[Pkg-libvirt-commits] [libguestfs] 10/26: builder: allow "no key" as key in Sigchecker

Hilko Bengen bengen at moszumanska.debian.org
Sun Mar 2 13:37:36 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag upstream/1.25.39
in repository libguestfs.

commit c09f5bbc708bbed772570ba63a706efcedf68cac
Author: Pino Toscano <ptoscano at redhat.com>
Date:   Tue Feb 25 17:29:06 2014 +0100

    builder: allow "no key" as key in Sigchecker
    
    Additional way to distinguish no actual key available for signature
    checking; make sure to not allow signing in such situation.
---
 builder/sigchecker.ml  | 8 ++++++++
 builder/sigchecker.mli | 1 +
 2 files changed, 9 insertions(+)

diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
index 7459e4b..67d1600 100644
--- a/builder/sigchecker.ml
+++ b/builder/sigchecker.ml
@@ -97,6 +97,7 @@ ZvXkQ3FVJwZoLmHw47vvlVpLD/4gi1SuHWieRvZ+UdDq00E348pm
 "
 
 type gpgkey_type =
+  | No_Key
   | Fingerprint of string
   | KeyFile of string
 
@@ -127,6 +128,11 @@ let rec create ~debug ~gpg ~gpgkey ~check_signature =
   (* Create a temporary directory for gnupg. *)
   let tmpdir = Mkdtemp.mkdtemp (Filename.temp_dir_name // "vb.gpghome.XXXXXX") in
   rmdir_on_exit tmpdir;
+  (* Make sure we have no check_signature=true with no actual key. *)
+  let check_signature, gpgkey =
+    match check_signature, gpgkey with
+    | true, No_Key -> false, No_Key
+    | x, y -> x, y in
   let fingerprint =
     if check_signature then (
       (* Run gpg so it can setup its own home directory, failing if it
@@ -141,6 +147,8 @@ let rec create ~debug ~gpg ~gpgkey ~check_signature =
         exit 1
       );
       match gpgkey with
+      | No_Key ->
+        assert false
       | KeyFile kf ->
         let status_file = import_keyfile gpg tmpdir debug kf in
         let status = read_whole_file status_file in
diff --git a/builder/sigchecker.mli b/builder/sigchecker.mli
index f4e817e..ab44a5c 100644
--- a/builder/sigchecker.mli
+++ b/builder/sigchecker.mli
@@ -21,6 +21,7 @@ val default_fingerprint : string
 type t
 
 type gpgkey_type =
+  | No_Key
   | Fingerprint of string
   | KeyFile of string
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libguestfs.git

More information about the Pkg-libvirt-commits mailing list