diff options
author | Thomas Bächler <thomas@archlinux.org> | 2014-02-28 01:45:05 +0100 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2014-03-03 02:25:55 +0100 |
commit | 620d2d9d587b9f361fedb464501f59141c98d3da (patch) | |
tree | f4d3badcde6947da7400669e6a1b1659e3a3a45b | |
parent | b2488eb356281e5da56d12286f07798f8ca8d2cb (diff) | |
download | pacman-620d2d9d587b9f361fedb464501f59141c98d3da.tar.gz pacman-620d2d9d587b9f361fedb464501f59141c98d3da.tar.xz |
makepkg: Support kernel.org's PGP signature scheme
Files hosted on kernel.org only provide signatures for the uncompressed tarball.
Support this scheme by transparently uncompressing the archives and piping
the data into gpg.
Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r-- | scripts/makepkg.sh.in | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 70d501c9..e230c152 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1250,7 +1250,7 @@ check_pgpsigs() { msg "$(gettext "Verifying source file signatures with %s...")" "gpg" - local file pubkey + local file pubkey ext decompress found local warning=0 local errors=0 local statusfile=$(mktemp) @@ -1269,13 +1269,30 @@ check_pgpsigs() { continue fi - if ! sourcefile="$(get_filepath "${file%.*}")"; then + found=0 + for ext in "" gz bz2 xz lrz lzo Z; do + if sourcefile="$(get_filepath "${file%.*}${ext:+.$ext}")"; then + found=1 + break; + fi + done + if (( ! found )); then printf '%s\n' "$(gettext "SOURCE FILE NOT FOUND")" >&2 errors=1 continue fi - if ! gpg --quiet --batch --status-file "$statusfile" --verify "$file" "$sourcefile" 2> /dev/null; then + case "$ext" in + gz) decompress="gzip -c -d -f" ;; + bz2) decompress="bzip2 -c -d -f" ;; + xz) decompress="xz -c -d" ;; + lrz) decompress="lrzip -q -d" ;; + lzo) decompress="lzop -c -d -q" ;; + Z) decompress="uncompress -c -f" ;; + "") decompress="cat" ;; + esac + + if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then printf '%s' "$(gettext "FAILED")" >&2 if ! pubkey=$(awk '/NO_PUBKEY/ { print $3; exit 1; }' "$statusfile"); then printf ' (%s)' "$(gettext "unknown public key") $pubkey" >&2 |