From 360ecc6b8d9e490c35e4f7599c6ba50521e86433 Mon Sep 17 00:00:00 2001
From: Jacob Bachmeyer <jcb@gnu.org>
Date: Fri, 21 Oct 2022 22:37:30 -0500
Subject: [PATCH] Revise use of system() in check_files

The indirect object form of system absolutely does not use the shell.
---
 gatekeeper.pl | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/gatekeeper.pl b/gatekeeper.pl
index c56a45b..4d21ccb 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1811,9 +1811,8 @@ sub check_files {
   my $valid = 0;
   foreach my $keyring (@keyrings) {
     # Verify that the file has been correctly signed with a valid signature.
-    my @verify_args = (GPGV_BIN, "--keyring", $keyring,
-	   $sig_file, $upload_file);
-    if (!system (@verify_args)) {
+    my @gpgv_args = ('--keyring' => $keyring, $sig_file, $upload_file);
+    if (0 == system { GPGV_BIN } 'gpgv', @gpgv_args) {
       $valid = 1;
       last;
     }
-- 
2.25.1