# HG changeset patch # User mas90 # Date 1233767444 0 # Wed Feb 04 17:10:44 2009 +0000 # Node ID 2e6a451687f7185f739453442900d1e070c6da5e # Parent 985b950c66bd642a4669d28e10dfaf59759fd810 Rearrange order of checks; let gpg test for presence of signature for us diff --git a/fetch-sanesecurity-sigs b/fetch-sanesecurity-sigs --- a/fetch-sanesecurity-sigs +++ b/fetch-sanesecurity-sigs @@ -203,15 +203,14 @@ continue fi - # Check that there actually is a GnuPG signature - # (there should be, and its absence could be due to tampering) - if [ ! -e "$db.sig" ] + # Zero-length databases have no value and confuse the test below + if [ ! -s "$db" ] then - echo "SECURITY ERROR: $db_name is missing a GnuPG signature; discarding" >&2 + echo "$db_name is zero-length; discarding" continue fi - # Check that the GnuPG signature is correct + # Check that the GnuPG signature is present and correct if ! gpg_out=$(gpg --homedir "$gpg_homedir" $gpg_extra_opts --verify "$db.sig" "$db" 2>&1) then echo "SECURITY ERROR: $db_name has a bad GnuPG signature; discarding:" >&2 @@ -219,13 +218,6 @@ continue fi - # Zero-length databases have no value and confuse the test below - if [ ! -s "$db" ] - then - echo "$db_name is zero-length; discarding" - continue - fi - # Test the database by asking ClamAV to check something with it if ! clamscan --quiet --tempdir="${TMPDIR:-/tmp}" --database="$db" - < /dev/null then