Commit 1e9cd30e authored by Eli Schwartz's avatar Eli Schwartz Committed by Andrew Gregory
Browse files

makepkg/repo-add: do not accept public-only keys for signing



If it's not listed by --list-secret-key we don't care if it has been
imported into your keyring, it's unusable. And you might not have a
private key at all in the no-keyid-specified case.

Signed-off-by: Eli Schwartz's avatarEli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
(cherry picked from commit 02ae97b0)
parent 2a345604
......@@ -1284,7 +1284,7 @@ fi
# check if gpg signature is to be created and if signing key is valid
if { [[ -z $SIGNPKG ]] && check_buildenv "sign" "y"; } || [[ $SIGNPKG == 'y' ]]; then
SIGNPKG='y'
if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
if ! gpg --list-secret-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
if [[ ! -z $GPGKEY ]]; then
error "$(gettext "The key %s does not exist in your keyring.")" "${GPGKEY}"
else
......
......@@ -138,7 +138,7 @@ check_gpg() {
fi
if (( ! VERIFY )); then
if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
if ! gpg --list-secret-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
if [[ ! -z $GPGKEY ]]; then
error "$(gettext "The key ${GPGKEY} does not exist in your keyring.")"
elif (( ! KEY )); then
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment