pacman expectes and unarmored signature. makepkg forces the generation of unarmored signatures, and repo-add will reject any armored signature. For consistency pacman-key should also reject armored signatures. Signed-off-by: Allan McRae <allan@archlinux.org> --- scripts/pacman-key.sh.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 0db0952..ffefc68 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -483,6 +483,10 @@ verify_sig() { local ret=0 for sig; do msg "Checking %s..." "$sig" + if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then + error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig" + return 1 + fi if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then error "$(gettext "The signature identified by %s could not be verified.")" "$sig" ret=1 -- 2.8.3