From b20f853ef161feea921c5cda794d09dbd65a709c Mon Sep 17 00:00:00 2001
From: Thomas Hobson <git@hexf.me>
Date: Sun, 21 Feb 2021 12:56:35 +1300
Subject: [PATCH] api: fix function name + allow unsigned packages

---
 api/src/helpers.js       |  2 +-
 api/src/ppman/package.js | 36 +++++++++++++++++++-----------------
 api/src/ppman/repo.js    |  2 +-
 3 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/api/src/helpers.js b/api/src/helpers.js
index 0a67c5b..ba3ef56 100644
--- a/api/src/helpers.js
+++ b/api/src/helpers.js
@@ -6,7 +6,7 @@ const fs = require('fs/promises'),
 
 
 module.exports = {
-    async buffer_from_u_r_l(url){
+    async buffer_from_url(url){
         if(!(url instanceof URL))
             url = new URL(url);
         if(url.protocol == 'file:'){
diff --git a/api/src/ppman/package.js b/api/src/ppman/package.js
index 5ccdf4d..e45877a 100644
--- a/api/src/ppman/package.js
+++ b/api/src/ppman/package.js
@@ -57,7 +57,7 @@ class Package {
         logger.debug(`Downloading package from ${this.download_url} in to ${this.install_path}`);
         const pkgfile = helpers.url_basename(this.download_url);
         const pkgpath = path.join(this.install_path, pkgfile);
-        await helpers.buffer_from_u_r_l(this.download_url)
+        await helpers.buffer_from_url(this.download_url)
             .then(buf=> fs.write_file(pkgpath, buf));
 
         logger.debug('Validating checksums');
@@ -73,23 +73,25 @@ class Package {
         await this.repo.import_keys();
 
         logger.debug('Validating signatutes');
-        await new Promise((resolve,reject)=>{
-            const gpgspawn = cp.spawn('gpg', ['--verify', '-', pkgpath], {
-                stdio: ['pipe', 'ignore', 'ignore']
+        if(this.signature != "")
+            await new Promise((resolve,reject)=>{
+                const gpgspawn = cp.spawn('gpg', ['--verify', '-', pkgpath], {
+                    stdio: ['pipe', 'ignore', 'ignore']
+                });
+
+                gpgspawn.once('exit', (code, _) => {
+                    if(code == 0) resolve();
+                    else reject(new Error('Invalid signature'));
+                });
+
+                gpgspawn.once('error', reject);
+
+                gpgspawn.stdin.write(this.signature);
+                gpgspawn.stdin.end();
+                
             });
-
-            gpgspawn.once('exit', (code, _) => {
-                if(code == 0) resolve();
-                else reject(new Error('Invalid signature'));
-            });
-
-            gpgspawn.once('error', reject);
-
-            gpgspawn.stdin.write(this.signature);
-            gpgspawn.stdin.end();
-            
-        });
-        
+        else
+            logger.warn("Package does not contain a signature - allowing install, but proceed with caution")
 
         logger.debug(`Extracting package files from archive ${pkgfile} in to ${this.install_path}`);
         await new Promise((resolve, reject)=>{
diff --git a/api/src/ppman/repo.js b/api/src/ppman/repo.js
index fc6378c..4c6deab 100644
--- a/api/src/ppman/repo.js
+++ b/api/src/ppman/repo.js
@@ -24,7 +24,7 @@ class Repository {
     async load(){
         try{
             var index = await cache.get(this.cache_key,async ()=>{
-                return helpers.buffer_from_u_r_l(this.url);
+                return helpers.buffer_from_url(this.url);
             });
 
             var repo = yaml.load(index);