summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'scripts')
-rw-r--r--scripts/makepkg.sh.in21
1 files changed, 20 insertions, 1 deletions
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index f9494037..9d3ba2cd 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1410,6 +1410,25 @@ parse_gpg_statusfile() {
done < "$1"
}
+is_known_valid_pgp_key() {
+ local fprint subject=$1 validfprints=("${@:2}")
+
+ for fprint in "${validfprints[@]}"; do
+ # we always honor full fingerprint matches
+ if [[ "$subject" = "$fprint" ]]; then
+ return 0
+ fi
+
+ # we'll also honor a suffix match, assuming that the fprint is long enough
+ # to be worthy.
+ if (( ${#fprint} >= 16 )) && [[ $subject = *"$fprint" ]]; then
+ return 0
+ fi
+ done
+
+ return 1
+}
+
check_pgpsigs() {
(( SKIPPGPCHECK )) && return 0
! source_has_signatures && return 0
@@ -1496,7 +1515,7 @@ check_pgpsigs() {
if (( ${#validpgpkeys[@]} == 0 && ! $trusted )); then
printf "%s ($(gettext "the public key %s is not trusted"))" $(gettext "FAILED") "$pubkey" >&2
errors=1
- elif (( ${#validpgpkeys[@]} > 0 )) && ! in_array "$fingerprint" "${validpgpkeys[@]}"; then
+ elif ! is_known_valid_pgp_key "$fingerprint" "${validpgpkeys[@]}"; then
printf "%s (%s $pubkey)" "$(gettext "FAILED")" "$(gettext "invalid public key")"
errors=1
else