[pacman-dev] [PATCH 2/3] makepkg: Treat a signature from an untrusted key as an error
Thomas Bächler
thomas at archlinux.org
Sat Mar 8 11:40:16 EST 2014
---
scripts/makepkg.sh.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 4c235cf..015bdd7 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1303,6 +1303,9 @@ check_pgpsigs() {
if grep -q "REVKEYSIG" "$statusfile"; then
printf '%s (%s)' "$(gettext "FAILED")" "$(gettext "the key has been revoked.")" >&2
errors=1
+ elif grep -q -e "TRUST_UNDEFINED" -e "TRUST_NEVER" "$statusfile"; then
+ printf '%s (%s)' "$(gettext "FAILED")" "$(gettext "the key is not trusted")" >&2
+ errors=1
else
printf '%s' "$(gettext "Passed")" >&2
if grep -q "EXPSIG" "$statusfile"; then
--
1.9.0
More information about the pacman-dev
mailing list