From f053141c8744b3f15ffdf488705fb7606cf1ab35 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 8 Apr 2012 14:02:39 -0400 Subject: pacman-key: verify TRUST_ULTIMATE keys as good Extend our grep pattern to match TRUST_ULTIMATE, not just TRUST_FULLY, as these keys are to be trusted as well. Signed-off-by: Dave Reisner Signed-off-by: Dan McGee --- scripts/pacman-key.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts/pacman-key.sh.in') diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 9a77a19f..1a2bac34 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -441,7 +441,7 @@ refresh_keys() { verify_sig() { local fd="$(mktemp)" "${GPG_PACMAN[@]}" --status-file "${fd}" --verify $SIGNATURE - if ! grep -q TRUST_FULLY "${fd}"; then + if ! grep -qE 'TRUST_(FULLY|ULTIMATE)' "${fd}"; then rm -f "${fd}" error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE" exit 1 -- cgit v1.2.3-54-g00ecf From ca090e10d264e4999e321b0a0b43736a34aa11d9 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 8 Apr 2012 14:03:27 -0400 Subject: pacman-key: avoid use of tempfile in verify_sig Use --status-fd rather than --status-file to keep this contained in a pipeline. Signed-off-by: Dave Reisner --- scripts/pacman-key.sh.in | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'scripts/pacman-key.sh.in') diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 1a2bac34..87d7658f 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -439,14 +439,10 @@ refresh_keys() { } verify_sig() { - local fd="$(mktemp)" - "${GPG_PACMAN[@]}" --status-file "${fd}" --verify $SIGNATURE - if ! grep -qE 'TRUST_(FULLY|ULTIMATE)' "${fd}"; then - rm -f "${fd}" + if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify $SIGNATURE | grep -qE 'TRUST_(FULLY|ULTIMATE)'; then error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE" exit 1 fi - rm -f "${fd}" } updatedb() { -- cgit v1.2.3-54-g00ecf