This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
[PATCH setup draft 2/4] Insist on cygwin signing key for official mirrors
- From: Ken Brown <kbrown at cornell dot edu>
- To: cygwin-apps at cygwin dot com
- Date: Mon, 11 Dec 2017 16:41:34 -0500
- Subject: [PATCH setup draft 2/4] Insist on cygwin signing key for official mirrors
- Authentication-results: sourceware.org; auth=none
- References: <20171211214136.6500-1-kbrown@cornell.edu>
If a mirror comes from mirrors.lst, validate the signature using the
cygwin signing key only.
---
ini.cc | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/ini.cc b/ini.cc
index 18ab2e3..4be8263 100644
--- a/ini.cc
+++ b/ini.cc
@@ -292,8 +292,12 @@ do_remote_ini (HWND owner)
current_ini_sig_name = current_ini_name + ".sig";
ini_sig_file = get_url_to_membuf (current_ini_sig_name, owner);
ini_file = get_url_to_membuf (current_ini_name, owner);
+
+ // Official mirrors must be signed by the cygwin key.
+ bool main_key_only = n->from_mirrors_lst;
ini_file = check_ini_sig (ini_file, ini_sig_file, sig_fail,
- n->url.c_str (), current_ini_sig_name.c_str (), owner);
+ n->url.c_str (), current_ini_sig_name.c_str (), owner, main_key_only);
+
// stop searching as soon as we find a setup file
if (ini_file)
break;
--
2.15.1