diff options
author | Leonid Isaev <leonid.isaev@jila.colorado.edu> | 2016-05-07 17:24:17 -0600 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2016-05-18 15:46:59 +1000 |
commit | c2f9758018479c15a34887d960f36ba9b532175f (patch) | |
tree | c98a855676837966807b0b766a07d2d4a40c989e /scripts | |
parent | 5469161dad387b71d605cfeb2c6c369df6f939e3 (diff) | |
download | pacman-c2f9758018479c15a34887d960f36ba9b532175f.tar.xz |
Use a more generic regexp when parsing output of gpg(1) in signature verification.
The current way of extracting key trust from output of gpg --verify is not very
robust against changes in the format of said output. As a result, pacman-key
can return an error even if the signature is actuall good.
This change relaxes the regexp when parsing output of gpg.
Signed-off-by: Leonid Isaev <leonid.isaev@jila.colorado.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 892a1076c00a2b0097145c35f5d8ef590216dac0)
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/pacman-key.sh.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 30d27047..0db09522 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -483,7 +483,7 @@ verify_sig() { local ret=0 for sig; do msg "Checking %s..." "$sig" - if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE)$'; then + if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then error "$(gettext "The signature identified by %s could not be verified.")" "$sig" ret=1 fi |