summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEli Schwartz <eschwartz@archlinux.org>2020-06-09 03:59:18 +0200
committerAllan McRae <allan@archlinux.org>2020-06-11 02:56:30 +0200
commit899d39b635d46f9e2daff1aada75ea07f08fef64 (patch)
tree746022d39a0f368f293f521b6758257314527d98
parentbf458cced7c0845f7b6fabb887d3878ae4cd51b2 (diff)
downloadpacman-899d39b635d46f9e2daff1aada75ea07f08fef64.tar.gz
pacman-899d39b635d46f9e2daff1aada75ea07f08fef64.tar.xz
makepkg/repo-add: handle GPGKEY with spaces
We pass this to gpg -u and this gpg option can accept a number of different formats, not just the historical hexadecimal fingerprint we assumed. We should not barf hard if a format is used which happens to contain spaces. This also fixes a validation bug. When we initially check if the desired key is available, we don't quote spaces, so gpg goes ahead and treats each space-separated string as a *different key* to search for, returning partial matches, and returning success if at least one key is found. But gpg --detach-sign -u will certainly not accept multiple keys! Fixes FS#66949 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r--scripts/libmakepkg/integrity/generate_signature.sh.in6
-rw-r--r--scripts/makepkg.sh.in2
-rw-r--r--scripts/repo-add.sh.in8
3 files changed, 8 insertions, 8 deletions
diff --git a/scripts/libmakepkg/integrity/generate_signature.sh.in b/scripts/libmakepkg/integrity/generate_signature.sh.in
index aec96c03..748087c2 100644
--- a/scripts/libmakepkg/integrity/generate_signature.sh.in
+++ b/scripts/libmakepkg/integrity/generate_signature.sh.in
@@ -29,12 +29,12 @@ create_signature() {
local ret=0
local filename="$1"
- local SIGNWITHKEY=""
+ local SIGNWITHKEY=()
if [[ -n $GPGKEY ]]; then
- SIGNWITHKEY="-u ${GPGKEY}"
+ SIGNWITHKEY=(-u "${GPGKEY}")
fi
- gpg --detach-sign --use-agent ${SIGNWITHKEY} --no-armor "$filename" &>/dev/null || ret=$?
+ gpg --detach-sign --use-agent "${SIGNWITHKEY[@]}" --no-armor "$filename" &>/dev/null || ret=$?
if (( ! ret )); then
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index caf809f3..0de77c0c 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1286,7 +1286,7 @@ fi
# check if gpg signature is to be created and if signing key is valid
if { [[ -z $SIGNPKG ]] && check_buildenv "sign" "y"; } || [[ $SIGNPKG == 'y' ]]; then
SIGNPKG='y'
- if ! gpg --list-key ${GPGKEY} &>/dev/null; then
+ if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
if [[ ! -z $GPGKEY ]]; then
error "$(gettext "The key %s does not exist in your keyring.")" "${GPGKEY}"
else
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 545c2929..272d8d22 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -137,7 +137,7 @@ check_gpg() {
fi
if (( ! VERIFY )); then
- if ! gpg --list-key ${GPGKEY} &>/dev/null; then
+ if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
if [[ ! -z $GPGKEY ]]; then
error "$(gettext "The key ${GPGKEY} does not exist in your keyring.")"
elif (( ! KEY )); then
@@ -155,11 +155,11 @@ create_signature() {
local ret=0
msg "$(gettext "Signing database '%s'...")" "${dbfile##*/.tmp.}"
- local SIGNWITHKEY=""
+ local SIGNWITHKEY=()
if [[ -n $GPGKEY ]]; then
- SIGNWITHKEY="-u ${GPGKEY}"
+ SIGNWITHKEY=(-u "${GPGKEY}")
fi
- gpg --detach-sign --use-agent --no-armor ${SIGNWITHKEY} "$dbfile" &>/dev/null || ret=$?
+ gpg --detach-sign --use-agent --no-armor "${SIGNWITHKEY[@]}" "$dbfile" &>/dev/null || ret=$?
if (( ! ret )); then
msg2 "$(gettext "Created signature file '%s'")" "${dbfile##*/.tmp.}.sig"