index : pacman | |
Archlinux32 fork of pacman | gitolite user |
summaryrefslogtreecommitdiff |
author | Dave Reisner <dreisner@archlinux.org> | 2014-09-25 13:29:13 -0400 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2014-09-30 14:00:43 +1000 |
commit | 50296576d006d433fbfd4a6c57d5f95a942f7833 (patch) | |
tree | a5957f895e67d316a4558849a44994d0b45d41f5 /scripts | |
parent | 60c1f2857bad53deed4a8849c1d733dc7d526379 (diff) |
-rw-r--r-- | scripts/makepkg.sh.in | 21 |
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index f9494037..9d3ba2cd 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1410,6 +1410,25 @@ parse_gpg_statusfile() { done < "$1" } +is_known_valid_pgp_key() { + local fprint subject=$1 validfprints=("${@:2}") + + for fprint in "${validfprints[@]}"; do + # we always honor full fingerprint matches + if [[ "$subject" = "$fprint" ]]; then + return 0 + fi + + # we'll also honor a suffix match, assuming that the fprint is long enough + # to be worthy. + if (( ${#fprint} >= 16 )) && [[ $subject = *"$fprint" ]]; then + return 0 + fi + done + + return 1 +} + check_pgpsigs() { (( SKIPPGPCHECK )) && return 0 ! source_has_signatures && return 0 @@ -1496,7 +1515,7 @@ check_pgpsigs() { if (( ${#validpgpkeys[@]} == 0 && ! $trusted )); then printf "%s ($(gettext "the public key %s is not trusted"))" $(gettext "FAILED") "$pubkey" >&2 errors=1 - elif (( ${#validpgpkeys[@]} > 0 )) && ! in_array "$fingerprint" "${validpgpkeys[@]}"; then + elif ! is_known_valid_pgp_key "$fingerprint" "${validpgpkeys[@]}"; then printf "%s (%s $pubkey)" "$(gettext "FAILED")" "$(gettext "invalid public key")" errors=1 else |