[pacman-dev] [PATCH] pacman-key: reject armored signatures
Allan McRae
allan at archlinux.org
Sun Jun 12 04:28:48 UTC 2016
pacman expectes and unarmored signature. makepkg forces the generation of
unarmored signatures, and repo-add will reject any armored signature.
For consistency pacman-key should also reject armored signatures.
Signed-off-by: Allan McRae <allan at archlinux.org>
---
scripts/pacman-key.sh.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 0db0952..ffefc68 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -483,6 +483,10 @@ verify_sig() {
local ret=0
for sig; do
msg "Checking %s..." "$sig"
+ if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
+ error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
+ return 1
+ fi
if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
ret=1
--
2.8.3
More information about the pacman-dev
mailing list