FS#59588 : Implement signature check for git tags/commits

FS#59588 - Implement signature check for git tags/commits

Attached to Project: Pacman
Opened by Pascal Ernster (hardfalcon) - Thursday, 09 August 2018, 12:34 GMT
Last edited by Allan McRae (Allan) - Thursday, 09 August 2018, 12:41 GMT

Task Type	Feature Request
Category	makepkg
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Low
Priority	Normal
Reported Version	5.1.1
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

It would be cool if there was a way to have makepkg check the key fingerprints of signed git tags/commits against the fingerprints in the validpgpkeys array.

To cover cases where multiple git sources are used but not all of them carry signatures, a mechanism would be needed to differentiate between signed and unsigned sources. One option to achieve this might be a URL prefix "git-signed+", similar to the already existing "git+".

This task depends upon

Closed by Allan McRae (Allan)
Thursday, 09 August 2018, 12:41 GMT
Reason for closing: Not a bug

Comment by Allan McRae (Allan) - Thursday, 09 August 2018, 12:41 GMT

Man PKGBUILD:

"Allows specifying whether a VCS checkout should be
checked for PGP-signed revisions. The source line should have the
format source=(url#fragment?signed) or
source=(url?signed#fragment). Currently only supported by Git."

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#59588 - Implement signature check for git tags/commits

Details

Loading...