1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-21 23:38:49 -05:00

pacman-key: reject armored signatures

pacman expects an unarmored signature.  makepkg forces the generation of
unarmored signatures, and repo-add will reject any armored signature.
For consistency pacman-key should also reject armored signatures.

Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Allan McRae 2016-06-12 14:18:24 +10:00
parent 80d97fcf75
commit 1291c04961

View File

@ -483,6 +483,10 @@ verify_sig() {
local ret=0 local ret=0
for sig; do for sig; do
msg "Checking %s..." "$sig" msg "Checking %s..." "$sig"
if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
return 1
fi
if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
error "$(gettext "The signature identified by %s could not be verified.")" "$sig" error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
ret=1 ret=1