From 02ae97b0da220d9079c6c2c1ac3e3ab0d12c1ac7 Mon Sep 17 00:00:00 2001
From: Eli Schwartz <eschwartz@archlinux.org>
Date: Mon, 8 Jun 2020 22:03:18 -0400
Subject: makepkg/repo-add: do not accept public-only keys for signing

If it's not listed by --list-secret-key we don't care if it has been
imported into your keyring, it's unusable. And you might not have a
private key at all in the no-keyid-specified case.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
---
 scripts/makepkg.sh.in  | 2 +-
 scripts/repo-add.sh.in | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'scripts')

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 0de77c0c..ed31ca0e 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1286,7 +1286,7 @@ fi
 # check if gpg signature is to be created and if signing key is valid
 if { [[ -z $SIGNPKG ]] && check_buildenv "sign" "y"; } || [[ $SIGNPKG == 'y' ]]; then
 	SIGNPKG='y'
-	if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
+	if ! gpg --list-secret-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
 		if [[ ! -z $GPGKEY ]]; then
 			error "$(gettext "The key %s does not exist in your keyring.")" "${GPGKEY}"
 		else
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 272d8d22..160fd93a 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -137,7 +137,7 @@ check_gpg() {
 	fi
 
 	if (( ! VERIFY )); then
-		if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
+		if ! gpg --list-secret-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
 			if [[ ! -z $GPGKEY ]]; then
 				error "$(gettext "The key ${GPGKEY} does not exist in your keyring.")"
 			elif (( ! KEY )); then
-- 
cgit v1.2.3-54-g00ecf