pacman-key: split keyserver to a separate option
This also renames '--receive' to '-recv-keys' to match the wrapped gpg option name, rather than invent a new one, now that the calling convention is the same. Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
parent
5a9b07b0e7
commit
d9545103b9
|
@ -71,6 +71,12 @@ Options
|
||||||
Ensure the keyring is properly initialized and has the required access
|
Ensure the keyring is properly initialized and has the required access
|
||||||
permissions.
|
permissions.
|
||||||
|
|
||||||
|
*\--keyserver* <keyserver>::
|
||||||
|
Use the specified keyserver if the operation requires one. This will take
|
||||||
|
precedence over any keyserver option specified in a `gpg.conf`
|
||||||
|
configuration file. Running '\--init' with this option will set the default
|
||||||
|
keyserver if one was not already configured.
|
||||||
|
|
||||||
*-l, \--list-keys* [keyid(s)]::
|
*-l, \--list-keys* [keyid(s)]::
|
||||||
Lists all or specified keys from the public keyring.
|
Lists all or specified keys from the public keyring.
|
||||||
|
|
||||||
|
@ -81,8 +87,8 @@ Options
|
||||||
Locally sign the given key. This is primarily used to root the web of trust
|
Locally sign the given key. This is primarily used to root the web of trust
|
||||||
in the local private key generated by '\--init'.
|
in the local private key generated by '\--init'.
|
||||||
|
|
||||||
*-r, \--receive* <keyserver> <keyid(s)>::
|
*-r, \--recv-keys* <keyid(s)>::
|
||||||
Fetch the specified keyid(s) from the specified key server URL.
|
Equivalent to '\--recv-keys' in GnuPG.
|
||||||
|
|
||||||
*\--populate* [keyring(s)]::
|
*\--populate* [keyring(s)]::
|
||||||
Reload the default keys from the (optionally provided) keyrings in
|
Reload the default keys from the (optionally provided) keyrings in
|
||||||
|
|
|
@ -35,6 +35,7 @@ FINGER=0
|
||||||
IMPORT=0
|
IMPORT=0
|
||||||
IMPORT_TRUSTDB=0
|
IMPORT_TRUSTDB=0
|
||||||
INIT=0
|
INIT=0
|
||||||
|
KEYSERVER=''
|
||||||
LISTKEYS=0
|
LISTKEYS=0
|
||||||
LISTSIGS=0
|
LISTSIGS=0
|
||||||
LSIGNKEY=0
|
LSIGNKEY=0
|
||||||
|
@ -43,6 +44,8 @@ RECEIVE=0
|
||||||
UPDATEDB=0
|
UPDATEDB=0
|
||||||
VERIFY=0
|
VERIFY=0
|
||||||
|
|
||||||
|
DEFAULT_KEYSERVER='hkp://keys.gnupg.net'
|
||||||
|
|
||||||
m4_include(library/output_format.sh)
|
m4_include(library/output_format.sh)
|
||||||
|
|
||||||
m4_include(library/parse_options.sh)
|
m4_include(library/parse_options.sh)
|
||||||
|
@ -61,7 +64,7 @@ usage() {
|
||||||
echo "$(gettext " -f, --finger [keyid(s)] List fingerprint for specified or all keyids")"
|
echo "$(gettext " -f, --finger [keyid(s)] List fingerprint for specified or all keyids")"
|
||||||
echo "$(gettext " -h, --help Show this help message and exit")"
|
echo "$(gettext " -h, --help Show this help message and exit")"
|
||||||
echo "$(gettext " -l, --list-keys [keyid(s)] List the specified or all keys")"
|
echo "$(gettext " -l, --list-keys [keyid(s)] List the specified or all keys")"
|
||||||
echo "$(gettext " -r, --receive <keyserver> <keyid(s)> Fetch the specified keyids")"
|
echo "$(gettext " -r, --recv-keys <keyid(s)> Fetch the specified keyids")"
|
||||||
echo "$(gettext " -u, --updatedb Update the trustdb of pacman")"
|
echo "$(gettext " -u, --updatedb Update the trustdb of pacman")"
|
||||||
echo "$(gettext " -v, --verify <signature> Verify the file specified by the signature")"
|
echo "$(gettext " -v, --verify <signature> Verify the file specified by the signature")"
|
||||||
echo "$(gettext " -V, --version Show program version")"
|
echo "$(gettext " -V, --version Show program version")"
|
||||||
|
@ -73,6 +76,7 @@ usage() {
|
||||||
echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")"
|
echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")"
|
||||||
echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")"
|
echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")"
|
||||||
echo "$(gettext " --init Ensure the keyring is properly initialized")"
|
echo "$(gettext " --init Ensure the keyring is properly initialized")"
|
||||||
|
echo "$(gettext " --keyserver Specify a keyserver to use if necessary")"
|
||||||
echo "$(gettext " --list-sigs [keyid(s)] List keys and their signatures")"
|
echo "$(gettext " --list-sigs [keyid(s)] List keys and their signatures")"
|
||||||
