From 4094f979f310f41fd2b9d66316b97621d9dfe7f7 Mon Sep 17 00:00:00 2001 From: Kasumi Hanazuki Date: Thu, 12 Dec 2019 23:03:48 +0900 Subject: [PATCH] Remove all the imported pubkeys from keyring In case multiple GPG public keys are given, the current implementation only removes the first key after use and leaves the others, which will be used to verify subsequent downloads (insecure). This patch makes sure to remove all of them. --- lib/mini_portile2/mini_portile.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/mini_portile2/mini_portile.rb b/lib/mini_portile2/mini_portile.rb index b7d86d0..3bdfa35 100644 --- a/lib/mini_portile2/mini_portile.rb +++ b/lib/mini_portile2/mini_portile.rb @@ -270,15 +270,18 @@ def verify_file(file) io.close_write io.read end - raise "invalid gpg key provided" unless /\[GNUPG:\] IMPORT_OK \d+ (?[0-9a-f]+)/i =~ gpg_status + key_ids = gpg_status.scan(/\[GNUPG:\] IMPORT_OK \d+ (?[0-9a-f]+)/i).map(&:first) + raise "invalid gpg key provided" if key_ids.empty? # verify the signature against our keyring gpg_status = IO.popen([gpg_exe, "--status-fd", "1", "--no-default-keyring", "--keyring", KEYRING_NAME, "--verify", signature_file, file[:local_path]], &:read) # remove the key from our keyring - IO.popen([gpg_exe, "--batch", "--yes", "--no-default-keyring", "--keyring", KEYRING_NAME, "--delete-keys", key_id], &:read) + key_ids.each do |key_id| + IO.popen([gpg_exe, "--batch", "--yes", "--no-default-keyring", "--keyring", KEYRING_NAME, "--delete-keys", key_id], &:read) + raise "unable to delete the imported key" unless $?.exitstatus==0 + end - raise "unable to delete the imported key" unless $?.exitstatus==0 raise "signature mismatch" unless gpg_status.match(/^\[GNUPG:\] VALIDSIG/) else