pacman-key: split keyserver to a separate option
This also renames '--receive' to '-recv-keys' to match the wrapped gpg option name, rather than invent a new one, now that the calling convention is the same. Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
parent
5a9b07b0e7
commit
d9545103b9
|
@ -71,6 +71,12 @@ Options
|
|||
Ensure the keyring is properly initialized and has the required access
|
||||
permissions.
|
||||
|
||||
*\--keyserver* <keyserver>::
|
||||
Use the specified keyserver if the operation requires one. This will take
|
||||
precedence over any keyserver option specified in a `gpg.conf`
|
||||
configuration file. Running '\--init' with this option will set the default
|
||||
keyserver if one was not already configured.
|
||||
|
||||
*-l, \--list-keys* [keyid(s)]::
|
||||
Lists all or specified keys from the public keyring.
|
||||
|
||||
|
@ -81,8 +87,8 @@ Options
|
|||
Locally sign the given key. This is primarily used to root the web of trust
|
||||
in the local private key generated by '\--init'.
|
||||
|
||||
*-r, \--receive* <keyserver> <keyid(s)>::
|
||||
Fetch the specified keyid(s) from the specified key server URL.
|
||||
*-r, \--recv-keys* <keyid(s)>::
|
||||
Equivalent to '\--recv-keys' in GnuPG.
|
||||
|
||||
*\--populate* [keyring(s)]::
|
||||
Reload the default keys from the (optionally provided) keyrings in
|
||||
|
|
|
@ -35,6 +35,7 @@ FINGER=0
|
|||
IMPORT=0
|
||||
IMPORT_TRUSTDB=0
|
||||
INIT=0
|
||||
KEYSERVER=''
|
||||
LISTKEYS=0
|
||||
LISTSIGS=0
|
||||
LSIGNKEY=0
|
||||
|
@ -43,6 +44,8 @@ RECEIVE=0
|
|||
UPDATEDB=0
|
||||
VERIFY=0
|
||||
|
||||
DEFAULT_KEYSERVER='hkp://keys.gnupg.net'
|
||||
|
||||
m4_include(library/output_format.sh)
|
||||
|
||||
m4_include(library/parse_options.sh)
|
||||
|
@ -61,7 +64,7 @@ usage() {
|
|||
echo "$(gettext " -f, --finger [keyid(s)] List fingerprint for specified or all keyids")"
|
||||
echo "$(gettext " -h, --help Show this help message and exit")"
|
||||
echo "$(gettext " -l, --list-keys [keyid(s)] List the specified or all keys")"
|
||||
echo "$(gettext " -r, --receive <keyserver> <keyid(s)> Fetch the specified keyids")"
|
||||
echo "$(gettext " -r, --recv-keys <keyid(s)> Fetch the specified keyids")"
|
||||
echo "$(gettext " -u, --updatedb Update the trustdb of pacman")"
|
||||
echo "$(gettext " -v, --verify <signature> Verify the file specified by the signature")"
|
||||
echo "$(gettext " -V, --version Show program version")"
|
||||
|
@ -73,6 +76,7 @@ usage() {
|
|||
echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")"
|
||||
echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")"
|
||||
echo "$(gettext " --init Ensure the keyring is properly initialized")"
|
||||
echo "$(gettext " --keyserver Specify a keyserver to use if necessary")"
|
||||
echo "$(gettext " --list-sigs [keyid(s)] List keys and their signatures")"
|
||||
echo "$(gettext " --lsign-key <keyid> Locally sign the specified keyid")"
|
||||
printf "$(gettext " --populate [keyring(s)] Reload the default keys from the (given) keyrings\n\
|
||||
|
@ -136,7 +140,7 @@ add_gpg_conf_option() {
|
|||
}
|
||||
|
||||
initialize() {
|
||||
local conffile
|
||||
local conffile keyserv
|
||||
# Check for simple existence rather than for a directory as someone
|
||||
# may want to use a symlink here
|
||||
[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
