This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH setup draft 1/4] Allow validation of signatures using the cygwin key only

Add an optional argument 'main_key_only' to and  The
argument is 'false' by default.  If it is 'true', validation uses the
official cygwin signing key only.
--- | 5 +++--
 crypto.h  | 3 ++-    | 5 +++--
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/ b/
index 5a10e16..6a97acb 100644
--- a/
+++ b/
@@ -429,7 +429,8 @@ add_key_from_sexpr (gcry_sexp_t key)
 /*  Verify the signature on an ini file.  Takes care of all key-handling.  */
-verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner)
+verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file,
+		     HWND owner, bool main_key_only)
   /*  DSA public key in s-expr format.  */
   gcry_sexp_t dsa_key;
@@ -629,7 +630,7 @@ verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner)
       // Well, we're actually there!  Try it against the main key.
       rv = gcry_pk_verify (dsa_sig, dsa_hash, dsa_key);
       // If not that, try any supplied on the commandline.
-      if (rv != GPG_ERR_NO_ERROR)
+      if (rv != GPG_ERR_NO_ERROR && !main_key_only)
 	  std::vector<gcry_sexp_t>::iterator it;
 	  for (it = keys_to_try.begin (); it < keys_to_try.end (); ++it)
diff --git a/crypto.h b/crypto.h
index 860df6c..9725b19 100644
--- a/crypto.h
+++ b/crypto.h
@@ -30,7 +30,8 @@ class io_stream;
   file in another.  It is called from and returns
   true if the signature verified OK; if it returns false, you MUST NOT
   use the failed ini file - doubly so if it's a compressed stream!  */
-extern bool verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner);
+extern bool verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file,
+				 HWND owner, bool main_key_only = false);
 5.2.2.  Version 3 Signature Packet Format
diff --git a/ b/
index f021ed2..18ab2e3 100644
--- a/
+++ b/
@@ -172,7 +172,8 @@ decompress_ini (io_stream *ini_file)
 static io_stream*
 check_ini_sig (io_stream* ini_file, io_stream* ini_sig_file,
-	       bool& sig_fail, const char* site, const char* sig_name, HWND owner)
+	       bool& sig_fail, const char* site, const char* sig_name,
+	       HWND owner, bool main_key_only = false)
   /* Unless the NoVerifyOption is set, check the signature for the
      current setup and record the result.  On a failed signature check
@@ -192,7 +193,7 @@ check_ini_sig (io_stream* ini_file, io_stream* ini_sig_file,
 	    sig_fail = true;
-      else if (!verify_ini_file_sig (ini_file, ini_sig_file, owner))
+      else if (!verify_ini_file_sig (ini_file, ini_sig_file, owner, main_key_only))
 	  note (owner, IDS_SIG_INVALID, sig_name, site);
 	  delete ini_sig_file;

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]