Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts/makepkg.sh.in
diff options
context:
space:
mode:
authorDave Reisner <dreisner@archlinux.org>2014-10-02 13:00:55 -0400
committerAllan McRae <allan@archlinux.org>2014-10-13 12:54:09 +1000
commit926d998a750413399ca7abbe422a65ccbf09306e (patch)
tree714a5065beb5881795ec66fdb5772f2ffa29339b /scripts/makepkg.sh.in
parentfaf0246437b47fb67f6adc3f2d039f6d787be1a0 (diff)
Revert "makepkg: allow less than the full fingerprint in validpgpkeys"
This reverts commit 50296576d006d433fbfd4a6c57d5f95a942f7833. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/makepkg.sh.in')
-rw-r--r--scripts/makepkg.sh.in21
1 files changed, 1 insertions, 20 deletions
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 9d3ba2cd..f9494037 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1410,25 +1410,6 @@ parse_gpg_statusfile() {
done < "$1"
}
-is_known_valid_pgp_key() {
- local fprint subject=$1 validfprints=("${@:2}")
-
- for fprint in "${validfprints[@]}"; do
- # we always honor full fingerprint matches
- if [[ "$subject" = "$fprint" ]]; then
- return 0
- fi
-
- # we'll also honor a suffix match, assuming that the fprint is long enough
- # to be worthy.
- if (( ${#fprint} >= 16 )) && [[ $subject = *"$fprint" ]]; then
- return 0
- fi
- done
-
- return 1
-}
-
check_pgpsigs() {
(( SKIPPGPCHECK )) && return 0
! source_has_signatures && return 0
@@ -1515,7 +1496,7 @@ check_pgpsigs() {
if (( ${#validpgpkeys[@]} == 0 && ! $trusted )); then
printf "%s ($(gettext "the public key %s is not trusted"))" $(gettext "FAILED") "$pubkey" >&2
errors=1
- elif ! is_known_valid_pgp_key "$fingerprint" "${validpgpkeys[@]}"; then
+ elif (( ${#validpgpkeys[@]} > 0 )) && ! in_array "$fingerprint" "${validpgpkeys[@]}"; then
printf "%s (%s $pubkey)" "$(gettext "FAILED")" "$(gettext "invalid public key")"
errors=1
else