Commit 899d39b6 authored by Eli Schwartz's avatar Eli Schwartz Committed by Allan McRae
Browse files

makepkg/repo-add: handle GPGKEY with spaces



We pass this to gpg -u and this gpg option can accept a number of
different formats, not just the historical hexadecimal fingerprint we
assumed. We should not barf hard if a format is used which happens to
contain spaces.

This also fixes a validation bug. When we initially check if the desired
key is available, we don't quote spaces, so gpg goes ahead and treats
each space-separated string as a *different key* to search for,
returning partial matches, and returning success if at least one key is
found. But gpg --detach-sign -u will certainly not accept multiple keys!

Fixes FS#66949

Signed-off-by: Eli Schwartz's avatarEli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
parent bf458cce
......@@ -29,12 +29,12 @@ create_signature() {
local ret=0
local filename="$1"
local SIGNWITHKEY=""
local SIGNWITHKEY=()
if [[ -n $GPGKEY ]]; then
SIGNWITHKEY="-u ${GPGKEY}"
SIGNWITHKEY=(-u "${GPGKEY}")
fi
gpg --detach-sign --use-agent ${SIGNWITHKEY} --no-armor "$filename" &>/dev/null || ret=$?
gpg --detach-sign --use-agent "${SIGNWITHKEY[@]}" --no-armor "$filename" &>/dev/null || ret=$?
if (( ! ret )); then
......
......@@ -1286,7 +1286,7 @@ fi
# check if gpg signature is to be created and if signing key is valid
if { [[ -z $SIGNPKG ]] && check_buildenv "sign" "y"; } || [[ $SIGNPKG == 'y' ]]; then
SIGNPKG='y'
if ! gpg --list-key ${GPGKEY} &>/dev/null; then
if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
if [[ ! -z $GPGKEY ]]; then
error "$(gettext "The key %s does not exist in your keyring.")" "${GPGKEY}"
else
......
......@@ -137,7 +137,7 @@ check_gpg() {
fi
if (( ! VERIFY )); then
if ! gpg --list-key ${GPGKEY} &>/dev/null; then
if ! gpg --list-key ${GPGKEY:+"$GPGKEY"} &>/dev/null; then
if [[ ! -z $GPGKEY ]]; then
error "$(gettext "The key ${GPGKEY} does not exist in your keyring.")"
elif (( ! KEY )); then
......@@ -155,11 +155,11 @@ create_signature() {
local ret=0
msg "$(gettext "Signing database '%s'...")" "${dbfile##*/.tmp.}"
local SIGNWITHKEY=""
local SIGNWITHKEY=()
if [[ -n $GPGKEY ]]; then
SIGNWITHKEY="-u ${GPGKEY}"
SIGNWITHKEY=(-u "${GPGKEY}")
fi
gpg --detach-sign --use-agent --no-armor ${SIGNWITHKEY} "$dbfile" &>/dev/null || ret=$?
gpg --detach-sign --use-agent --no-armor "${SIGNWITHKEY[@]}" "$dbfile" &>/dev/null || ret=$?
if (( ! ret )); then
msg2 "$(gettext "Created signature file '%s'")" "${dbfile##*/.tmp.}.sig"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment