mirror of
https://github.com/moparisthebest/pacman
synced 2024-08-13 17:03:46 -04:00
makepkg: Treat a signature from an untrusted key as an error
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
parent
34ae6ce4e5
commit
d174cc8943
@ -1283,6 +1283,12 @@ parse_gpg_statusfile() {
|
|||||||
status="error"
|
status="error"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
TRUST_UNDEFINED|TRUST_NEVER)
|
||||||
|
trusted=0
|
||||||
|
;;
|
||||||
|
TRUST_MARGINAL|TRUST_FULLY|TRUST_ULTIMATE)
|
||||||
|
trusted=1
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
done < "$1"
|
done < "$1"
|
||||||
}
|
}
|
||||||
@ -1293,7 +1299,7 @@ check_pgpsigs() {
|
|||||||
|
|
||||||
msg "$(gettext "Verifying source file signatures with %s...")" "gpg"
|
msg "$(gettext "Verifying source file signatures with %s...")" "gpg"
|
||||||
|
|
||||||
local file ext decompress found pubkey success status
|
local file ext decompress found pubkey success status trusted
|
||||||
local warning=0
|
local warning=0
|
||||||
local errors=0
|
local errors=0
|
||||||
local statusfile=$(mktemp)
|
local statusfile=$(mktemp)
|
||||||
@ -1340,6 +1346,7 @@ check_pgpsigs() {
|
|||||||
success=0
|
success=0
|
||||||
status=
|
status=
|
||||||
pubkey=
|
pubkey=
|
||||||
|
trusted=
|
||||||
parse_gpg_statusfile "$statusfile"
|
parse_gpg_statusfile "$statusfile"
|
||||||
if (( ! $success )); then
|
if (( ! $success )); then
|
||||||
printf '%s' "$(gettext "FAILED")" >&2
|
printf '%s' "$(gettext "FAILED")" >&2
|
||||||
@ -1359,17 +1366,22 @@ check_pgpsigs() {
|
|||||||
esac
|
esac
|
||||||
errors=1
|
errors=1
|
||||||
else
|
else
|
||||||
printf '%s' "$(gettext "Passed")" >&2
|
if (( ! $trusted )); then
|
||||||
case "$status" in
|
printf "%s ($(gettext "the public key %s is not trusted"))" $(gettext "FAILED") "$pubkey" >&2
|
||||||
"expired")
|
errors=1
|
||||||
printf ' (%s)' "$(gettext "WARNING:") $(gettext "the signature has expired.")" >&2
|
else
|
||||||
warnings=1
|
printf '%s' "$(gettext "Passed")" >&2
|
||||||
;;
|
case "$status" in
|
||||||
"expiredkey")
|
"expired")
|
||||||
printf ' (%s)' "$(gettext "WARNING:") $(gettext "the key has expired.")" >&2
|
printf ' (%s)' "$(gettext "WARNING:") $(gettext "the signature has expired.")" >&2
|
||||||
warnings=1
|
warnings=1
|
||||||
;;
|
;;
|
||||||
esac
|
"expiredkey")
|
||||||
|
printf ' (%s)' "$(gettext "WARNING:") $(gettext "the key has expired.")" >&2
|
||||||
|
warnings=1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
printf '\n' >&2
|
printf '\n' >&2
|
||||||
done
|
done
|
||||||
|
Loading…
Reference in New Issue
Block a user