0: TLPDB: pubkey missing, continuing anyway!\n");
- $self->verification_status($r);
- } elsif ($r == $VS_VERIFIED) {
- $is_verified = 1;
- $self->verification_status($r);
- } else {
- tldie("$0: unexpected return value from verify_checksum: $r\n");
- }
+ my ($verified, $status) = TeXLive::TLCrypto::verify_checksum_and_check_return($tlpdbfile, $path);
+ $is_verified = $verified;
+ $self->verification_status($status);
}
open($retfh, "<$tlpdbfile") || die "$0: open($tlpdbfile) failed: $!";
} else {
if ($params{'verify'} && $media ne 'local_uncompressed') {
- my ($r, $m) = TeXLive::TLCrypto::verify_checksum($path, "$path.$ChecksumExtension");
- if ($r == $VS_CHECKSUM_ERROR) {
- tldie("$0: checksum error when downloading $path from $path: $m\n");
- } elsif ($r == $VS_SIGNATURE_ERROR) {
- tldie("$0: signature verification error of $path from $path: $m\n");
- } elsif ($r == $VS_CONNECTION_ERROR) {
- tldie("$0: cannot download: $m\n");
- } elsif ($r == $VS_UNSIGNED) {
- debug("$0: remote database checksum is not signed, continuing anyway!\n");
- $self->verification_status($r);
- } elsif ($r == $VS_GPG_UNAVAILABLE) {
- debug("$0: TLPDB: no gpg available, continuing anyway!\n");
- $self->verification_status($r);
- } elsif ($r == $VS_PUBKEY_MISSING) {
- debug("$0: TLPDB: pubkey missing, continuing anyway!\n");
- $self->verification_status($r);
- } elsif ($r == $VS_EXPKEYSIG) {
- debug("$0: TLPDB: signature verified, but key expired, continuing anyway!\n");
- $self->verification_status($r);
- } elsif ($r == $VS_VERIFIED) {
- $is_verified = 1;
- $self->verification_status($r);
- } else {
- tldie("$0: unexpected return value from verify_checksum: $r\n");
- }
+ my ($verified, $status) = TeXLive::TLCrypto::verify_checksum_and_check_return($path, $path);
+ $is_verified = $verified;
+ $self->verification_status($status);
}
open(TMP, "<$path") || die "$0: open($path) failed: $!";
$retfh = \*TMP;
More information about the tex-live-commits
mailing list.