1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-22 15:58:50 -05:00

pacman-key: refine permission and locking checks

* secring.gpg can be 600, readable by root user only
* ensure grep for lock-never option in check_keyring doesn't catch comments

Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dan McGee 2011-08-25 12:59:26 -05:00 committed by Allan McRae
parent e1b9f7b300
commit 7ceeebf150

View File

@ -109,7 +109,8 @@ initialize() {
[[ -f ${PACMAN_KEYRING_DIR}/pubring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/pubring.gpg
[[ -f ${PACMAN_KEYRING_DIR}/secring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/secring.gpg
[[ -f ${PACMAN_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACMAN[@]}" --update-trustdb
chmod 644 ${PACMAN_KEYRING_DIR}/{{pub,sec}ring,trustdb}.gpg
chmod 644 ${PACMAN_KEYRING_DIR}/{pubring,trustdb}.gpg
chmod 600 ${PACMAN_KEYRING_DIR}/secring.gpg
# gpg.conf
[[ -f ${PACMAN_KEYRING_DIR}/gpg.conf ]] || touch ${PACMAN_KEYRING_DIR}/gpg.conf
@ -121,7 +122,6 @@ initialize() {
check_keyring() {
if [[ ! -r ${PACMAN_KEYRING_DIR}/pubring.gpg || \
! -r ${PACMAN_KEYRING_DIR}/secring.gpg || \
! -r ${PACMAN_KEYRING_DIR}/trustdb.gpg ]]; then
error "$(gettext "You do not have sufficient permissions to read the %s keyring...")" "pacman"
msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init"
@ -129,7 +129,7 @@ check_keyring() {
fi
if (( (EXPORT || FINGER || LIST || VERIFY) && EUID != 0 )); then
if ! grep -w -q "lock-never" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then
if ! grep -q "^[[:space:]]*lock-never[[:space:]]*$" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then
error "$(gettext "You do not have sufficient permissions to run this command...")"
msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init"
exit 1