[pacman-dev] [PATCH 2/2] repo-add: Reject armored signatures

Johannes Löthberg johannes at kyriasis.com
Tue May 26 10:15:14 UTC 2015


On 26/05, Allan McRae wrote:
>On 26/05/15 19:46, Johannes Löthberg wrote:
>> Pacman cannot handle armored signatures, so make repo-add error out if
>> one is detected.
>> ---
>>  scripts/repo-add.sh.in | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
>> index 7e242ce..4f9f7c3 100644
>> --- a/scripts/repo-add.sh.in
>> +++ b/scripts/repo-add.sh.in
>> @@ -364,6 +364,11 @@ db_write_entry() {
>>
>>  	# compute base64'd PGP signature
>>  	if [[ -f "$pkgfile.sig" ]]; then
>> +		if head -1 "$pkgfile.sig" | grep -q 'BEGIN PGP SIGNATURE'; then
>
>Why is head being used here?
>

I think I originally used it in case the file had some other content, 
but there's really no need for it. Will remove it.

>> +			error "$(gettext "Armored package signature '%s' found, \
>> +unarmored signatures required.")" "$pkgfile.sig"
>> +			return 1
>> +		fi
>>  		pgpsigsize=$(@SIZECMD@ -L "$pkgfile.sig")
>>  		if (( pgpsigsize > 16384 )); then
>>  			error "$(gettext "Invalid package signature file '%s'.")" "$pkgfile.sig"
>>

-- 
Sincerely,
  Johannes Löthberg
  PGP Key ID: 0x50FB9B273A9D0BB5
  https://theos.kyriasis.com/~kyrias/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1495 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20150526/18d57dd9/attachment.asc>


More information about the pacman-dev mailing list