* secring.gpg can be 600, readable by root user only * ensure grep for lock-never option in check_keyring doesn't catch comments
Signed-off-by: Dan McGee <[email protected]> --- scripts/pacman-key.sh.in | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 819ec69..5b4320d 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -108,7 +108,8 @@ initialize() { [[ -f ${PACMAN_KEYRING_DIR}/pubring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/pubring.gpg [[ -f ${PACMAN_KEYRING_DIR}/secring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/secring.gpg [[ -f ${PACMAN_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACMAN[@]}" --update-trustdb - chmod 644 ${PACMAN_KEYRING_DIR}/{{pub,sec}ring,trustdb}.gpg + chmod 644 ${PACMAN_KEYRING_DIR}/{pubring,trustdb}.gpg + chmod 600 ${PACMAN_KEYRING_DIR}/secring.gpg # gpg.conf [[ -f ${PACMAN_KEYRING_DIR}/gpg.conf ]] || touch ${PACMAN_KEYRING_DIR}/gpg.conf @@ -120,7 +121,6 @@ initialize() { check_keyring() { if [[ ! -r ${PACMAN_KEYRING_DIR}/pubring.gpg || \ - ! -r ${PACMAN_KEYRING_DIR}/secring.gpg || \ ! -r ${PACMAN_KEYRING_DIR}/trustdb.gpg ]]; then error "$(gettext "You do not have sufficient permissions to read the %s keyring...")" "pacman" msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init" @@ -128,7 +128,7 @@ check_keyring() { fi if (( (EXPORT || FINGER || LIST || VERIFY) && EUID != 0 )); then - if ! grep -w -q "lock-never" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then + if ! grep -q "^[[:space:]]*lock-never[[:space:]]*$" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then error "$(gettext "You do not have sufficient permissions to run this command...")" msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init" exit 1 -- 1.7.6.1
