[pacman-dev,3/3] libmakepkg: Implement extendable signature verification

Message ID 20180529043056.12491-3-eschwartz@archlinux.org
State New
Headers show
Series
  • [pacman-dev,1/3] libmakepkg: optimize get_protocol to always return proto, not proto+uri
Related show

Commit Message

Eli Schwartz May 29, 2018, 4:30 a.m. UTC
Lookup the existence of matching functions for each protocol, and
fallback on the generic file handler. New verification protocols can
then be added via thirdparty libmakepkg drop-ins without requiring
modifications to verify_signature.sh

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
---
 scripts/libmakepkg/integrity/verify_signature.sh.in | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Patch

diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
index 38f8afa1..3fa5cd53 100644
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
@@ -49,8 +49,8 @@  check_pgpsigs() {
 	for netfile in "${all_sources[@]}"; do
 		proto="$(get_protocol "$netfile")"
 
-		if [[ $proto = git ]]; then
-			verify_git_signature "$netfile" "$statusfile" || continue
+		if declare -f verify_${proto}_signature > /dev/null; then
+			verify_${proto}_signature "$netfile" "$statusfile" || continue
 		else
 			verify_file_signature "$netfile" "$statusfile" || continue
 		fi
@@ -263,7 +263,8 @@  source_has_signatures() {
 		proto="$(get_protocol "$netfile")"
 		query=$(get_uri_query "$netfile")
 
-		if [[ ${netfile%%::*} = *.@(sig?(n)|asc) || ( $proto = git && $query = signed ) ]]; then
+		if [[ ${netfile%%::*} = *.@(sig?(n)|asc) ]] || \
+				( declare -f verify_${proto}_signature > /dev/null && [[ $query = signed ]] ); then
 			return 0
 		fi
 	done