1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-23 08:18:51 -05:00

Merge remote-tracking branch 'allan/pacman-key'

This commit is contained in:
Dan McGee 2011-07-18 21:10:56 -05:00
commit 61410814c2
3 changed files with 251 additions and 178 deletions

View File

@ -12,69 +12,74 @@ pacman-key - manage pacman's list of trusted keys
Synopsis Synopsis
-------- --------
'pacman-key' [options] <command> [arguments] 'pacman-key' [options]
Description Description
----------- -----------
'pacman-key' is a script used to manage pacman's keyring, which is the collection 'pacman-key' is a wrapper script for GnuPG used to manage pacman's keyring, which
of GnuPG keys used to check signed packages. It provides the ability to import is the collection of PGP keys used to check signed packages and databases. It
and export keys, fetch keys from keyservers and update the key trust database. provides the ability to import and export keys, fetch keys from keyservers and
update the key trust database.
More complex keyring management can be achieved using GnuPG directly combined with
the `--homedir` option pointing at the pacman keyring (located in
+{sysconfdir}/pacman.d/gnupg+ by default).
Options Options
------- -------
*-a, \--add* [file(s)]::
Add the key(s) contained in the specified file or files to pacman's
keyring. If a key already exists, update it.
*\--config* <file>:: *\--config* <file>::
Use an alternate config file instead of the +{sysconfdir}/pacman.conf+ Use an alternate config file instead of the +{sysconfdir}/pacman.conf+
default. default.
*-d, \--delete* <keyid(s)>::
Remove the key(s) identified by the specified keyid(s) from pacman's
keyring.
*-e, \--export* [keyid(s)]::
Export key(s) identified by the specified keyid(s) to 'stdout'. If no keyid
is specified, all keys will be exported.
*\--edit-key * <keyid(s)>::
Present a menu for key management task on the specified keyids. Useful for
adjusting a keys trust level.
*-f, \--finger* [keyid(s)]::
List a fingerprint for each specified keyid, or for all known keys if no
keyids are specified.
*\--gpgdir* <dir>:: *\--gpgdir* <dir>::
Set an alternate home directory for GnuPG. If unspecified, the value is Set an alternate home directory for GnuPG. If unspecified, the value is
read from +{sysconfdir}/pacman.conf+. read from +{sysconfdir}/pacman.conf+.
Commands
-------
*-a, \--add* file ...::
Add the key(s) contained in the specified file or files to pacman's
keyring. If a key already exists, update it.
*\--adv* param ...::
Use this option to issue particular GnuPG actions to pacman's keyring. This
option should be used with care as it can modify pacman's trust in
packages' signatures.
*-d, \--del* keyid ...::
Remove the key(s) identified by the specified keyid or keyids from pacman's
keyring.
*-e, \--export* [keyid ...]::
Export key(s) identified by the specified keyid to 'stdout'. If no keyid is
specified, all keys will be exported.
*-f, \--finger* [keyid ...]::
List a fingerprint for each specified keyid, or for all known keys if no
keyids are specified.
*-h, \--help*:: *-h, \--help*::
Output syntax and command line options. Output syntax and command line options.
*--init*::
Ensure the keyring is properly initialized and has the required access
permissions.
*-l, \--list*:: *-l, \--list*::
Equivalent to --list-sigs from GnuPG. Equivalent to --list-sigs from GnuPG.
*-r, \--receive* keyserver keyid ...:: *-r, \--receive* <keyserver> <keyid(s)>::
Fetch the specified keyids from the specified key server URL. Fetch the specified keyids from the specified key server URL.
*\--reload*:: *\--reload*::
Reloads the keys from the keyring package. Reloads the keys from the keyring package.
*-t, \--trust* keyid::
Set the trust level of the given key.
*-u, \--updatedb*:: *-u, \--updatedb*::
Equivalent to \--check-trustdb in GnuPG. Equivalent to \--check-trustdb in GnuPG.
*-v, \--version*:: * -v, \--verify* <signature>::
Verify the given signature file.
