pacman-key: test for content in keyring files

Test for file content (-s) rather than just existance (-f). This fixes a bug that manifests itself in the case of an empty -revoked file. A zero element 'keys' array would be passed to gpg, forcing it to list and, subsequently, revoke all known keys. Bug introduced in d1240f67ea. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-05-13 13:05:58 -04:00 · 2012-05-13 13:05:58 -04:00 · 5de465d63e
commit 5de465d63e
parent 233e5f610c
1 changed files with 3 additions and 3 deletions
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@ -261,7 +261,7 @@ populate_keyring() {
 	#  40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
 	local -A trusted_ids
 	for keyring in "${KEYRINGIDS[@]}"; do
-		if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
+		if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
 			while read key; do
 				# skip comments; these are valid in this file
 				[[ $key = \#* ]] && continue
@ -282,7 +282,7 @@ populate_keyring() {
 		done
 		msg "$(gettext "Importing owner trust values...")"
 		for keyring in "${KEYRINGIDS[@]}"; do
-			if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
+			if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
 				"${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
 			fi
 		done
@ -293,7 +293,7 @@ populate_keyring() {
 	# guarantee of identification for the keys.
 	local -A revoked_ids
 	for keyring in "${KEYRINGIDS[@]}"; do
-		if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then
+		if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then
 			while read key; do
 				key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
 				if [[ -n ${key_id} ]]; then