summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2016-06-12 14:18:24 +1000
committerAllan McRae <allan@archlinux.org>2016-08-30 18:10:40 +1000
commit1291c04961e6c27e93ef376583d46ec2aa3036a1 (patch)
tree414f09ef065a5eb1544756db047c2e3993d2287a
parent80d97fcf7526f16d9eb097b8061956662207ed78 (diff)
pacman-key: reject armored signatures
pacman expects an unarmored signature. makepkg forces the generation of unarmored signatures, and repo-add will reject any armored signature. For consistency pacman-key should also reject armored signatures. Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r--scripts/pacman-key.sh.in4
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 0db09522..ffefc68c 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -483,6 +483,10 @@ verify_sig() {
local ret=0
for sig; do
msg "Checking %s..." "$sig"
+ if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
+ error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
+ return 1
+ fi
if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
ret=1