[pacman-dev] [PATCH v2] makepkg/repo-add: handle GPGKEY with spaces

Allan McRae allan at archlinux.org
Thu Jun 11 00:57:03 UTC 2020


On 9/6/20 11:59 am, Eli Schwartz wrote:
> We pass this to gpg -u and this gpg option can accept a number of
> different formats, not just the historical hexadecimal fingerprint we
> assumed. We should not barf hard if a format is used which happens to
> contain spaces.
> 
> This also fixes a validation bug. When we initially check if the desired
> key is available, we don't quote spaces, so gpg goes ahead and treats
> each space-separated string as a *different key* to search for,
> returning partial matches, and returning success if at least one key is
> found. But gpg --detach-sign -u will certainly not accept multiple keys!
> 
> Fixes FS#66949
> 
> Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
> ---
> 
> v2: fix case of GPGKEY="" with signing enabled reporting that no keys
> exist in the keyring. Only expand the quoted GPGKEY if it is non-empty.
>

Ack.


More information about the pacman-dev mailing list