[PATCH setup 2/2] Disable old Cygwin setup signing key by default
Jon Turney
jon.turney@dronecode.org.uk
Thu Mar 19 13:15:11 GMT 2020
Add a new option '--enable-old-keys', for if you really need to install
from an old mirror for some reason.
'--disable-old-keys' is still accepted, but is the default now.
---
crypto.cc | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/crypto.cc b/crypto.cc
index 2e4ba21..88ced38 100644
--- a/crypto.cc
+++ b/crypto.cc
@@ -52,8 +52,9 @@ static BoolOption UntrustedKeysOption (false, 'u', "untrusted-keys",
"Use untrusted saved extra keys");
static BoolOption KeepUntrustedKeysOption (false, 'U', "keep-untrusted-keys",
"Use untrusted keys and retain all");
-static BoolOption DisableOldKeysOption (false, '\0', "disable-old-keys",
- "Disable old cygwin.com keys");
+static BoolOption EnableOldKeysOption (false, '\0', "old-keys",
+ "Enable old cygwin.com keys",
+ BoolOption::BoolOptionType::pairedAble);
/* Embedded public half of Cygwin signing key. */
static const char *cygwin_pubkey_sexpr =
@@ -708,7 +709,7 @@ verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner)
/* If not disabled, also try the old built-in key */
gcry_sexp_t cygwin_old_key;
- if (!DisableOldKeysOption)
+ if (EnableOldKeysOption)
{
rv = gcry_sexp_new (&cygwin_old_key, cygwin_old_pubkey_sexpr, strlen (cygwin_old_pubkey_sexpr), 1);
if (rv != GPG_ERR_NO_ERROR)
--
2.21.0
More information about the Cygwin-apps
mailing list