*-V, \--version*::
Displays the program version. Displays the program version.

View File

@ -80,7 +80,8 @@ pacman-db-upgrade: \
pacman-key: \ pacman-key: \
$(srcdir)/pacman-key.sh.in \ $(srcdir)/pacman-key.sh.in \
$(srcdir)/library/output_format.sh $(srcdir)/library/output_format.sh \
$(srcdir)/library/parse_options.sh
pacman-optimize: \ pacman-optimize: \
$(srcdir)/pacman-optimize.sh.in \ $(srcdir)/pacman-optimize.sh.in \

View File

@ -26,33 +26,48 @@ export TEXTDOMAINDIR='@localedir@'
myver="@PACKAGE_VERSION@" myver="@PACKAGE_VERSION@"
# Options
ADD=0
DELETE=0
EDITKEY=0
EXPORT=0
FINGER=0
INIT=0
LIST=0
RECEIVE=0
RELOAD=0
UPDATEDB=0
VERIFY=0
m4_include(library/output_format.sh) m4_include(library/output_format.sh)
m4_include(library/parse_options.sh)
usage() { usage() {
printf "pacman-key (pacman) %s\n" ${myver} printf "pacman-key (pacman) %s\n" ${myver}
echo echo
printf "$(gettext "Usage: %s [options] <command> [arguments]")\n" $(basename $0) printf "$(gettext "Usage: %s [options]")\n" $(basename $0)
echo echo
printf "$(gettext "Manage pacman\'s list of trusted keys")\n" printf "$(gettext "Manage pacman\'s list of trusted keys")\n"
echo echo
echo "$(gettext "Options must be placed before commands. The available options are:")" echo "$(gettext "Options:")"
printf "$(gettext " --config <file> Use an alternate config file (instead of '%s')")\n" "$CONFIG"
printf "$(gettext " --gpgdir Set an alternate directory for gnupg (instead of '%s')")\n" "$PACMAN_KEYRING_DIR"
echo
echo "$(gettext "The available commands are:")"
echo "$(gettext " -a, --add [<file(s)>] Add the specified keys (empty for stdin)")" echo "$(gettext " -a, --add [<file(s)>] Add the specified keys (empty for stdin)")"
echo "$(gettext " -d, --del <keyid(s)> Remove the specified keyids")" echo "$(gettext " -d, --delete <keyid(s)> Remove the specified keyids")"
echo "$(gettext " -e, --export <keyid(s)> Export the specified keyids")" echo "$(gettext " -e, --export [<keyid(s)>] Export the specified or all keyids")"
echo "$(gettext " -f, --finger [<keyid(s)>] List fingerprint for specified or all keyids")" echo "$(gettext " -f, --finger [<keyid(s)>] List fingerprint for specified or all keyids")"
echo "$(gettext " -h, --help Show this help message and exit")" echo "$(gettext " -h, --help Show this help message and exit")"
echo "$(gettext " -l, --list List keys")" echo "$(gettext " -l, --list List keys")"
echo "$(gettext " -r, --receive <keyserver> <keyid(s)> Fetch the specified keyids")" echo "$(gettext " -r, --receive <keyserver> <keyid(s)> Fetch the specified keyids")"
echo "$(gettext " -t, --trust <keyid(s)> Set the trust level of the given keyids")"
echo "$(gettext " -u, --updatedb Update the trustdb of pacman")" echo "$(gettext " -u, --updatedb Update the trustdb of pacman")"
echo "$(gettext " -v, --verify <signature> Verify the file specified by the signature")"
echo "$(gettext " -V, --version Show program version")" echo "$(gettext " -V, --version Show program version")"
echo "$(gettext " --adv <params> Use pacman's keyring with advanced gpg commands")" echo "$(gettext " --config <file> Use an alternate config file")"
printf "$(gettext " --reload Reload the default keys")" printf "$(gettext " (instead of '%s')")\n" "@sysconfdir@/pacman.conf"
echo echo "$(gettext " --edit-key <keyid(s)> Present a menu for key management task on keyids")"
echo "$(gettext " --gpgdir <dir> Set an alternate directory for gnupg")"
printf "$(gettext " (instead of '%s')")\n" "@sysconfdir@/pacman.d/gnupg"
echo "$(gettext " --init Ensure the keyring is properly initialized")"
echo "$(gettext " --reload Reload the default keys")"
} }
version() { version() {
@ -63,17 +78,88 @@ This is free software; see the source for copying conditions.\n\
There is NO WARRANTY, to the extent permitted by law.\n")" There is NO WARRANTY, to the extent permitted by law.\n")"
} }
# Read provided file and search for values matching the given key # read the config file "$1" which has key=value pairs, and return the key which
# The contents of the file are expected to be in this format: key = value # matches "$2". the equals sign between pairs may be surrounded by any amount
