bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

makepkg: Move check for signature metadata to central location

Browse source 
Move the check for the `NEWSIG` metadata keyword contained in the
GnuPG based statusfile to `parse_gpg_statusfile()` so that it is also
run when creating the statusfile in `verify_file_signature()` and not
only when running `verify_git_signature()`.

Signed-off-by: David Runge <dvzrv@archlinux.org>
This commit is contained in:
David Runge 2024-01-22 14:04:28 +01:00
parent 86ec26b2d3
commit 16a064701a
No known key found for this signature in database
GPG key ID: 9B7A287D9A2EC608
1 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
scripts/libmakepkg/integrity/verify_signature.sh.in
View file

@ -223,17 +223,19 @@ verify_git_signature() {
return 1 return 1
fi fi
if ! grep -qs NEWSIG "$statusfile"; then
printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
errors=1
return 1
fi
return 0 return 0
} }
parse_gpg_statusfile() { parse_gpg_statusfile() {
local type arg1 arg6 arg10 local type arg1 arg6 arg10
# ensure the NEWSIG keyword is part of the metadata
if ! grep -qs NEWSIG "$statusfile"; then
printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
errors=1
return 1
fi
while read -r _ type arg1 _ _ _ _ arg6 _ _ _ arg10 _; do while read -r _ type arg1 _ _ _ _ arg6 _ _ _ arg10 _; do
case "$type" in case "$type" in
GOODSIG) GOODSIG)