summaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorEli Schwartz <eschwartz@archlinux.org>2020-06-09 04:03:18 +0200
committerAllan McRae <allan@archlinux.org>2020-06-11 02:57:59 +0200
commit02ae97b0da220d9079c6c2c1ac3e3ab0d12c1ac7 (patch)
tree1d0f0db5fefafae224908e6513369bba5680f35e /scripts
parent899d39b635d46f9e2daff1aada75ea07f08fef64 (diff)
downloadpacman-02ae97b0da220d9079c6c2c1ac3e3ab0d12c1ac7.tar.gz
pacman-02ae97b0da220d9079c6c2c1ac3e3ab0d12c1ac7.tar.xz
makepkg/repo-add: do not accept public-only keys for signing
If it's not listed by --list-secret-key we don't care if it has been imported into your keyring, it's unusable. And you might not have a private key at all in the no-keyid-specified case. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts')
-rw-r--r--scripts/makepkg.sh.in2
-rw-r--r--scripts/repo-add.sh.in2
2 files changed, 2 insertions, 2 deletions
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 0de77c0c..ed31ca0e 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1286,7 +1286,7 @@ fi
# check if gpg signature is to be created and if signing key is valid
if { [[ -z $SIGNPKG ]] && check_buildenv "sign" "y"; } || [[ $SIGNPKG == 'y' ]]; then
SIGNPKG='y'
- if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
+ if ! gpg --list-secret-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
if [[ ! -z $GPGKEY ]]; then
error "$(gettext "The key %s does not exist in your keyring.")" "${GPGKEY}"
else
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 272d8d22..160fd93a 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -137,7 +137,7 @@ check_gpg() {
fi
if (( ! VERIFY )); then
- if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
+ if ! gpg --list-secret-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
if [[ ! -z $GPGKEY ]]; then
error "$(gettext "The key ${GPGKEY} does not exist in your keyring.")"
elif (( ! KEY )); then