|
||||
|
@ -155,7 +159,8 @@ initialize() {
|
|||
add_gpg_conf_option "$conffile" 'no-greeting'
|
||||
add_gpg_conf_option "$conffile" 'no-permission-warning'
|
||||
add_gpg_conf_option "$conffile" 'lock-never'
|
||||
add_gpg_conf_option "$conffile" 'keyserver' 'hkp://keys.gnupg.net'
|
||||
keyserv=${KEYSERVER:-$DEFAULT_KEYSERVER}
|
||||
add_gpg_conf_option "$conffile" 'keyserver' "$keyserv"
|
||||
|
||||
# set up a private signing key (if none available)
|
||||
if [[ $(secret_keys_available) -lt 1 ]]; then
|
||||
|
@ -304,14 +309,6 @@ populate_keyring() {
|
|||
fi
|
||||
}
|
||||
|
||||
receive_keys() {
|
||||
if [[ -z ${KEYIDS[@]} ]]; then
|
||||
error "$(gettext "You need to specify the keyserver and at least one key identifier")"
|
||||
exit 1
|
||||
fi
|
||||
"${GPG_PACMAN[@]}" --keyserver "$KEYSERVER" --recv-keys "${KEYIDS[@]}"
|
||||
}
|
||||
|
||||
edit_keys() {
|
||||
local errors=0;
|
||||
for key in ${KEYIDS[@]}; do
|
||||
|
@ -365,8 +362,8 @@ fi
|
|||
|
||||
OPT_SHORT="a::d:e:f::hl::r:uv:V"
|
||||
OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:"
|
||||
OPT_LONG+=",help,import:,import-trustdb:,init,list-keys::,list-sigs::"
|
||||
OPT_LONG+=",lsign-key:,populate::,receive:,updatedb,verify:,version"
|
||||
OPT_LONG+=",help,import:,import-trustdb:,init,keyserver:,list-keys::,list-sigs::"
|
||||
OPT_LONG+=",lsign-key:,populate::,recv-keys:,updatedb,verify:,version"
|
||||
if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
|
||||
echo; usage; exit 1 # E_INVALID_OPTION;
|
||||
fi
|
||||
|
@ -390,11 +387,12 @@ while true; do
|
|||
--import) IMPORT=1; shift; IMPORT_DIRS=($1); UPDATEDB=1 ;;
|
||||
--import-trustdb) IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1); UPDATEDB=1 ;;
|
||||
--init) INIT=1 ;;
|
||||
--keyserver) shift; KEYSERVER=$1 ;;
|
||||
-l|--list-keys) LISTKEYS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
|
||||
--list-sigs) LISTSIGS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
|
||||
--lsign-key) LSIGNKEY=1; shift; KEYIDS=($1); UPDATEDB=1 ;;
|
||||
--populate) POPULATE=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYRINGIDS=($1); UPDATEDB=1 ;;
|
||||
-r|--receive) RECEIVE=1; shift; TMP=($1); KEYSERVER=${TMP[0]}; KEYIDS=(${TMP[@]:1}); unset TMP; UPDATEDB=1 ;;
|
||||
-r|--recv-keys) RECEIVE=1; shift; KEYIDS=($1); UPDATEDB=1 ;;
|
||||
-u|--updatedb) UPDATEDB=1 ;;
|
||||
-v|--verify) VERIFY=1; shift; SIGNATURE=$1 ;;
|
||||
|
||||
|
@ -429,6 +427,9 @@ fi
|
|||
PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "@sysconfdir@/pacman.d/gnupg")}
|
||||
|
||||
GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning)
|
||||
if [[ -n ${KEYSERVER} ]]; then
|
||||
GPG_PACMAN+=(--keyserver ${KEYSERVER})
|
||||
fi
|
||||
|
||||
# check only a single operation has been given
|
||||
# don't include UPDATEDB in here as other opts can induce it
|
||||
|
@ -464,7 +465,7 @@ esac
|
|||
# TODO: we can't do --batch on lsign until we figure out --command-fd
|
||||
(( LSIGNKEY )) && "${GPG_PACMAN[@]}" --lsign-key "${KEYIDS[@]}"
|
||||
(( POPULATE )) && populate_keyring
|
||||
(( RECEIVE )) && receive_keys
|
||||
(( RECEIVE )) && "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}"
|
||||
(( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE
|
||||
|
||||
if (( UPDATEDB )); then
|
||||
|
|
Loading…
Reference in New Issue