Move getting "signatures" from pkg_signatures to verify_package

mamba-org · Feb 20, 2024 · 10fc1a2 · 10fc1a2
1 parent 9689fd0
commit 10fc1a2
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/libmamba/src/validation/update_framework_v0_6.cpp b/libmamba/src/validation/update_framework_v0_6.cpp
@@ -586,12 +586,7 @@ namespace mamba::validation::v0_6
 
     auto PkgMgrRole::pkg_signatures(const nlohmann::json& j) const -> std::set<RoleSignature>
     {
-        // Libsolv's `repodata.json` parsing returns the signatures alongside other package info
-        // But, we are here only interested in the signatures
-        // In the case of parsing using mamba/simdjson, the solvable signatures are set to have the
-        // same format
-        auto j_sig = j["signatures"];
-        auto sigs = j_sig.get<std::map<std::string, std::map<std::string, std::string>>>();
+        auto sigs = j.get<std::map<std::string, std::map<std::string, std::string>>>();
         std::set<RoleSignature> unique_sigs;
 
         for (auto& s : sigs)
@@ -677,7 +672,15 @@ namespace mamba::validation::v0_6
     {
         try
         {
-            check_pkg_signatures(signed_data, signatures);
+            // Libsolv's `repodata.json` parsing returns the signatures alongside other package info
+            // i.e: {"info":{},"signatures":{"public_key":{"signature":"metadata_signature"}}}
+            // But, we are here only interested in the signatures
+            // In the case of parsing using mamba/simdjson, the solvable signatures are set to have
+            // the same format
+            check_pkg_signatures(
+                signed_data,
+                signatures.at("signatures").get<nlohmann::json::object_t>()
+            );
         }
         catch (const threshold_error& e)
         {