Rather than implementing suffix matching, which might clash, let's just
print the full fingerprint of the err'ing key so that the user can
copy/paste it into validpgpkeys. Also, make it clear in the manpage
that validpgpkeys needs full fingerprints, and nothing else.
---
doc/PKGBUILD.5.txt | 3 ++-
scripts/makepkg.sh.in | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/doc/PKGBUILD.5.txt b/doc/PKGBUILD.5.txt
index 74aea32..7fa91ff 100644
--- a/doc/PKGBUILD.5.txt
+++ b/doc/PKGBUILD.5.txt
@@ -138,7 +138,8 @@ the integrity of the corresponding source file.
trust values from the keyring. If the source file was signed with a
subkey, makepkg will still use the primary key for comparison.
+
-Fingerprints must be uppercase and must not contain whitespace characters.
+Only full fingerprints are accepted. They must be uppercase and must not
+contain whitespace characters.
*noextract (array)*::
An array of file names corresponding to those from the source array.
Files
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index f949403..9082206 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1494,10 +1494,10 @@ check_pgpsigs() {
errors=1
else
if (( ${#validpgpkeys[@]} == 0 && ! $trusted )); then
- printf "%s ($(gettext "the public key %s is not
trusted"))" $(gettext "FAILED") "$pubkey" >&2
+ printf "%s ($(gettext "the public key %s is not
trusted"))" $(gettext "FAILED") "$fingerprint" >&2
errors=1
elif (( ${#validpgpkeys[@]} > 0 )) && ! in_array
"$fingerprint" "${validpgpkeys[@]}"; then
- printf "%s (%s $pubkey)" "$(gettext "FAILED")"
"$(gettext "invalid public key")"
+ printf "%s (%s %s)" "$(gettext "FAILED")"
"$(gettext "invalid public key")" "$fingerprint"
errors=1
else
printf '%s' "$(gettext "Passed")" >&2
--
2.1.2
