From 62c47028b359ad64b939f895a77df518f6f91782 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Fri, 15 Feb 2019 22:29:55 +0100 Subject: bin/create-build-support-package: check for correct signature --- bin/create-build-support-package | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/bin/create-build-support-package b/bin/create-build-support-package index ed09f87..d1dd998 100755 --- a/bin/create-build-support-package +++ b/bin/create-build-support-package @@ -214,6 +214,17 @@ elif [ -n "${shim_package}" ]; then exit 1 fi + if ! gpg --batch --status-fd 1 -q --homedir /etc/pacman.d/gnupg --verify \ + "${shim_package}.sig" \ + "${shim_package}" \ + 2> /dev/null \ + | cut -d' ' -f2 \ + | grep -qxF TRUST_FULLY; then + >&2 printf '%s has invalid signature\n' \ + "${shim_package}" + exit 1 + fi + exec 8> "${package_database_lock_file}" verbose_flock ${wait_for_lock} 8 -- cgit v1.2.3-70-g09d2