pacman-key: change GPG_PACMAN and GPG_NOKEYRING to arrays
Allows the commands to safely handle any possible arguments Signed-off-by: DJ Mills <danielmills1@gmail.com> Allan: rebase patch Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
parent
d9875c5e6c
commit
c5d4c92ad4
|
@ -101,7 +101,7 @@ initialize() {
|
||||||
# keyring files
|
# keyring files
|
||||||
[[ -f ${PACMAN_KEYRING_DIR}/pubring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/pubring.gpg
|
[[ -f ${PACMAN_KEYRING_DIR}/pubring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/pubring.gpg
|
||||||
[[ -f ${PACMAN_KEYRING_DIR}/secring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/secring.gpg
|
[[ -f ${PACMAN_KEYRING_DIR}/secring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/secring.gpg
|
||||||
[[ -f ${PACMAN_KEYRING_DIR}/trustdb.gpg ]] || ${GPG_PACMAN} --update-trustdb
|
[[ -f ${PACMAN_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACMAN[@]}" --update-trustdb
|
||||||
chmod 644 ${PACMAN_KEYRING_DIR}/{{pub,sec}ring,trustdb}.gpg
|
chmod 644 ${PACMAN_KEYRING_DIR}/{{pub,sec}ring,trustdb}.gpg
|
||||||
|
|
||||||
# gpg.conf
|
# gpg.conf
|
||||||
|
@ -137,7 +137,7 @@ verify_keyring_input() {
|
||||||
# Verify signatures of related files, if they exist
|
# Verify signatures of related files, if they exist
|
||||||
if [[ -r "${ADDED_KEYS}" ]]; then
|
if [[ -r "${ADDED_KEYS}" ]]; then
|
||||||
msg "$(gettext "Verifying official keys file signature...")"
|
msg "$(gettext "Verifying official keys file signature...")"
|
||||||
if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then
|
if ! "${GPG_PACMAN[@]}" --verify "${ADDED_KEYS}.sig" &>/dev/null; then
|
||||||
error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
|
error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
|
||||||
ret=1
|
ret=1
|
||||||
fi
|
fi
|
||||||
|
@ -145,7 +145,7 @@ verify_keyring_input() {
|
||||||
|
|
||||||
if [[ -r "${DEPRECATED_KEYS}" ]]; then
|
if [[ -r "${DEPRECATED_KEYS}" ]]; then
|
||||||
msg "$(gettext "Verifying deprecated keys file signature...")"
|
msg "$(gettext "Verifying deprecated keys file signature...")"
|
||||||
if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
|
if ! "${GPG_PACMAN[@]}" --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
|
||||||
error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
|
error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
|
||||||
ret=1
|
ret=1
|
||||||
fi
|
fi
|
||||||
|
@ -153,7 +153,7 @@ verify_keyring_input() {
|
||||||
|
|
||||||
if [[ -r "${REMOVED_KEYS}" ]]; then
|
if [[ -r "${REMOVED_KEYS}" ]]; then
|
||||||
msg "$(gettext "Verifying deleted keys file signature...")"
|
msg "$(gettext "Verifying deleted keys file signature...")"
