[pacman-dev] [PATCH 1/3] Revert "makepkg: allow less than the full fingerprint in validpgpkeys"

[Dave Reisner]

This reverts commit 50296576d006d433fbfd4a6c57d5f95a942f7833.
---
 doc/PKGBUILD.5.txt    |  4 +---
 scripts/makepkg.sh.in | 21 +--------------------
 2 files changed, 2 insertions(+), 23 deletions(-)

diff --git a/doc/PKGBUILD.5.txt b/doc/PKGBUILD.5.txt
index 8a43bae..74aea32 100644
--- a/doc/PKGBUILD.5.txt
+++ b/doc/PKGBUILD.5.txt
@@ -138,9 +138,7 @@ the integrity of the corresponding source file.
        trust values from the keyring. If the source file was signed with a
        subkey, makepkg will still use the primary key for comparison.
 +
-Fingerprints must be uppercase and must not contain whitespace characters. They
-must be either the full fingerprint or match at least 16 characters of the full
-fingerprint, starting from the end of the fingerprint.
+Fingerprints must be uppercase and must not contain whitespace characters.
 
 *noextract (array)*::
        An array of file names corresponding to those from the source array. 
Files
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 9d3ba2c..f949403 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1410,25 +1410,6 @@ parse_gpg_statusfile() {
        done < "$1"
 }
 
-is_known_valid_pgp_key() {
-       local fprint subject=$1 validfprints=("${@:2}")
-
-       for fprint in "${validfprints[@]}"; do
-               # we always honor full fingerprint matches
-               if [[ "$subject" = "$fprint" ]]; then
-                       return 0
-               fi
-
-               # we'll also honor a suffix match, assuming that the fprint is 
long enough
-               # to be worthy.
-               if (( ${#fprint} >= 16 )) && [[ $subject = *"$fprint" ]]; then
-                       return 0
-               fi
-       done
-
-       return 1
-}
-
 check_pgpsigs() {
        (( SKIPPGPCHECK )) && return 0
        ! source_has_signatures && return 0
@@ -1515,7 +1496,7 @@ check_pgpsigs() {
                        if (( ${#validpgpkeys[@]} == 0 && ! $trusted )); then
                                printf "%s ($(gettext "the public key %s is not 
trusted"))" $(gettext "FAILED") "$pubkey" >&2
                                errors=1
-                       elif ! is_known_valid_pgp_key "$fingerprint" 
"${validpgpkeys[@]}"; then
+                       elif (( ${#validpgpkeys[@]} > 0 )) && ! in_array 
"$fingerprint" "${validpgpkeys[@]}"; then
                                printf "%s (%s $pubkey)" "$(gettext "FAILED")" 
"$(gettext "invalid public key")"
                                errors=1
                        else
-- 
2.1.2