From 892a1076c00a2b0097145c35f5d8ef590216dac0 Mon Sep 17 00:00:00 2001 From: Leonid Isaev Date: Sat, 7 May 2016 17:24:17 -0600 Subject: Use a more generic regexp when parsing output of gpg(1) in signature verification. The current way of extracting key trust from output of gpg --verify is not very robust against changes in the format of said output. As a result, pacman-key can return an error even if the signature is actuall good. This change relaxes the regexp when parsing output of gpg. Signed-off-by: Leonid Isaev Signed-off-by: Allan McRae --- scripts/pacman-key.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 30d27047..0db09522 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -483,7 +483,7 @@ verify_sig() { local ret=0 for sig; do msg "Checking %s..." "$sig" - if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE)$'; then + if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then error "$(gettext "The signature identified by %s could not be verified.")" "$sig" ret=1 fi -- cgit v1.2.3-70-g09d2