diff options
| author | Pierre Schmitz <pierre@archlinux.de> | 2012-03-31 15:55:14 +0200 |
|---|---|---|
| committer | Dan McGee <dan@archlinux.org> | 2012-04-07 10:22:10 -0500 |
| commit | a8f03d07c7eaae02a55065a4a2f098ef6d8b5bff (patch) | |
| tree | 7405a631ee1b159af42dd9ccbeec5274b127e7d3 | |
| parent | 114d121001d8c3e901d5330b864d58870c6e917b (diff) | |
| download | pacman-a8f03d07c7eaae02a55065a4a2f098ef6d8b5bff.tar.gz pacman-a8f03d07c7eaae02a55065a4a2f098ef6d8b5bff.zip | |
pacman-key: Actually verify signatures and exit with correct codes
We cannot rely on gpg's exit code. Instead we have to check the status-fd to
figure out whether a signature is valid or not.
In addition to this pacman-key --verify can now be used in scripts as it will
return an exit code of 1 if the signature is invalid.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
| -rw-r--r-- | scripts/pacman-key.sh.in | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index ccc387b2..278e3d6e 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -439,10 +439,14 @@ refresh_keys() { } verify_sig() { - if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then + local fd="$(mktemp)" + "${GPG_PACMAN[@]}" --status-file "${fd}" --verify $SIGNATURE + if ! grep -q TRUST_FULLY "${fd}"; then + rm -f "${fd}" error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE" exit 1 fi + rm -f "${fd}" } updatedb() { |