libmakepkg/integrity: fix regression that broke invalid file sigs
In 42e7020281 creating the gpg statusfile
for a source file was split into a separate function, which used the
return code to indicate unsigned files and proto-specific errors.
However, the fallback return code was set by the final gpg invocation,
which would be 1 if the signature was somehow broken (for example, the
key was not available in the gpg keyring). As a result makepkg thought
that file did not have a signature and skipped over it rather than
erroring out.
Fix this by explicitly setting the return code for all
verify_*_signature() functions.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Eli Schwartz
Allan McRae
parent
8bec63bf92
commit
135f4397c2
1 changed files with 2 additions and 0 deletions
|
|
@ -157,6 +157,7 @@ verify_file_signature() {
|
||||||
esac
|
esac
|
||||||
|
|
||||||
$decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null
|
$decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null
|
||||||
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
verify_git_signature() {
|
verify_git_signature() {
|
||||||
|
|
@ -193,6 +194,7 @@ verify_git_signature() {
|
||||||
errors=1
|
errors=1
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
parse_gpg_statusfile() {
|
parse_gpg_statusfile() {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue