Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts/libmakepkg/integrity/verify_signature.sh.in
diff options
context:
space:
mode:
authorEli Schwartz <eschwartz@archlinux.org>2017-11-21 23:34:46 -0500
committerAllan McRae <allan@archlinux.org>2018-01-06 12:38:05 +1000
commit135f4397c2473844bc060e967dbe1b248b444301 (patch)
tree5b781ae65a57393397819865d72b6a4d87c0e91d /scripts/libmakepkg/integrity/verify_signature.sh.in
parent8bec63bf92d8dd028aa88dbd5109c314cdb9ebea (diff)
libmakepkg/integrity: fix regression that broke invalid file sigs
In 42e7020281d3ae260e1e9693495f527b7f476625 creating the gpg statusfile for a source file was split into a separate function, which used the return code to indicate unsigned files and proto-specific errors. However, the fallback return code was set by the final gpg invocation, which would be 1 if the signature was somehow broken (for example, the key was not available in the gpg keyring). As a result makepkg thought that file did not have a signature and skipped over it rather than erroring out. Fix this by explicitly setting the return code for all verify_*_signature() functions. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/libmakepkg/integrity/verify_signature.sh.in')
-rw-r--r--scripts/libmakepkg/integrity/verify_signature.sh.in2
1 files changed, 2 insertions, 0 deletions
diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
index 24519dbe..add7f75d 100644
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
@@ -157,6 +157,7 @@ verify_file_signature() {
esac
$decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null
+ return 0
}
verify_git_signature() {
@@ -193,6 +194,7 @@ verify_git_signature() {
errors=1
return 1
fi
+ return 0
}
parse_gpg_statusfile() {