FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 04-08-2012, 06:13 PM
Dave Reisner
 
Default pacman-key: verify TRUST_ULTIMATE keys as good

Extend our grep pattern to match TRUST_ULTIMATE, not just TRUST_FULLY,
as these keys are to be trusted as well.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
---
pacman-key would exit with an error here, but still show the success
message from gpg itself, e.g. if my key is TRUST_ULTIMATE:

$ pacman-key --verify curl-7.25.0-1-x86_64.pkg.tar.xz.sig
gpg: Signature made Thu 22 Mar 2012 07:51:44 PM EDT using RSA key ID F56C0C53
gpg: NOTE: trustdb not writable
gpg: Good signature from "Dave Reisner <d@falconindy.com>"
gpg: aka "Dave Reisner <dreisner@archlinux.org>"
==> ERROR: The signature identified by curl-7.25.0-1-x86_64.pkg.tar.xz.sig could not be verified.

scripts/pacman-key.sh.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 9a77a19..1a2bac3 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -441,7 +441,7 @@ refresh_keys() {
verify_sig() {
local fd="$(mktemp)"
"${GPG_PACMAN[@]}" --status-file "${fd}" --verify $SIGNATURE
- if ! grep -q TRUST_FULLY "${fd}"; then
+ if ! grep -qE 'TRUST_(FULLY|ULTIMATE)' "${fd}"; then
rm -f "${fd}"
error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE"
exit 1
--
1.7.10
 

Thread Tools




All times are GMT. The time now is 03:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org