moparisthebest
/
pacman
mirror of https://github.com/moparisthebest/pacman
1
0
Fork 0
Code Issues Releases Wiki Activity

Use a more generic regexp when parsing output of gpg(1) in signature verification. 

The current way of extracting key trust from output of gpg --verify is not very
robust against changes in the format of said output. As a result, pacman-key
can return an error even if the signature is actuall good.

This change relaxes the regexp when parsing output of gpg.

Signed-off-by: Leonid Isaev <leonid.isaev@jila.colorado.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Leonid Isaev 2016-05-07 17:24:17 -06:00 committed by Allan McRae
parent 87082e3f44
commit 892a1076c0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/pacman-key.sh.in
View File

@ -483,7 +483,7 @@ verify_sig() {
local ret=0
for sig; do
msg "Checking %s..." "$sig"
if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE)$'; then
if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
ret=1
fi