[pacman-dev] [PATCH] pacman-key: test for content in keyring files
Test for file content (-s) rather than just existance (-f). This fixes a bug that manifests itself in the case of an empty -revoked file. A zero element 'keys' array would be passed to gpg, forcing it to list and, subsequently, revoke all known keys. Bug introduced in d1240f67eab6. Signed-off-by: Dave Reisner <dreisner@archlinux.org> --- I figured I should call this out on the list since a few people ran into it on IRC. Currently, running 'pacman-key --populate archlinux' with the archlinux-keyring package exhibits this bug. scripts/pacman-key.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index fb790f6..70117bb 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -287,7 +287,7 @@ populate_keyring() { # 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5: local -A trusted_ids for keyring in "${KEYRINGIDS[@]}"; do - if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then + if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then while IFS=: read key_id _; do # skip blank lines, comments; these are valid in this file [[ -z $key_id || ${key_id:0:1} = \# ]] && continue @@ -306,7 +306,7 @@ populate_keyring() { done msg "$(gettext "Importing owner trust values...")" for keyring in "${KEYRINGIDS[@]}"; do - if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then + if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" fi done @@ -317,7 +317,7 @@ populate_keyring() { # guarantee of identification for the keys. local -A revoked_ids for keyring in "${KEYRINGIDS[@]}"; do - if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then + if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then mapfile -t keys < "${KEYRING_IMPORT_DIR}/${keyring}-revoked" while IFS=: read _ _ _ _ key_id _; do if [[ -n $key_id ]]; then -- 1.7.10.2
participants (1)
-
Dave Reisner