diff options
author | Allan McRae <allan@archlinux.org> | 2016-06-12 06:18:24 +0200 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2016-08-30 10:10:40 +0200 |
commit | 1291c04961e6c27e93ef376583d46ec2aa3036a1 (patch) | |
tree | 414f09ef065a5eb1544756db047c2e3993d2287a /scripts | |
parent | 80d97fcf7526f16d9eb097b8061956662207ed78 (diff) | |
download | pacman-1291c04961e6c27e93ef376583d46ec2aa3036a1.tar.gz pacman-1291c04961e6c27e93ef376583d46ec2aa3036a1.tar.xz |
pacman-key: reject armored signatures
pacman expects an unarmored signature. makepkg forces the generation of
unarmored signatures, and repo-add will reject any armored signature.
For consistency pacman-key should also reject armored signatures.
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/pacman-key.sh.in | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 0db09522..ffefc68c 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -483,6 +483,10 @@ verify_sig() { local ret=0 for sig; do msg "Checking %s..." "$sig" + if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then + error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig" + return 1 + fi if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then error "$(gettext "The signature identified by %s could not be verified.")" "$sig" ret=1 |