|
||||||
if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
|
if ! "${GPG_PACMAN[@]}" --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
|
||||||
error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
|
error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
|
||||||
ret=1
|
ret=1
|
||||||
fi
|
fi
|
||||||
|
@ -164,7 +164,7 @@ verify_keyring_input() {
|
||||||
|
|
||||||
reload_keyring() {
|
reload_keyring() {
|
||||||
local PACMAN_SHARE_DIR='@prefix@/share/pacman'
|
local PACMAN_SHARE_DIR='@prefix@/share/pacman'
|
||||||
local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
|
local GPG_NOKEYRING=(gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR})
|
||||||
|
|
||||||
# Variable used for iterating on keyrings
|
# Variable used for iterating on keyrings
|
||||||
local key
|
local key
|
||||||
|
@ -189,7 +189,7 @@ reload_keyring() {
|
||||||
if [[ -r "${REMOVED_KEYS}" ]]; then
|
if [[ -r "${REMOVED_KEYS}" ]]; then
|
||||||
while read key; do
|
while read key; do
|
||||||
local key_values name
|
local key_values name
|
||||||
key_values="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')"
|
key_values="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')"
|
||||||
if [[ -n $key_values ]]; then
|
if [[ -n $key_values ]]; then
|
||||||
# The first word is the key_id
|
# The first word is the key_id
|
||||||
key_id="${key_values%% *}"
|
key_id="${key_values%% *}"
|
||||||
|
@ -209,7 +209,7 @@ reload_keyring() {
|
||||||
# Remove the keys that must be kept from the set of keys that should be removed
|
# Remove the keys that must be kept from the set of keys that should be removed
|
||||||
if [[ -n ${HOLD_KEYS} ]]; then
|
if [[ -n ${HOLD_KEYS} ]]; then
|
||||||
for key in ${HOLD_KEYS}; do
|
for key in ${HOLD_KEYS}; do
|
||||||
key_id="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)"
|
key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)"
|
||||||
if [[ -n "${removed_ids[$key_id]}" ]]; then
|
if [[ -n "${removed_ids[$key_id]}" ]]; then
|
||||||
unset removed_ids[$key_id]
|
unset removed_ids[$key_id]
|
||||||
fi
|
fi
|
||||||
|
@ -220,22 +220,22 @@ reload_keyring() {
|
||||||
# be updated automatically.
|
# be updated automatically.
|
||||||
if [[ -r "${ADDED_KEYS}" ]]; then
|
if [[ -r "${ADDED_KEYS}" ]]; then
|
||||||
msg "$(gettext "Appending official keys...")"
|
msg "$(gettext "Appending official keys...")"
|
||||||
local add_keys="$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)"
|
local add_keys="$("${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)"
|
||||||
for key_id in ${add_keys}; do
|
for key_id in ${add_keys}; do
|
||||||
# There is no point in adding a key that will be deleted right after
|
# There is no point in adding a key that will be deleted right after
|
||||||
if [[ -z "${removed_ids[$key_id]}" ]]; then
|
if [[ -z "${removed_ids[$key_id]}" ]]; then
|
||||||
${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import
|
"${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -r "${DEPRECATED_KEYS}" ]]; then
|
if [[ -r "${DEPRECATED_KEYS}" ]]; then
|
||||||
msg "$(gettext "Appending deprecated keys...")"
|
msg "$(gettext "Appending deprecated keys...")"
|
||||||
local add_keys="$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)"
|
local add_keys="$("${GPG_NOKEYRING[@]}" --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)"
|
||||||
for key_id in ${add_keys}; do
|
for key_id in ${add_keys}; do
|
||||||
# There is no point in adding a key that will be deleted right after
|
# There is no point in adding a key that will be deleted right after
|
||||||
if [[ -z "${removed_ids[$key_id]}" ]]; then
|
if [[ -z "${removed_ids[$key_id]}" ]]; then
|
||||||
${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import
|
"${GPG_NOKEYRING[@]}" --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -245,13 +245,13 @@ reload_keyring() {
|
||||||
msg "$(gettext "Removing deleted keys from keyring...")"
|
msg "$(gettext "Removing deleted keys from keyring...")"
|
||||||
for key_id in "${!removed_ids[@]}"; do
|
for key_id in "${!removed_ids[@]}"; do
|
||||||
echo " removing key $key_id - ${removed_ids[$key_id]}"
|
echo " removing key $key_id - ${removed_ids[$key_id]}"
|
||||||
${GPG_PACMAN} --quiet --batch --yes --delete-key "${key_id}"
|
"${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Update trustdb, just to be sure
|
# Update trustdb, just to be sure
|
||||||
msg "$(gettext "Updating trust database...")"
|
msg "$(gettext "Updating trust database...")"
