summaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorThomas Bächler <thomas@archlinux.org>2014-02-28 01:45:05 +0100
committerAllan McRae <allan@archlinux.org>2014-03-03 02:25:55 +0100
commit620d2d9d587b9f361fedb464501f59141c98d3da (patch)
treef4d3badcde6947da7400669e6a1b1659e3a3a45b /scripts
parentb2488eb356281e5da56d12286f07798f8ca8d2cb (diff)
downloadpacman-620d2d9d587b9f361fedb464501f59141c98d3da.tar.gz
pacman-620d2d9d587b9f361fedb464501f59141c98d3da.tar.xz
makepkg: Support kernel.org's PGP signature scheme
Files hosted on kernel.org only provide signatures for the uncompressed tarball. Support this scheme by transparently uncompressing the archives and piping the data into gpg. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts')
-rw-r--r--scripts/makepkg.sh.in23
1 files changed, 20 insertions, 3 deletions
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 70d501c9..e230c152 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1250,7 +1250,7 @@ check_pgpsigs() {
msg "$(gettext "Verifying source file signatures with %s...")" "gpg"
- local file pubkey
+ local file pubkey ext decompress found
local warning=0
local errors=0
local statusfile=$(mktemp)
@@ -1269,13 +1269,30 @@ check_pgpsigs() {
continue
fi
- if ! sourcefile="$(get_filepath "${file%.*}")"; then
+ found=0
+ for ext in "" gz bz2 xz lrz lzo Z; do
+ if sourcefile="$(get_filepath "${file%.*}${ext:+.$ext}")"; then
+ found=1
+ break;
+ fi
+ done
+ if (( ! found )); then
printf '%s\n' "$(gettext "SOURCE FILE NOT FOUND")" >&2
errors=1
continue
fi
- if ! gpg --quiet --batch --status-file "$statusfile" --verify "$file" "$sourcefile" 2> /dev/null; then
+ case "$ext" in
+ gz) decompress="gzip -c -d -f" ;;
+ bz2) decompress="bzip2 -c -d -f" ;;
+ xz) decompress="xz -c -d" ;;
+ lrz) decompress="lrzip -q -d" ;;
+ lzo) decompress="lzop -c -d -q" ;;
+ Z) decompress="uncompress -c -f" ;;
+ "") decompress="cat" ;;
+ esac
+
+ if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then
printf '%s' "$(gettext "FAILED")" >&2
if ! pubkey=$(awk '/NO_PUBKEY/ { print $3; exit 1; }' "$statusfile"); then
printf ' (%s)' "$(gettext "unknown public key") $pubkey" >&2