[PATCH setup draft 2/4] Insist on cygwin signing key for official mirrors
Ken Brown
kbrown@cornell.edu
Mon Dec 11 21:41:00 GMT 2017
If a mirror comes from mirrors.lst, validate the signature using the
cygwin signing key only.
---
ini.cc | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/ini.cc b/ini.cc
index 18ab2e3..4be8263 100644
--- a/ini.cc
+++ b/ini.cc
@@ -292,8 +292,12 @@ do_remote_ini (HWND owner)
current_ini_sig_name = current_ini_name + ".sig";
ini_sig_file = get_url_to_membuf (current_ini_sig_name, owner);
ini_file = get_url_to_membuf (current_ini_name, owner);
+
+ // Official mirrors must be signed by the cygwin key.
+ bool main_key_only = n->from_mirrors_lst;
ini_file = check_ini_sig (ini_file, ini_sig_file, sig_fail,
- n->url.c_str (), current_ini_sig_name.c_str (), owner);
+ n->url.c_str (), current_ini_sig_name.c_str (), owner, main_key_only);
+
// stop searching as soon as we find a setup file
if (ini_file)
break;
--
2.15.1
More information about the Cygwin-apps
mailing list