Signed-off-by: Allan McRae
---
config | 1 +
db-functions | 14 ++++++++++++++
db-update | 2 +-
3 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/config b/config
index 3df6c95..d1413cc 100644
--- a/config
+++ b/config
@@ -18,6 +18,7 @@ SOURCE_CLEANUP_DRYRUN=false
SOURCE_CLEANUP_KEEP=14
REQUIRE_SIGNATURE=true
+MASTER_KEYS=('6AC6A4C2' '824B18E8' '4C7EA887' 'FFF979E7' 'CDFD6BB0')
LOCK_DELAY=10
LOCK_TIMEOUT=300
diff --git a/db-functions b/db-functions
index bb49894..26e6825 100644
--- a/db-functions
+++ b/db-functions
@@ -381,6 +381,20 @@ check_pkgsvn() {
return 0
}
+check_signature() {
+ local pkgfile="${1}"
+
+ if ! pacman-key -v "${pkgfile}.sig" >/dev/null 2>&1
+ return 1
+ fi
+
+ for k in ${MASTER_KEYS}; do
+ if pacman-key -v "${pkgfile}.sig" 2>&1 | grep -q "key ID ${k}"
+ return 1
+ fi
+ done
+}
+
check_splitpkgs() {
local repo="${1}"
shift
diff --git a/db-update b/db-update
index 576fe2b..087a248 100755
--- a/db-update
+++ b/db-update
@@ -42,7 +42,7 @@ for repo in ${repos[@]}; do
if ! check_pkgfile "${pkg}"; then
die "Package ${repo}/${pkg##*/} is not consistent with its meta data"
fi
- if ${REQUIRE_SIGNATURE} && ! pacman-key -v "${pkg}.sig" >/dev/null 2>&1; then
+ if ${REQUIRE_SIGNATURE} && ! check_pkgsig ${pkg}; then
die "Package ${repo}/${pkg##*/} does not have a valid signature"
fi
if ! check_pkgsvn "${pkg}" "${repo}"; then
--
1.8.4.2