diff --git a/bin/xbps-rindex/repoflush.c b/bin/xbps-rindex/repoflush.c index b2338880..213416a5 100644 --- a/bin/xbps-rindex/repoflush.c +++ b/bin/xbps-rindex/repoflush.c @@ -45,7 +45,6 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir, struct archive *ar; char *repofile, *tname, *buf; unsigned char *sig = NULL; - const char *signature_type = NULL; int rv, repofd = -1; mode_t mask; bool result; diff --git a/lib/plist_fetch.c b/lib/plist_fetch.c index 16612e30..07c22a55 100644 --- a/lib/plist_fetch.c +++ b/lib/plist_fetch.c @@ -183,10 +183,6 @@ xbps_repo_fetch_remote(struct xbps_repo *repo, const char *url) xbps_dictionary_t idxmeta_tmp = NULL; size_t meta_signature_len = 0; uint8_t i = 0; - bool verified = false; - const char *signature_type = NULL; - unsigned char *meta_digest = NULL; - unsigned char *meta_signature = NULL; assert(url); assert(repo); @@ -221,17 +217,7 @@ xbps_repo_fetch_remote(struct xbps_repo *repo, const char *url) } archive_read_finish(a); - verified = xbps_verify_digest_signature(repo, idxmeta_tmp, meta_signature, meta_signature_len, meta_digest); - if (verified) { - xbps_dbg_printf(repo->xhp, "Verification of repo's '%s' signature passed.\n", url); - } else { - xbps_warn_printf("Verification of repo's '%s' signature failed. Taking safe part.\n", url); - idxmeta_tmp = get_safe_idxmeta(idxmeta_tmp); - } - - repo->idxmeta = idxmeta_tmp; - - if (xbps_dictionary_get_cstring_nocopy(repo->idxmeta, "signature-type", &signature_type)) + if (xbps_object_type(repo->idxmeta) == XBPS_TYPE_DICTIONARY) repo->is_signed = true; if (xbps_object_type(repo->idx) == XBPS_TYPE_DICTIONARY) diff --git a/lib/repo.c b/lib/repo.c index e26d05f6..fd28da81 100644 --- a/lib/repo.c +++ b/lib/repo.c @@ -619,7 +619,6 @@ xbps_repo_key_import(struct xbps_repo *repo) char *hexfp = NULL; char *p, *dbkeyd, *rkeyfile = NULL; int import, rv = 0; - bool has_signedby, has_pubkey_size, has_pubkey; assert(repo); /* @@ -640,18 +639,8 @@ xbps_repo_key_import(struct xbps_repo *repo) xbps_dictionary_get_uint16(repo->idxmeta, "public-key-size", &pubkey_size); pubkey = xbps_dictionary_get(repo->idxmeta, "public-key"); - has_signedby = (signedby != NULL); - has_pubkey_size = (pubkey_size > 0); - has_pubkey = (xbps_object_type(pubkey) == XBPS_TYPE_DATA); - - if (!has_signedby && !has_pubkey_size && !has_pubkey) - { - xbps_dbg_printf(repo->xhp, - "[repo] `%s' unsigned repository with meta!\n", repo->uri); - return 0; - } - else if (!has_signedby || !has_pubkey_size || !has_pubkey) - { + if (signedby == NULL || pubkey_size == 0 || + xbps_object_type(pubkey) != XBPS_TYPE_DATA) { xbps_dbg_printf(repo->xhp, "[repo] `%s': incomplete signed repository " "(missing objs)\n", repo->uri);