Ignore:
Timestamp:
Jun 19, 2010, 11:21:02 PM (10 years ago)
Author:
jmr@…
Message:

Added integrity checking for fetched archives via signed digests. New pubkeys.conf file allows configuring keys to trust. The private counterpart of the installed public key will of course need to live on our binary building server.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/base/src/macports1.0/macports.tcl

    r68902 r68996  
    5252        portdbpath porturl portpath portbuildpath auto_path prefix prefix_frozen portsharepath \
    5353        registry.path registry.format registry.installtype portarchivemode portarchivepath \
    54         portarchivetype portautoclean porttrace keeplogs portverbose destroot_umask rsync_server \
    55         rsync_options rsync_dir startupitem_type place_worksymlink macportsuser \
     54        portarchivetype archivefetch_pubkeys portautoclean porttrace keeplogs portverbose destroot_umask \
     55        rsync_server rsync_options rsync_dir startupitem_type place_worksymlink macportsuser \
    5656        mp_remote_url mp_remote_submit_url configureccache configuredistcc configurepipe buildnicevalue buildmakejobs \
    5757        applications_dir current_phase frameworks_dir developer_dir universal_archs build_arch \
     
    465465    global macports::macosx_version
    466466    global macports::macosx_deployment_target
     467    global macports::archivefetch_pubkeys
    467468
    468469    # Set the system encoding to utf-8
     
    602603    global macports::global_variations
    603604    array set macports::global_variations [array get variations]
     605
     606    # pubkeys.conf
     607    set macports::archivefetch_pubkeys {}
     608    if {[file isfile [file join ${macports_conf_path} pubkeys.conf]]} {
     609        set fd [open [file join ${macports_conf_path} pubkeys.conf] r]
     610        while {[gets $fd line] >= 0} {
     611            set line [string trim $line]
     612            if {![regexp {^[\ \t]*#.*$|^$} $line]} {
     613                lappend macports::archivefetch_pubkeys $line
     614            }
     615        }
     616        close $fd
     617    } else {
     618        ui_debug "pubkeys.conf does not exist."
     619    }
    604620
    605621    if {![info exists portdbpath]} {
Note: See TracChangeset for help on using the changeset viewer.