From f180f39e94c189799b0a0668de801519a5a6108d Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 5 Oct 2011 21:42:34 +0200 Subject: cmdline/apt-key: fix --check-sigs to ensure that the signature can verify and also add master keyring to ensure that we can actually verify the signature --- cmdline/apt-key | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-key b/cmdline/apt-key index c522d54fe..9c7804d5b 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -63,12 +63,11 @@ add_keys_with_verify_against_master_keyring() { # export the add keyring one-by-one rm -f $TMP_KEYRING - $GPG_CMD --keyring $ADD_KEYRING --export $add_key --output $TMP_KEYRING - + $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key # check if signed with the master key and only add in this case ADDED=0 for master_key in $master_keys; do - if $GPG_CMD --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then + if $GPG_CMD --keyring $MASTER_KEYRING --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then $GPG --import $TMP_KEYRING ADDED=1 fi -- cgit v1.2.3