| commit | 38da050f31fad7fd9252cced698a66c3e3729d98 | |
| author | Allan McRae <allan@archlinux.org> | |
| Mon, 22 Nov 2010 06:06:16 +0000 (22 16:06 +1000) | ||
| committer | Dan McGee <dan@archlinux.org> | |
| Thu, 24 Mar 2011 03:58:00 +0000 (23 22:58 -0500) | ||
| tree | 3b444b86d7705f0e683e977af00876b79add83f1 | treesnapshot (tar.gz zip) |
| parent | 9a3325a56db87cc8c6336225162daefcd190208f | commitdiff |
Download and verify package database signatures
If signature verification is needed, attempt to download a signature
file for a repo when it is updated. Return an error if unable to
download signature only when checking is mandatory, or if signature is
invalid.
TODO: At the moment the database signature is only checked on download.
Should we do anything with a database if it fails to be verified to prevent
its future usage?
Signed-off-by: Allan McRae <allan@archlinux.org>
If signature verification is needed, attempt to download a signature
file for a repo when it is updated. Return an error if unable to
download signature only when checking is mandatory, or if signature is
invalid.
TODO: At the moment the database signature is only checked on download.
Should we do anything with a database if it fails to be verified to prevent
its future usage?
Signed-off-by: Allan McRae <allan@archlinux.org>
| lib/libalpm/be_sync.c | diffblobblamehistory |