mirror of
https://github.com/moparisthebest/pacman
synced 2024-08-13 17:03:46 -04:00
pacman-key: Actually verify signatures and exit with correct codes
We cannot rely on gpg's exit code. Instead we have to check the status-fd to figure out whether a signature is valid or not. In addition to this pacman-key --verify can now be used in scripts as it will return an exit code of 1 if the signature is invalid. Signed-off-by: Pierre Schmitz <pierre@archlinux.de> Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
parent
114d121001
commit
a8f03d07c7
@ -439,10 +439,14 @@ refresh_keys() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
verify_sig() {
|
verify_sig() {
|
||||||
if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then
|
local fd="$(mktemp)"
|
||||||
|
"${GPG_PACMAN[@]}" --status-file "${fd}" --verify $SIGNATURE
|
||||||
|
if ! grep -q TRUST_FULLY "${fd}"; then
|
||||||
|
rm -f "${fd}"
|
||||||
error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE"
|
error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
rm -f "${fd}"
|
||||||
}
|
}
|
||||||
|
|
||||||
updatedb() {
|
updatedb() {
|
||||||
|
Loading…
Reference in New Issue
Block a user