From c3bf1893e3ac66149e5c400dadae62478e57fb18 Mon Sep 17 00:00:00 2001
From: Jiri Moskovcak <jmoskovc@redhat.com>
Date: Thu, 28 Jan 2010 14:40:24 +0100
Subject: reenabled gpg check

- we still just check only the signature of the package,
  which doesn't tell us if the files on the disk weren't
  changed, but will at least filter not official packages
---
 src/Daemon/MiddleWare.cpp | 7 +++++++
 src/Daemon/abrt.conf      | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/Daemon/MiddleWare.cpp b/src/Daemon/MiddleWare.cpp
index 01c3850b..ba7e0a05 100644
--- a/src/Daemon/MiddleWare.cpp
+++ b/src/Daemon/MiddleWare.cpp
@@ -655,6 +655,12 @@ static mw_result_t SavePackageDescriptionToDebugDump(
                 log("Package '%s' isn't signed with proper key", packageName.c_str());
                 return MW_GPG_ERROR;
             }
+            /*
+              Checking the MD5 sum requires to run prelink to "un-prelink" the
+              binaries - this is considered potential security risk so we don't
+              use it, until we find some non-intrusive way
+            */
+            /*
             if (!CheckHash(packageName.c_str(), pExecutable))
             {
                 error_msg("Executable '%s' seems to be modified, "
@@ -662,6 +668,7 @@ static mw_result_t SavePackageDescriptionToDebugDump(
                                 pExecutable, packageName.c_str());
                 return MW_GPG_ERROR;
             }
+            */
         }
     }
 
diff --git a/src/Daemon/abrt.conf b/src/Daemon/abrt.conf
index bffc48da..1dd994a8 100644
--- a/src/Daemon/abrt.conf
+++ b/src/Daemon/abrt.conf
@@ -4,7 +4,7 @@
 # Checking signatures may require prelink to be run.
 # This has a remote possibility of breaking binaries and libraries,
 # and also SELinux gets unhappy about prelink trying to modify them.
-OpenGPGCheck = no
+OpenGPGCheck = yes
 # GPG keys
 OpenGPGPublicKeys = /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
 # Blacklisted packages
-- 
cgit