pacman-key: Make signature verification more robust by checking pipes

To ensure we are not dropping the return code of the `gpg` call due to piping into `grep`, we make use of `PIPESTATUS` to check the return code of each command separately. Additionally, we can now distinguish between two states: The signature does not verify (e.g. due to technical reasons) and the signature is not trusted. Signed-off-by: David Runge <dvzrv@archlinux.org>
2024-01-22 14:35:28 +01:00 · 2024-01-22 14:35:28 +01:00 · f8c2e59ec5
commit f8c2e59ec5
parent 16a064701a
1 changed files with 13 additions and 2 deletions
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@ -591,10 +591,21 @@ verify_sig() {
 		error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
 		exit 1
 	fi
-	if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
-		error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
+
+	"${GPG_PACMAN[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'
+
+	# return error if GnuPG fails to verify the signature
+	if [[ "${PIPESTATUS[0]}" -ne 0 ]]; then
+		error "$(gettext "The signature verification for %s failed.")" "$sig"
 		ret=1
 	fi
+
+	# return error if the signature is not trusted fully or ultimately
+	if [[ "${PIPESTATUS[1]}" -ne 0 ]]; then
+		error "$(gettext "The signature %s is not trusted.")" "$sig"
+		ret=1
+	fi
+
 	exit $ret
 }