pacman-key: move verifying keyring files to own function
Also check all files before bailing on errors. Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
parent
74e5a494b0
commit
74f6d717a3
|
@ -87,6 +87,37 @@ get_from() {
|
||||||
done < "$1"
|
done < "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
verify_keyring_input() {
|
||||||
|
local ret=0;
|
||||||
|
|
||||||
|
# Verify signatures of related files, if they exist
|
||||||
|
if [[ -r "${ADDED_KEYS}" ]]; then
|
||||||
|
msg "$(gettext "Verifying official keys file signature...")"
|
||||||
|
if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then
|
||||||
|
error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
|
||||||
|
ret=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -r "${DEPRECATED_KEYS}" ]]; then
|
||||||
|
msg "$(gettext "Verifying deprecated keys file signature...")"
|
||||||
|
if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
|
||||||
|
error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
|
||||||
|
ret=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -r "${REMOVED_KEYS}" ]]; then
|
||||||
|
msg "$(gettext "Verifying deleted keys file signature...")"
|
||||||
|
if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
|
||||||
|
error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
|
||||||
|
ret=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
return errors
|
||||||
|
}
|
||||||
|
|
||||||
reload_keyring() {
|
reload_keyring() {
|
||||||
local PACMAN_SHARE_DIR='@prefix@/share/pacman'
|
local PACMAN_SHARE_DIR='@prefix@/share/pacman'
|
||||||
local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
|
local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
|
||||||
|
@ -105,30 +136,7 @@ reload_keyring() {
|
||||||
# It is a textual list of values that gpg recogniezes as identifiers for keys.
|
# It is a textual list of values that gpg recogniezes as identifiers for keys.
|
||||||
local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
|
local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
|
||||||
|
|
||||||
# Verify signatures of related files, if they exist
|
verify_keyring_input || exit 1
|
||||||
if [[ -r "${ADDED_KEYS}" ]]; then
|
|
||||||
msg "$(gettext "Verifying official keys file signature...")"
|
|
||||||
if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then
|
|
||||||
error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ -r "${DEPRECATED_KEYS}" ]]; then
|
|
||||||
msg "$(gettext "Verifying deprecated keys file signature...")"
|
|
||||||
if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
|
|
||||||
error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ -r "${REMOVED_KEYS}" ]]; then
|
|
||||||
msg "$(gettext "Verifying deleted keys file signature...")"
|
|
||||||
if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
|
|
||||||
error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Read the key ids to an array. The conversion from whatever is inside the file
|
# Read the key ids to an array. The conversion from whatever is inside the file
|
||||||
# to key ids is important, because key ids are the only guarantee of identification
|
# to key ids is important, because key ids are the only guarantee of identification
|
||||||
|
|
Loading…
Reference in New Issue