Revert "makepkg: allow less than the full fingerprint in validpgpkeys"

This reverts commit 50296576d0.

Signed-off-by: Allan McRae <allan@archlinux.org>

doc/PKGBUILD.5.txt

@@ -138,9 +138,7 @@ the integrity of the corresponding source file.
 	trust values from the keyring. If the source file was signed with a
 	subkey, makepkg will still use the primary key for comparison.
 +
-Fingerprints must be uppercase and must not contain whitespace characters. They
+Fingerprints must be uppercase and must not contain whitespace characters.
-must be either the full fingerprint or match at least 16 characters of the full
-fingerprint, starting from the end of the fingerprint.
 
 *noextract (array)*::
 	An array of file names corresponding to those from the source array. Files

scripts/makepkg.sh.in

@@ -1410,25 +1410,6 @@ parse_gpg_statusfile() {
 	done < "$1"
 }
 
-is_known_valid_pgp_key() {
-	local fprint subject=$1 validfprints=("${@:2}")
-
-	for fprint in "${validfprints[@]}"; do
-		# we always honor full fingerprint matches
-		if [[ "$subject" = "$fprint" ]]; then
-			return 0
-		fi
-
-		# we'll also honor a suffix match, assuming that the fprint is long enough
-		# to be worthy.
-		if (( ${#fprint} >= 16 )) && [[ $subject = *"$fprint" ]]; then
-			return 0
-		fi
-	done
-
-	return 1
-}
-
 check_pgpsigs() {
 	(( SKIPPGPCHECK )) && return 0
 	! source_has_signatures && return 0
@@ -1515,7 +1496,7 @@ check_pgpsigs() {
 			if (( ${#validpgpkeys[@]} == 0 && ! $trusted )); then
 				printf "%s ($(gettext "the public key %s is not trusted"))" $(gettext "FAILED") "$pubkey" >&2
 				errors=1
-			elif ! is_known_valid_pgp_key "$fingerprint" "${validpgpkeys[@]}"; then
+			elif (( ${#validpgpkeys[@]} > 0 )) && ! in_array "$fingerprint" "${validpgpkeys[@]}"; then
 				printf "%s (%s $pubkey)" "$(gettext "FAILED")" "$(gettext "invalid public key")"
 				errors=1
 			else