|
||||||
${GPG_PACMAN} --batch --check-trustdb
|
"${GPG_PACMAN[@]}" --batch --check-trustdb
|
||||||
}
|
}
|
||||||
|
|
||||||
receive_keys() {
|
receive_keys() {
|
||||||
|
@ -259,14 +259,14 @@ receive_keys() {
|
||||||
error "$(gettext "You need to specify the keyserver and at least one key identifier")"
|
error "$(gettext "You need to specify the keyserver and at least one key identifier")"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
${GPG_PACMAN} --keyserver "$KEYSERVER" --recv-keys "${KEYIDS[@]}"
|
"${GPG_PACMAN[@]}" --keyserver "$KEYSERVER" --recv-keys "${KEYIDS[@]}"
|
||||||
}
|
}
|
||||||
|
|
||||||
edit_keys() {
|
edit_keys() {
|
||||||
local errors=0;
|
local errors=0;
|
||||||
for key in ${KEYIDS[@]}; do
|
for key in ${KEYIDS[@]}; do
|
||||||
# Verify if the key exists in pacman's keyring
|
# Verify if the key exists in pacman's keyring
|
||||||
if ! ${GPG_PACMAN} --list-keys "$key" &>/dev/null; then
|
if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null; then
|
||||||
error "$(gettext "The key identified by %s does not exist")" "$key"
|
error "$(gettext "The key identified by %s does not exist")" "$key"
|
||||||
errors=1;
|
errors=1;
|
||||||
fi
|
fi
|
||||||
|
@ -274,7 +274,7 @@ edit_keys() {
|
||||||
(( errors )) && exit 1;
|
(( errors )) && exit 1;
|
||||||
|
|
||||||
for key in ${KEYIDS[@]}; do
|
for key in ${KEYIDS[@]}; do
|
||||||
${GPG_PACMAN} --edit-key "$key"
|
"${GPG_PACMAN[@]}" --edit-key "$key"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -345,7 +345,7 @@ fi
|
||||||
# file, falling back on a hard default
|
# file, falling back on a hard default
|
||||||
PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "@sysconfdir@/pacman.d/gnupg")}
|
PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "@sysconfdir@/pacman.d/gnupg")}
|
||||||
|
|
||||||
GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning"
|
GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning)
|
||||||
|
|
||||||
# check only a single operation has been given
|
# check only a single operation has been given
|
||||||
numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + INIT + LIST + RECEIVE + RELOAD + UPDATEDB + VERIFY ))
|
numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + INIT + LIST + RECEIVE + RELOAD + UPDATEDB + VERIFY ))
|
||||||
|
@ -364,16 +364,16 @@ esac
|
||||||
|
|
||||||
(( ! INIT )) && check_keyring
|
(( ! INIT )) && check_keyring
|
||||||
|
|
||||||
(( ADD )) && ${GPG_PACMAN} --quiet --batch --import "${KEYFILES[@]}"
|
(( ADD )) && "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}"
|
||||||
(( DELETE )) && ${GPG_PACMAN} --quiet --batch --delete-key --yes "${KEYIDS[@]}"
|
(( DELETE )) && "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}"
|
||||||
(( EDITKEY )) && edit_keys
|
(( EDITKEY )) && edit_keys
|
||||||
(( EXPORT )) && ${GPG_PACMAN} --armor --export "${KEYIDS[@]}"
|
(( EXPORT )) && "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}"
|
||||||
(( FINGER )) && ${GPG_PACMAN} --batch --fingerprint "${KEYIDS[@]}"
|
(( FINGER )) && "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}"
|
||||||
(( INIT )) && initialize
|
(( INIT )) && initialize
|
||||||
(( LIST )) && ${GPG_PACMAN} --batch --list-sigs "${KEYIDS[@]}"
|
(( LIST )) && "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}"
|
||||||
(( RECEIVE )) && receive_keys
|
(( RECEIVE )) && receive_keys
|
||||||
(( RELOAD )) && reload_keyring
|
(( RELOAD )) && reload_keyring
|
||||||
(( UPDATEDB )) && ${GPG_PACMAN} --batch --check-trustdb
|
(( UPDATEDB )) && "${GPG_PACMAN[@]}" --batch --check-trustdb
|
||||||
(( VERIFY )) && ${GPG_PACMAN} --verify $SIGNATURE
|
(( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE
|
||||||
|
|
||||||
# vim: set ts=2 sw=2 noet:
|
# vim: set ts=2 sw=2 noet:
|
||||||
|
|
Loading…
Reference in New Issue