# 'key', 'equal sign' and 'value' can be surrounded by random whitespace # of whitespace.
# Usage: get_from "$file" "$key" # returns the value for the first matching key in the file
get_from() { get_from() {
while read key _ value; do while IFS='=' read -r key value; do
if [[ $key = $2 ]]; then [[ -z $key || ${key:0:1} = '#' ]] && continue
echo "$value"
break if [[ ${key%% *} = "$2" && -n ${value##* } ]]; then
echo "${value##* }"
return 0
fi fi
done < "$1" done < "$1"
return 1
}
initialize() {
# Check for simple existence rather than for a directory as someone
# may want to use a symlink here
[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
# keyring files
[[ -f ${PACMAN_KEYRING_DIR}/pubring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/pubring.gpg
[[ -f ${PACMAN_KEYRING_DIR}/secring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/secring.gpg
[[ -f ${PACMAN_KEYRING_DIR}/trustdb.gpg ]] || ${GPG_PACMAN} --update-trustdb
chmod 644 ${PACMAN_KEYRING_DIR}/{{pub,sec}ring,trustdb}.gpg
# gpg.conf
[[ -f ${PACMAN_KEYRING_DIR}/gpg.conf ]] || touch ${PACMAN_KEYRING_DIR}/gpg.conf
chmod 644 ${PACMAN_KEYRING_DIR}/gpg.conf
if ! grep -w -q "lock-never" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then
echo "lock-never" >> ${PACMAN_KEYRING_DIR}/gpg.conf
fi
}
check_keyring() {
if [[ ! -r ${PACMAN_KEYRING_DIR}/pubring.gpg || \
! -r ${PACMAN_KEYRING_DIR}/secring.gpg || \
! -r ${PACMAN_KEYRING_DIR}/trustdb.gpg ]]; then
error "$(gettext "You do not have sufficient permissions to read the %s keyring...")" "pacman"
msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init"
exit 1
fi
if (( (EXPORT || FINGER || LIST || VERIFY) && EUID != 0 )); then
if ! grep -w -q "lock-never" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then
error "$(gettext "You do not have sufficient permissions to run this command...")"
msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init"
exit 1
fi
fi
}
verify_keyring_input() {
local ret=0;
# Verify signatures of related files, if they exist
if [[ -r "${ADDED_KEYS}" ]]; then
msg "$(gettext "Verifying official keys file signature...")"
if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
ret=1
fi
fi
if [[ -r "${DEPRECATED_KEYS}" ]]; then
msg "$(gettext "Verifying deprecated keys file signature...")"
if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
ret=1
fi
fi
if [[ -r "${REMOVED_KEYS}" ]]; then
msg "$(gettext "Verifying deleted keys file signature...")"
if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
ret=1
fi
fi
return errors
} }
reload_keyring() { reload_keyring() {
@ -94,30 +180,7 @@ reload_keyring() {
# It is a textual list of values that gpg recogniezes as identifiers for keys. # It is a textual list of values that gpg recogniezes as identifiers for keys.
