[pacman-dev] [PATCH 1/2] repo-add: Generate unarmored DB signature
Pacman cannot handle armored signatures, so use gpg's --no-armor flag to force an unarmored signature. --- scripts/repo-add.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 3ece8d5..7e242ce 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -264,7 +264,7 @@ create_signature() { if [[ -n $GPGKEY ]]; then SIGNWITHKEY="-u ${GPGKEY}" fi - gpg --detach-sign --use-agent ${SIGNWITHKEY} "$dbfile" &>/dev/null || ret=$? + gpg --detach-sign --use-agent --no-armor ${SIGNWITHKEY} "$dbfile" &>/dev/null || ret=$? if (( ! ret )); then msg2 "$(gettext "Created signature file '%s'")" "${dbfile##*/.tmp.}.sig" -- 2.4.1
Pacman cannot handle armored signatures, so make repo-add error out if one is detected. --- scripts/repo-add.sh.in | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 7e242ce..4f9f7c3 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -364,6 +364,11 @@ db_write_entry() { # compute base64'd PGP signature if [[ -f "$pkgfile.sig" ]]; then + if head -1 "$pkgfile.sig" | grep -q 'BEGIN PGP SIGNATURE'; then + error "$(gettext "Armored package signature '%s' found, \ +unarmored signatures required.")" "$pkgfile.sig" + return 1 + fi pgpsigsize=$(@SIZECMD@ -L "$pkgfile.sig") if (( pgpsigsize > 16384 )); then error "$(gettext "Invalid package signature file '%s'.")" "$pkgfile.sig" -- 2.4.1
On 26/05/15 19:46, Johannes Löthberg wrote:
Pacman cannot handle armored signatures, so make repo-add error out if one is detected. --- scripts/repo-add.sh.in | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 7e242ce..4f9f7c3 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -364,6 +364,11 @@ db_write_entry() {
# compute base64'd PGP signature if [[ -f "$pkgfile.sig" ]]; then + if head -1 "$pkgfile.sig" | grep -q 'BEGIN PGP SIGNATURE'; then
Why is head being used here?
+ error "$(gettext "Armored package signature '%s' found, \ +unarmored signatures required.")" "$pkgfile.sig" + return 1 + fi pgpsigsize=$(@SIZECMD@ -L "$pkgfile.sig") if (( pgpsigsize > 16384 )); then error "$(gettext "Invalid package signature file '%s'.")" "$pkgfile.sig"
On 26/05, Allan McRae wrote:
On 26/05/15 19:46, Johannes Löthberg wrote:
Pacman cannot handle armored signatures, so make repo-add error out if one is detected. --- scripts/repo-add.sh.in | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 7e242ce..4f9f7c3 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -364,6 +364,11 @@ db_write_entry() {
# compute base64'd PGP signature if [[ -f "$pkgfile.sig" ]]; then + if head -1 "$pkgfile.sig" | grep -q 'BEGIN PGP SIGNATURE'; then
Why is head being used here?
I think I originally used it in case the file had some other content, but there's really no need for it. Will remove it.
+ error "$(gettext "Armored package signature '%s' found, \ +unarmored signatures required.")" "$pkgfile.sig" + return 1 + fi pgpsigsize=$(@SIZECMD@ -L "$pkgfile.sig") if (( pgpsigsize > 16384 )); then error "$(gettext "Invalid package signature file '%s'.")" "$pkgfile.sig"
-- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
Pacman cannot handle armored signatures, so make repo-add error out if one is detected. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> --- Now beheaded. scripts/repo-add.sh.in | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 7e242ce..076e987 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -364,6 +364,11 @@ db_write_entry() { # compute base64'd PGP signature if [[ -f "$pkgfile.sig" ]]; then + if grep -q 'BEGIN PGP SIGNATURE' "$pkgfile.sig"; then + error "$(gettext "Armored package signature '%s' found, \ +unarmored signatures required.")" "$pkgfile.sig" + return 1 + fi pgpsigsize=$(@SIZECMD@ -L "$pkgfile.sig") if (( pgpsigsize > 16384 )); then error "$(gettext "Invalid package signature file '%s'.")" "$pkgfile.sig" -- 2.4.1
Pacman cannot handle armored signatures, so use gpg's --no-armor flag to force an unarmored signature. --- scripts/repo-add.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 3ece8d5..7e242ce 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -264,7 +264,7 @@ create_signature() { if [[ -n $GPGKEY ]]; then SIGNWITHKEY="-u ${GPGKEY}" fi - gpg --detach-sign --use-agent ${SIGNWITHKEY} "$dbfile" &>/dev/null || ret=$? + gpg --detach-sign --use-agent --no-armor ${SIGNWITHKEY} "$dbfile" &>/dev/null || ret=$? if (( ! ret )); then msg2 "$(gettext "Created signature file '%s'")" "${dbfile##*/.tmp.}.sig" -- 2.4.2
Pacman cannot handle armored signatures, so make repo-add error out if one is detected. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> --- Error message changed as per IRC discussion with Allan scripts/repo-add.sh.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 7e242ce..69993a9 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -364,6 +364,10 @@ db_write_entry() { # compute base64'd PGP signature if [[ -f "$pkgfile.sig" ]]; then + if grep -q 'BEGIN PGP SIGNATURE' "$pkgfile.sig"; then + error "$(gettext "Cannot use armored signatures for packages: %s")" "$pkgfile.sig" + return 1 + fi pgpsigsize=$(@SIZECMD@ -L "$pkgfile.sig") if (( pgpsigsize > 16384 )); then error "$(gettext "Invalid package signature file '%s'.")" "$pkgfile.sig" -- 2.4.2
participants (2)
-
Allan McRae
-
Johannes Löthberg