48 lines
1.4 KiB
Diff
48 lines
1.4 KiB
Diff
From 16a064701a30d7e1175e1185cc6da44238302fab Mon Sep 17 00:00:00 2001
|
|
From: David Runge <dvzrv@archlinux.org>
|
|
Date: Mon, 22 Jan 2024 14:04:28 +0100
|
|
Subject: [PATCH] makepkg: Move check for signature metadata to central
|
|
location
|
|
|
|
Move the check for the `NEWSIG` metadata keyword contained in the
|
|
GnuPG based statusfile to `parse_gpg_statusfile()` so that it is also
|
|
run when creating the statusfile in `verify_file_signature()` and not
|
|
only when running `verify_git_signature()`.
|
|
|
|
Signed-off-by: David Runge <dvzrv@archlinux.org>
|
|
---
|
|
scripts/libmakepkg/integrity/verify_signature.sh.in | 12 +++++++-----
|
|
1 file changed, 7 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
|
|
index d786a2c39..8a35fe16e 100644
|
|
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
|
|
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
|
|
@@ -223,17 +223,19 @@ verify_git_signature() {
|
|
return 1
|
|
fi
|
|
|
|
- if ! grep -qs NEWSIG "$statusfile"; then
|
|
- printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
|
|
- errors=1
|
|
- return 1
|
|
- fi
|
|
return 0
|
|
}
|
|
|
|
parse_gpg_statusfile() {
|
|
local type arg1 arg6 arg10
|
|
|
|
+ # ensure the NEWSIG keyword is part of the metadata
|
|
+ if ! grep -qs NEWSIG "$statusfile"; then
|
|
+ printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
|
|
+ errors=1
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
while read -r _ type arg1 _ _ _ _ arg6 _ _ _ arg10 _; do
|
|
case "$type" in
|
|
GOODSIG)
|
|
--
|
|
GitLab
|
|
|