diff options
| author | Daiki Ueno <ueno@gnu.org> | 2014-06-26 09:47:37 -0400 |
|---|---|---|
| committer | Stefan Monnier <monnier@iro.umontreal.ca> | 2014-06-26 09:47:37 -0400 |
| commit | 2493e35c369caabf6a65e376fd0399e95b588bfd (patch) | |
| tree | c652898af7eed009320bbbdd02da8a24d987b364 | |
| parent | 7d1fd42bd6480aa9ea1286dba3c730c2391fcc2b (diff) | |
| download | emacs-2493e35c369caabf6a65e376fd0399e95b588bfd.tar.gz | |
* lisp/emacs-lisp/package.el (package--check-signature): (backport)
If package-check-signature is allow-unsigned, don't signal error when
we can't verify signature because of missing public key.
Fixes: debbugs:17625
| -rw-r--r-- | lisp/ChangeLog | 11 | ||||
| -rw-r--r-- | lisp/emacs-lisp/package.el | 24 |
2 files changed, 23 insertions, 12 deletions
diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 8cc59d88615..6c8f118c8a3 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,10 @@ +2014-06-26 Daiki Ueno <ueno@gnu.org> + + * emacs-lisp/package.el (package--check-signature): + If package-check-signature is allow-unsigned, don't signal error when + we can't verify signature because of missing public key + (backport for bug#17625). + 2014-06-26 Stefan Monnier <monnier@iro.umontreal.ca> * progmodes/hideif.el: Undo last change which should only go to trunk @@ -17,8 +24,8 @@ * ruler-mode.el (ruler-mode-mouse-add-tab-stop) (ruler-mode-ruler): Fix to work with nil tab-stop-list. - * progmodes/asm-mode.el (asm-calculate-indentation): Use - indent-next-tab-stop. + * progmodes/asm-mode.el (asm-calculate-indentation): + Use indent-next-tab-stop. * indent.el (indent-accumulate-tab-stops): New function. diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el index 6efe6c7135a..b70b478cd32 100644 --- a/lisp/emacs-lisp/package.el +++ b/lisp/emacs-lisp/package.el @@ -815,16 +815,20 @@ GnuPG keyring is located under \"gnupg\" in `package-user-dir'." (buffer-string)))) (epg-context-set-home-directory context homedir) (epg-verify-string context sig-content (buffer-string)) - ;; The .sig file may contain multiple signatures. Success if one - ;; of the signatures is good. - (let ((good-signatures - (delq nil (mapcar (lambda (sig) - (if (eq (epg-signature-status sig) 'good) - sig)) - (epg-context-result-for context 'verify))))) - (if (null good-signatures) - ;; FIXME: Only signal an error if the signature is invalid, not if we - ;; simply lack the key needed to check the sig! + (let (good-signatures had-fatal-error) + ;; The .sig file may contain multiple signatures. Success if one + ;; of the signatures is good. + (dolist (sig (epg-context-result-for context 'verify)) + (if (eq (epg-signature-status sig) 'good) + (push sig good-signatures) + ;; If package-check-signature is allow-unsigned, don't + ;; signal error when we can't verify signature because of + ;; missing public key. Other errors are still treated as + ;; fatal (bug#17625). + (unless (and (eq package-check-signature 'allow-unsigned) + (eq (epg-signature-status sig) 'no-pubkey)) + (setq had-fatal-error t)))) + (if (and (null good-signatures) had-fatal-error) (error "Failed to verify signature %s: %S" sig-file (mapcar #'epg-signature-to-string |