summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-02-15 22:29:55 +0100
committerErich Eckner <git@eckner.net>2019-02-15 22:29:55 +0100
commit62c47028b359ad64b939f895a77df518f6f91782 (patch)
tree6cbbb3dff70303dee637759a96c05d6eac1d6c09
parentf373ec56e8268fcdcae8508517b84a282dc61763 (diff)
downloadbuilder-62c47028b359ad64b939f895a77df518f6f91782.tar.xz
bin/create-build-support-package: check for correct signature
-rwxr-xr-xbin/create-build-support-package11
1 files changed, 11 insertions, 0 deletions
diff --git a/bin/create-build-support-package b/bin/create-build-support-package
index ed09f87..d1dd998 100755
--- a/bin/create-build-support-package
+++ b/bin/create-build-support-package
@@ -214,6 +214,17 @@ elif [ -n "${shim_package}" ]; then
exit 1
fi
+ if ! gpg --batch --status-fd 1 -q --homedir /etc/pacman.d/gnupg --verify \
+ "${shim_package}.sig" \
+ "${shim_package}" \
+ 2> /dev/null \
+ | cut -d' ' -f2 \
+ | grep -qxF TRUST_FULLY; then
+ >&2 printf '%s has invalid signature\n' \
+ "${shim_package}"
+ exit 1
+ fi
+
exec 8> "${package_database_lock_file}"
verbose_flock ${wait_for_lock} 8