|
 |
c3b961 |
From f8616a2d6e22705371fe6ba47597238d3d1dc2f1 Mon Sep 17 00:00:00 2001
|
|
|
c3b961 |
From: Pavla Kratochvilova <pkratoch@redhat.com>
|
|
|
c3b961 |
Date: Fri, 3 Apr 2020 07:59:38 +0200
|
|
|
c3b961 |
Subject: [PATCH] Check for revoked subkeys before checking the signature. BZ 1778784
|
|
|
c3b961 |
|
|
|
c3b961 |
The reverse order resulted in error "Invalid GPG Key from
|
|
|
c3b961 |
<path to GPG key>: signature 9 doesn't bind subkey to key, type is
|
|
|
c3b961 |
subkey revocation" when the package was signed with a GPG key
|
|
|
c3b961 |
with revoked subkey.
|
|
|
c3b961 |
---
|
|
|
c3b961 |
yum/pgpmsg.py | 12 ++++++------
|
|
|
c3b961 |
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
c3b961 |
|
|
|
c3b961 |
diff --git a/yum/pgpmsg.py b/yum/pgpmsg.py
|
|
|
c3b961 |
index d3d30a1..1b7698b 100644
|
|
|
c3b961 |
--- a/yum/pgpmsg.py
|
|
|
c3b961 |
+++ b/yum/pgpmsg.py
|
|
|
c3b961 |
@@ -1074,21 +1074,21 @@ be scanned to make sure they are valid for a pgp certificate."""
|
|
|
c3b961 |
pkt_idx = pkt_idx + 1
|
|
|
c3b961 |
is_revoked = 0
|
|
|
c3b961 |
|
|
|
c3b961 |
+ # there may optionally be a revocation
|
|
|
c3b961 |
+ if pkt_idx < len(pkts) and pkts[pkt_idx].pkt_typ == CTB_PKT_SIG and pkts[pkt_idx].sig_type == SIG_TYPE_SUBKEY_REVOKE :
|
|
|
c3b961 |
+ is_revoked = 1
|
|
|
c3b961 |
+ subkey.append(pkts[pkt_idx])
|
|
|
c3b961 |
+ pkt_idx = pkt_idx + 1
|
|
|
c3b961 |
+
|
|
|
c3b961 |
# there must be one signature following the subkey that binds it to the main key
|
|
|
c3b961 |
if pkt_idx >= len(pkts) :
|
|
|
c3b961 |
raise ValueError('subkey at index %d was not followed by a signature' % (pkt_idx-1))
|
|
|
c3b961 |
if pkts[pkt_idx].pkt_typ != CTB_PKT_SIG or pkts[pkt_idx].sig_type != SIG_TYPE_SUBKEY_BIND :
|
|
|
c3b961 |
raise ValueError('signature %d doesn\'t bind subkey to key, type is %s' % (pkt_idx, map_to_str(sig_type_to_str, pkts[pkt_idx].sig_type)))
|
|
|
c3b961 |
subkey.append(pkts[pkt_idx])
|
|
|
c3b961 |
|
|
|
c3b961 |
pkt_idx = pkt_idx + 1
|
|
|
c3b961 |
|
|
|
c3b961 |
- # there may optionally be a revocation
|
|
|
c3b961 |
- if pkt_idx < len(pkts) and pkts[pkt_idx].pkt_typ == CTB_PKT_SIG and pkts[pkt_idx].sig_type == SIG_TYPE_SUBKEY_REVOKE :
|
|
|
c3b961 |
- is_revoked = 1
|
|
|
c3b961 |
- subkey.append(pkts[pkt_idx])
|
|
|
c3b961 |
- pkt_idx = pkt_idx + 1
|
|
|
c3b961 |
-
|
|
|
c3b961 |
# append the user ID and signature(s) onto the list
|
|
|
c3b961 |
if is_revoked :
|
|
|
c3b961 |
self.rvkd_subkeys.append(subkey)
|
|
|
c3b961 |
--
|
|
|
c3b961 |
libgit2 0.28.5
|
|
|
c3b961 |
|