[PATCH setup draft 2/4] Insist on cygwin signing key for official mirrors

[Ken Brown]

If a mirror comes from mirrors.lst, validate the signature using the
cygwin signing key only.
---
 ini.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ini.cc b/ini.cc
index 18ab2e3..4be8263 100644
--- a/ini.cc
+++ b/ini.cc
@@ -292,8 +292,12 @@ do_remote_ini (HWND owner)
          current_ini_sig_name = current_ini_name + ".sig";
          ini_sig_file = get_url_to_membuf (current_ini_sig_name, owner);
          ini_file = get_url_to_membuf (current_ini_name, owner);
+
+         // Official mirrors must be signed by the cygwin key.
+         bool main_key_only = n->from_mirrors_lst;
          ini_file = check_ini_sig (ini_file, ini_sig_file, sig_fail,
-                                   n->url.c_str (), current_ini_sig_name.c_str 
(), owner);
+                                   n->url.c_str (), current_ini_sig_name.c_str 
(), owner, main_key_only);
+
          // stop searching as soon as we find a setup file
          if (ini_file)
            break;
-- 
2.15.1