From 1e9cd30e488cd133d24eac7ed9cac7806db2c406 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Mon, 8 Jun 2020 22:03:18 -0400 Subject: makepkg/repo-add: do not accept public-only keys for signing If it's not listed by --list-secret-key we don't care if it has been imported into your keyring, it's unusable. And you might not have a private key at all in the no-keyid-specified case. Signed-off-by: Eli Schwartz Signed-off-by: Allan McRae (cherry picked from commit 02ae97b0da220d9079c6c2c1ac3e3ab0d12c1ac7) --- scripts/makepkg.sh.in | 2 +- scripts/repo-add.sh.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 703eb52e..c9e381d5 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1284,7 +1284,7 @@ fi # check if gpg signature is to be created and if signing key is valid if { [[ -z $SIGNPKG ]] && check_buildenv "sign" "y"; } || [[ $SIGNPKG == 'y' ]]; then SIGNPKG='y' - if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then + if ! gpg --list-secret-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then if [[ ! -z $GPGKEY ]]; then error "$(gettext "The key %s does not exist in your keyring.")" "${GPGKEY}" else diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 4345b6a4..b0b3505d 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -138,7 +138,7 @@ check_gpg() { fi if (( ! VERIFY )); then - if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then + if ! gpg --list-secret-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then if [[ ! -z $GPGKEY ]]; then error "$(gettext "The key ${GPGKEY} does not exist in your keyring.")" elif (( ! KEY )); then -- cgit v1.2.3-24-g4f1b