local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys" local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
# Verify signatures of related files, if they exist verify_keyring_input || exit 1
if [[ -r "${ADDED_KEYS}" ]]; then
msg "$(gettext "Verifying official keys file signature...")"
if ! ${GPG_PACMAN} --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
exit 1
fi
fi
if [[ -r "${DEPRECATED_KEYS}" ]]; then
msg "$(gettext "Verifying deprecated keys file signature...")"
if ! ${GPG_PACMAN} --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
exit 1
fi
fi
if [[ -r "${REMOVED_KEYS}" ]]; then
msg "$(gettext "Verifying deleted keys file signature...")"
if ! ${GPG_PACMAN} --quiet --batch --verify "${REMOVED_KEYS}.sig"; then
error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
exit 1
fi
fi
# Read the key ids to an array. The conversion from whatever is inside the file # Read the key ids to an array. The conversion from whatever is inside the file
# to key ids is important, because key ids are the only guarantee of identification # to key ids is important, because key ids are the only guarantee of identification
@ -126,12 +189,12 @@ reload_keyring() {
if [[ -r "${REMOVED_KEYS}" ]]; then if [[ -r "${REMOVED_KEYS}" ]]; then
while read key; do while read key; do
local key_values name local key_values name
key_values=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ') key_values="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')"
if [[ -n $key_values ]]; then if [[ -n $key_values ]]; then
# The first word is the key_id # The first word is the key_id
key_id=${key_values%% *} key_id="${key_values%% *}"
# the rest if the name of the owner # the rest if the name of the owner
name=${key_values#* } name="${key_values#* }"
if [[ -n ${key_id} ]]; then if [[ -n ${key_id} ]]; then
# Mark this key to be deleted # Mark this key to be deleted
removed_ids[$key_id]="$name" removed_ids[$key_id]="$name"
@ -141,12 +204,12 @@ reload_keyring() {
fi fi
# List of keys that must be kept installed, even if in the list of keys to be removed # List of keys that must be kept installed, even if in the list of keys to be removed
local HOLD_KEYS=$(get_from "$CONFIG" "HoldKeys") local HOLD_KEYS="$(get_from "$CONFIG" "HoldKeys")"
# Remove the keys that must be kept from the set of keys that should be removed # Remove the keys that must be kept from the set of keys that should be removed
if [[ -n ${HOLD_KEYS} ]]; then if [[ -n ${HOLD_KEYS} ]]; then
for key in ${HOLD_KEYS}; do for key in ${HOLD_KEYS}; do
key_id=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5) key_id="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)"
if [[ -n "${removed_ids[$key_id]}" ]]; then if [[ -n "${removed_ids[$key_id]}" ]]; then
unset removed_ids[$key_id] unset removed_ids[$key_id]
fi fi
@ -157,7 +220,7 @@ reload_keyring() {
# be updated automatically. # be updated automatically.
if [[ -r "${ADDED_KEYS}" ]]; then if [[ -r "${ADDED_KEYS}" ]]; then
msg "$(gettext "Appending official keys...")" msg "$(gettext "Appending official keys...")"
local add_keys=$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) local add_keys="$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)"
for key_id in ${add_keys}; do for key_id in ${add_keys}; do
# There is no point in adding a key that will be deleted right after # There is no point in adding a key that will be deleted right after
if [[ -z "${removed_ids[$key_id]}" ]]; then if [[ -z "${removed_ids[$key_id]}" ]]; then
@ -168,7 +231,7 @@ reload_keyring() {
if [[ -r "${DEPRECATED_KEYS}" ]]; then if [[ -r "${DEPRECATED_KEYS}" ]]; then
msg "$(gettext "Appending deprecated keys...")" msg "$(gettext "Appending deprecated keys...")"
