Use a more generic regexp when parsing output of gpg(1) in signature verification.

The current way of extracting key trust from output of gpg --verify is not very robust against changes in the format of said output. As a result, pacman-key can return an error even if the signature is actuall good. This change relaxes the regexp when parsing output of gpg. Signed-off-by: Leonid Isaev <leonid.isaev@jila.colorado.edu> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 892a1076c00a2b0097145c35f5d8ef590216dac0)
author: Leonid Isaev <leonid.isaev@jila.colorado.edu> 2016-05-08 01:24:17 +0200
committer: Allan McRae <allan@archlinux.org> 2016-05-18 07:46:59 +0200
commit: c2f9758018479c15a34887d960f36ba9b532175f (patch)
tree: c98a855676837966807b0b766a07d2d4a40c989e
parent: 5469161dad387b71d605cfeb2c6c369df6f939e3 (diff)
download: pacman-c2f9758018479c15a34887d960f36ba9b532175f.tar.gz
pacman-c2f9758018479c15a34887d960f36ba9b532175f.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 30d27047..0db09522 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -483,7 +483,7 @@ verify_sig() {
 	local ret=0
 	for sig; do
 		msg "Checking %s..." "$sig"
-		if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE)$'; then
+		if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
 			error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
 			ret=1
 		fi
author	Leonid Isaev <leonid.isaev@jila.colorado.edu>	2016-05-08 01:24:17 +0200
committer	Allan McRae <allan@archlinux.org>	2016-05-18 07:46:59 +0200
commit	c2f9758018479c15a34887d960f36ba9b532175f (patch)
tree	c98a855676837966807b0b766a07d2d4a40c989e
parent	5469161dad387b71d605cfeb2c6c369df6f939e3 (diff)
download	pacman-c2f9758018479c15a34887d960f36ba9b532175f.tar.gz pacman-c2f9758018479c15a34887d960f36ba9b532175f.tar.xz