diff options
author | Dave Reisner <dreisner@archlinux.org> | 2014-10-03 08:39:13 -0400 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2014-10-13 12:54:19 +1000 |
commit | 3f0303dc92634043d561ac9bbefa6c6e57578a65 (patch) | |
tree | fc0649404d0db2cfe2c95c3f5317244599b4505e | |
parent | 926d998a750413399ca7abbe422a65ccbf09306e (diff) | |
download | pacman-3f0303dc92634043d561ac9bbefa6c6e57578a65.tar.xz |
makepkg: show full fingerprint on pgp failure
Rather than implementing suffix matching, which might clash, let's just
print the full fingerprint of the err'ing key so that the user can
copy/paste it into validpgpkeys. Also, make it clear in the manpage
that validpgpkeys needs full fingerprints, and nothing else.
Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r-- | doc/PKGBUILD.5.txt | 3 | ||||
-rw-r--r-- | scripts/makepkg.sh.in | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/doc/PKGBUILD.5.txt b/doc/PKGBUILD.5.txt index 74aea322..7fa91ffe 100644 --- a/doc/PKGBUILD.5.txt +++ b/doc/PKGBUILD.5.txt @@ -138,7 +138,8 @@ the integrity of the corresponding source file. trust values from the keyring. If the source file was signed with a subkey, makepkg will still use the primary key for comparison. + -Fingerprints must be uppercase and must not contain whitespace characters. +Only full fingerprints are accepted. They must be uppercase and must not +contain whitespace characters. *noextract (array)*:: An array of file names corresponding to those from the source array. Files diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index f9494037..90822067 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1494,10 +1494,10 @@ check_pgpsigs() { errors=1 else if (( ${#validpgpkeys[@]} == 0 && ! $trusted )); then - printf "%s ($(gettext "the public key %s is not trusted"))" $(gettext "FAILED") "$pubkey" >&2 + printf "%s ($(gettext "the public key %s is not trusted"))" $(gettext "FAILED") "$fingerprint" >&2 errors=1 elif (( ${#validpgpkeys[@]} > 0 )) && ! in_array "$fingerprint" "${validpgpkeys[@]}"; then - printf "%s (%s $pubkey)" "$(gettext "FAILED")" "$(gettext "invalid public key")" + printf "%s (%s %s)" "$(gettext "FAILED")" "$(gettext "invalid public key")" "$fingerprint" errors=1 else printf '%s' "$(gettext "Passed")" >&2 |