Test for file content (-s) rather than just existance (-f). This fixes a
bug that manifests itself in the case of an empty -revoked file. A zero
element 'keys' array would be passed to gpg, forcing it to list and,
subsequently, revoke all known keys.
Bug introduced in d1240f67eab6.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
---
I figured I should call this out on the list since a few people ran into
it on IRC. Currently, running 'pacman-key --populate archlinux' with the
archlinux-keyring package exhibits this bug.
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index fb790f6..70117bb 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -287,7 +287,7 @@ populate_keyring() {
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
local -A trusted_ids
for keyring in "${KEYRINGIDS[@]}"; do
- if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
+ if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
while IFS=: read key_id _; do
# skip blank lines, comments; these are valid in this file
[[ -z $key_id || ${key_id:0:1} = # ]] && continue
@@ -306,7 +306,7 @@ populate_keyring() {
done
msg "$(gettext "Importing owner trust values...")"
for keyring in "${KEYRINGIDS[@]}"; do
- if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
+ if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
"${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
fi
done
@@ -317,7 +317,7 @@ populate_keyring() {
# guarantee of identification for the keys.
local -A revoked_ids
for keyring in "${KEYRINGIDS[@]}"; do
- if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then
+ if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then
mapfile -t keys < "${KEYRING_IMPORT_DIR}/${keyring}-revoked"
while IFS=: read _ _ _ _ key_id _; do
if [[ -n $key_id ]]; then
--
1.7.10.2
pacman-key: test for content in keyring files