local add_keys=$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) local add_keys="$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)"
for key_id in ${add_keys}; do for key_id in ${add_keys}; do
# There is no point in adding a key that will be deleted right after # There is no point in adding a key that will be deleted right after
if [[ -z "${removed_ids[$key_id]}" ]]; then if [[ -z "${removed_ids[$key_id]}" ]]; then
@ -191,6 +254,30 @@ reload_keyring() {
${GPG_PACMAN} --batch --check-trustdb ${GPG_PACMAN} --batch --check-trustdb
} }
receive_keys() {
if [[ -z ${KEYIDS[@]} ]]; then
error "$(gettext "You need to specify the keyserver and at least one key identifier")"
exit 1
fi
${GPG_PACMAN} --keyserver "$KEYSERVER" --recv-keys "${KEYIDS[@]}"
}
edit_keys() {
local errors=0;
for key in ${KEYIDS[@]}; do
# Verify if the key exists in pacman's keyring
if ! ${GPG_PACMAN} --list-keys "$key" &>/dev/null; then
error "$(gettext "The key identified by %s does not exist")" "$key"
errors=1;
fi
done
(( errors )) && exit 1;
for key in ${KEYIDS[@]}; do
${GPG_PACMAN} --edit-key "$key"
done
}
# PROGRAM START # PROGRAM START
if ! type gettext &>/dev/null; then if ! type gettext &>/dev/null; then
gettext() { gettext() {
@ -198,116 +285,96 @@ if ! type gettext &>/dev/null; then
} }
fi fi
if [[ $1 != "--version" && $1 != "-V" && $1 != "--help" && $1 != "-h" && $1 != "" ]]; then OPT_SHORT="a::d:e:f::hlr:uv:V"
if type -p gpg >/dev/null 2>&1 = 1; then OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:"
error "$(gettext "gnupg does not seem to be installed.")" OPT_LONG+=",help,init,list,receive:,reload,updatedb,verify:,version"
msg2 "$(gettext "pacman-key requires gnupg for most operations.")" if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
exit 1 echo; usage; exit 1 # E_INVALID_OPTION;
elif (( EUID != 0 )); then
error "$(gettext "pacman-key needs to be run as root.")"
exit 1
fi fi
eval set -- "$OPT_TEMP"
unset OPT_SHORT OPT_LONG OPT_TEMP
if [[ $1 == "--" ]]; then
usage;
exit 0;
fi fi
# Parse global options while true; do
CONFIG="@sysconfdir@/pacman.conf"
PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg"
while [[ $1 =~ ^--(config|gpgdir)$ ]]; do
case "$1" in case "$1" in
--config) shift; CONFIG="$1" ;; -a|--add) ADD=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYFILES=($1) ;;
--gpgdir) shift; PACMAN_KEYRING_DIR="$1" ;; --config) shift; CONFIG=$1 ;;
-d|--delete) DELETE=1; shift; KEYIDS=($1) ;;
--edit-key) EDITKEY=1; shift; KEYIDS=($1) ;;
-e|--export) EXPORT=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
-f|--finger) FINGER=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
--gpgdir) shift; PACMAN_KEYRING_DIR=$1 ;;
--init) INIT=1 ;;
-l|--list) LIST=1 ;;
-r|--receive) RECEIVE=1; shift; KEYSERVER="${1[0]}"; KEYIDS=("${1[@]:1}") ;;
--reload) RELOAD=1 ;;
-u|--updatedb) UPDATEDB=1 ;;
-v|--verify) VERIFY=1; shift; SIGNATURE=$1 ;;
-h|--help) usage; exit 0 ;;
-V|--version) version; exit 0 ;;
--) OPT_IND=0; shift; break;;
*) usage; exit 1 ;;
esac esac
shift shift
done done
if [[ ! -r "${CONFIG}" ]]; then
error "$(gettext "%s not found.")" "$CONFIG" if ! type -p gpg >/dev/null; then
error "$(gettext "Cannot find the %s binary required for all %s operations.")" "gpg" "pacman-key"
exit 1 exit 1
fi fi
