On 06/07/11 21:02, Wieland Hoffmann wrote:
Many projects provide signature files along with the source code
archives. It's good to check these, too, when verifying the integrity
of source code archives.
Not everybody is using gpg so the verification can be disabled with
--skippgpcheck.
Additionally, only a warning is displayed when the key that signed the
source file is unknown.
---
Signed-off-by: Allan
Applied to my working branch with the minor changes mentioned below.
<snip>
+check_pgpsigs() {
+ (( SKIPPGPCHECK ))&& return 0
+ (( ! ${#source[@]} ))&& return 0
> + [[ ! source_has_signatures ]]&& return 0
The ${#source[@]} size check is not needed given it is covered by the
source_has_signatures anyway.
<snip>
+
+ if ! gpg --quiet --batch --status-file "$statusfile" --verify "$file"
"$sourcefile" 2> /dev/null; then
+ if grep "NO_PUBKEY" "$statusfile"> /dev/null; then
+ echo "$(gettext "Warning: Unknown public key") $(awk
'/NO_PUBKEY/ {print $3}' $statusfile)">&2
+ warnings=1
+ else
+ echo "$(gettext "FAILED")">&2
+ errors=1
+ fi
+ else
+ if grep "REVKEYSIG" "$statusfile"> /dev/null; then
+ errors=1
+ echo "$(gettext "Passed")" "-" "$(gettext "Warning: the key has
been revoked.")">&2
Just a style consistency change to have the message above the errors=1.
Allan
