Don't verify rsa keys on the server-side by default, even if present.

Consider a cron job to verify offline.
2025-05-19 13:49:17 +02:00 · 2015-05-06 14:22:44 +09:00 · 2015-05-06 14:22:44 +09:00 · 218ceb9144
commit 218ceb9144
parent 7fa00eb48a
1 changed files with 8 additions and 5 deletions
--- a/lib/chibi/snow/fort.scm
+++ b/lib/chibi/snow/fort.scm
@ -76,17 +76,20 @@
         (email (assoc-get (cdr sig-spec) 'email))
         (rsa-key-sexp (find (rsa-identity=? email)
                             (repo-publishers cfg)))
-         (rsa-key (and (pair? rsa-key-sexp)
+         (verify-rsa? (conf-get cfg 'verify-signatures?))
+         (rsa-key (and verify-rsa?
+                       (pair? rsa-key-sexp)
                       (extract-rsa-public-key (cdr rsa-key-sexp)))))
    (cond
     ((not (equal? digest actual-digest))
      (string-append "the " digest-name " digest in the signature <" digest
                     "> didn't match the actual value: <" actual-digest ">"))
-     ((not rsa-key)
+     ((and rsa-key-sexp (not rsa-key))
      (string-append "unknown publisher: " email))
-     ((not (rsa-verify? rsa-key
-                        (maybe-parse-hex digest)
-                        (maybe-parse-hex sig)))
+     ((and verify-rsa?
+           (not (rsa-verify? rsa-key
+                             (maybe-parse-hex digest)
+                             (maybe-parse-hex sig))))
      (log-error "digest: " digest " sig: " (maybe-parse-hex sig)
                 " verify: " (rsa-encrypt rsa-key digest))
      "rsa signature did not match")