# Read GPGDIR from $CONFIG. if (( (ADD || DELETE || EDITKEY || INIT || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then
if [[ GPGDIR=$(get_from "$CONFIG" "GPGDir") == 0 ]]; then error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key"
PACMAN_KEYRING_DIR="${GPGDIR}" exit 1
fi fi
CONFIG=${CONFIG:-@sysconfdir@/pacman.conf}
if [[ ! -r "${CONFIG}" ]]; then
error "$(gettext "%s configuation file '%s' not found.")" "pacman" "$CONFIG"
exit 1
fi
# if PACMAN_KEYRING_DIR isn't assigned, try to get it from the config
# file, falling back on a hard default
PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "@sysconfdir@/pacman.d/gnupg")}
GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning"
# Try to create $PACMAN_KEYRING_DIR if non-existent # check only a single operation has been given
# Check for simple existence rather than for a directory as someone may want numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + INIT + LIST + RECEIVE + RELOAD + UPDATEBD + VERIFY ))
# to use a symlink here
[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
# Parse and execute command if (( ! numopt )); then
command="$1" error "$(gettext "No operations specified")"
if [[ -z "${command}" ]]; then echo
usage usage
exit 1 exit 1
fi fi
shift
case "${command}" in if (( numopt != 1 )); then
-a|--add) error "$(gettext "Multiple operations specified")"
# If there is no extra parameter, gpg will read stdin printf "$(gettext "Please run %s with each operation separately\n")" "pacman-key"
${GPG_PACMAN} --quiet --batch --import "$@"
;;
-d|--del)
if (( $# == 0 )); then
error "$(gettext "You need to specify at least one key identifier")"
exit 1 exit 1
fi fi
${GPG_PACMAN} --quiet --batch --delete-key --yes "$@"
;; (( ! INIT )) && check_keyring
-u|--updatedb)
${GPG_PACMAN} --batch --check-trustdb (( ADD )) && ${GPG_PACMAN} --quiet --batch --import "${KEYFILES[@]}"
;; (( DELETE )) && ${GPG_PACMAN} --quiet --batch --delete-key --yes "${KEYIDS[@]}"
--reload) (( EDITKEY )) && edit_keys
reload_keyring (( EXPORT )) && ${GPG_PACMAN} --armor --export "${KEYIDS[@]}"
;; (( FINGER )) && ${GPG_PACMAN} --batch --fingerprint "${KEYIDS[@]}"
-l|--list) (( INIT )) && initialize
${GPG_PACMAN} --batch --list-sigs "$@" (( LIST )) && ${GPG_PACMAN} --batch --list-sigs "${KEYIDS[@]}"
;; (( RECEIVE )) && receive_keys
-f|--finger) (( RELOAD )) && reload_keyring
${GPG_PACMAN} --batch --fingerprint "$@" (( UPDATEDB )) && ${GPG_PACMAN} --batch --check-trustdb
;; (( VERIFY )) && ${GPG_PACMAN} --verify $SIGNATURE
-e|--export)
${GPG_PACMAN} --armor --export "$@"
;;
-r|--receive)
if (( $# < 2 )); then
error "$(gettext "You need to specify the keyserver and at least one key identifier")"
exit 1
fi
keyserver="$1"
shift
${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@"
;;
-t|--trust)
if (( $# == 0 )); then
error "$(gettext "You need to specify at least one key identifier")"
exit 1
fi
while (( $# > 0 )); do
# Verify if the key exists in pacman's keyring
if ${GPG_PACMAN} --list-keys "$1" > /dev/null 2>&1; then
${GPG_PACMAN} --edit-key "$1"
else
error "$(gettext "The key identified by %s doesn't exist")" "$1"
exit 1
fi
shift
done
;;
--adv)
msg "$(gettext "Executing: %s ")$*" "${GPG_PACMAN}"
${GPG_PACMAN} "$@" || ret=$?
exit $ret
;;
-h|--help)
usage; exit 0 ;;
-V|--version)
version; exit 0 ;;
*)
error "$(gettext "Unknown command:") $command"
usage; exit 1 ;;
esac
# vim: set ts=2 sw=2 noet: # vim: set ts=2 sw=2 noet: