bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pacman-key: refine permission and locking checks

Browse source 
* secring.gpg can be 600, readable by root user only
* ensure grep for lock-never option in check_keyring doesn't catch comments

Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dan McGee 2011-08-25 12:59:26 -05:00 committed by Allan McRae
parent e1b9f7b300
commit 7ceeebf150
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
scripts/pacman-key.sh.in
View file

@ -109,7 +109,8 @@ initialize() {
[[ -f ${PACMAN_KEYRING_DIR}/pubring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/pubring.gpg [[ -f ${PACMAN_KEYRING_DIR}/pubring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/pubring.gpg
[[ -f ${PACMAN_KEYRING_DIR}/secring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/secring.gpg [[ -f ${PACMAN_KEYRING_DIR}/secring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/secring.gpg
[[ -f ${PACMAN_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACMAN[@]}" --update-trustdb [[ -f ${PACMAN_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACMAN[@]}" --update-trustdb
chmod 644 ${PACMAN_KEYRING_DIR}/{{pub,sec}ring,trustdb}.gpg chmod 644 ${PACMAN_KEYRING_DIR}/{pubring,trustdb}.gpg
chmod 600 ${PACMAN_KEYRING_DIR}/secring.gpg
# gpg.conf # gpg.conf
[[ -f ${PACMAN_KEYRING_DIR}/gpg.conf ]] || touch ${PACMAN_KEYRING_DIR}/gpg.conf [[ -f ${PACMAN_KEYRING_DIR}/gpg.conf ]] || touch ${PACMAN_KEYRING_DIR}/gpg.conf
@ -121,7 +122,6 @@ initialize() {
check_keyring() { check_keyring() {
if [[ ! -r ${PACMAN_KEYRING_DIR}/pubring.gpg || \ if [[ ! -r ${PACMAN_KEYRING_DIR}/pubring.gpg || \
! -r ${PACMAN_KEYRING_DIR}/secring.gpg || \
! -r ${PACMAN_KEYRING_DIR}/trustdb.gpg ]]; then ! -r ${PACMAN_KEYRING_DIR}/trustdb.gpg ]]; then
error "$(gettext "You do not have sufficient permissions to read the %s keyring...")" "pacman" error "$(gettext "You do not have sufficient permissions to read the %s keyring...")" "pacman"
msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init" msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init"
@ -129,7 +129,7 @@ check_keyring() {
fi fi
if (( (EXPORT || FINGER || LIST || VERIFY) && EUID != 0 )); then if (( (EXPORT || FINGER || LIST || VERIFY) && EUID != 0 )); then
if ! grep -w -q "lock-never" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then if ! grep -q "^[[:space:]]*lock-never[[:space:]]*$" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then
error "$(gettext "You do not have sufficient permissions to run this command...")" error "$(gettext "You do not have sufficient permissions to run this command...")"
msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init" msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init"
exit 1 exit 1