echo "$(gettext " --lsign-key <keyid> Locally sign the specified keyid")"
|
echo "$(gettext " --lsign-key <keyid> Locally sign the specified keyid")"
|
||||||
printf "$(gettext " --populate [keyring(s)] Reload the default keys from the (given) keyrings\n\
|
printf "$(gettext " --populate [keyring(s)] Reload the default keys from the (given) keyrings\n\
|
||||||
|
@ -136,7 +140,7 @@ add_gpg_conf_option() {
|
||||||
}
|
}
|
||||||
|
|
||||||
initialize() {
|
initialize() {
|
||||||
local conffile
|
local conffile keyserv
|
||||||
# Check for simple existence rather than for a directory as someone
|
# Check for simple existence rather than for a directory as someone
|
||||||
# may want to use a symlink here
|
# may want to use a symlink here
|
||||||
[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
|
[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
|
||||||
|
@ -155,7 +159,8 @@ initialize() {
|
||||||
add_gpg_conf_option "$conffile" 'no-greeting'
|
add_gpg_conf_option "$conffile" 'no-greeting'
|
||||||
add_gpg_conf_option "$conffile" 'no-permission-warning'
|
add_gpg_conf_option "$conffile" 'no-permission-warning'
|
||||||
add_gpg_conf_option "$conffile" 'lock-never'
|
add_gpg_conf_option "$conffile" 'lock-never'
|
||||||
add_gpg_conf_option "$conffile" 'keyserver' 'hkp://keys.gnupg.net'
|
keyserv=${KEYSERVER:-$DEFAULT_KEYSERVER}
|
||||||
|
add_gpg_conf_option "$conffile" 'keyserver' "$keyserv"
|
||||||
|
|
||||||
# set up a private signing key (if none available)
|
# set up a private signing key (if none available)
|
||||||
if [[ $(secret_keys_available) -lt 1 ]]; then
|
if [[ $(secret_keys_available) -lt 1 ]]; then
|
||||||
|
@ -304,14 +309,6 @@ populate_keyring() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
receive_keys() {
|
|
||||||
if [[ -z ${KEYIDS[@]} ]]; then
|
|
||||||
error "$(gettext "You need to specify the keyserver and at least one key identifier")"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
"${GPG_PACMAN[@]}" --keyserver "$KEYSERVER" --recv-keys "${KEYIDS[@]}"
|
|
||||||
}
|
|
||||||
|
|
||||||
edit_keys() {
|
edit_keys() {
|
||||||
local errors=0;
|
local errors=0;
|
||||||
for key in ${KEYIDS[@]}; do
|
for key in ${KEYIDS[@]}; do
|
||||||
|
@ -365,8 +362,8 @@ fi
|
||||||
|
|
||||||
OPT_SHORT="a::d:e:f::hl::r:uv:V"
|
OPT_SHORT="a::d:e:f::hl::r:uv:V"
|
||||||
OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:"
|
OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:"
|
||||||
OPT_LONG+=",help,import:,import-trustdb:,init,list-keys::,list-sigs::"
|
OPT_LONG+=",help,import:,import-trustdb:,init,keyserver:,list-keys::,list-sigs::"
|
||||||
OPT_LONG+=",lsign-key:,populate::,receive:,updatedb,verify:,version"
|
OPT_LONG+=",lsign-key:,populate::,recv-keys:,updatedb,verify:,version"
|
||||||
if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
|
if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
|
||||||
echo; usage; exit 1 # E_INVALID_OPTION;
|
echo; usage; exit 1 # E_INVALID_OPTION;
|
||||||
fi
|
fi
|
||||||
|
@ -390,11 +387,12 @@ while true; do
|
||||||
--import) IMPORT=1; shift; IMPORT_DIRS=($1); UPDATEDB=1 ;;
|
--import) IMPORT=1; shift; IMPORT_DIRS=($1); UPDATEDB=1 ;;
|
||||||
--import-trustdb) IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1); UPDATEDB=1 ;;
|
--import-trustdb) IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1); UPDATEDB=1 ;;
|
||||||
--init) INIT=1 ;;
|
--init) INIT=1 ;;
|
||||||
|
--keyserver) shift; KEYSERVER=$1 ;;
|
||||||
-l|--list-keys) LISTKEYS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
|
-l|--list-keys) LISTKEYS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
|
||||||
--list-sigs) LISTSIGS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
|
--list-sigs) LISTSIGS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
|
||||||
--lsign-key) LSIGNKEY=1; shift; KEYIDS=($1); UPDATEDB=1 ;;
|
--lsign-key) LSIGNKEY=1; shift; KEYIDS=($1); UPDATEDB=1 ;;
|
||||||
--populate) POPULATE=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYRINGIDS=($1); UPDATEDB=1 ;;
|
--populate) POPULATE=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYRINGIDS=($1); UPDATEDB=1 ;;
|
||||||
-r|--receive) RECEIVE=1; shift; TMP=($1); KEYSERVER=${TMP[0]}; KEYIDS=(${TMP[@]:1}); unset TMP; UPDATEDB=1 ;;
|
-r|--recv-keys) RECEIVE=1; shift; KEYIDS=($1); UPDATEDB=1 ;;
|
||||||
-u|--updatedb) UPDATEDB=1 ;;
|
-u|--updatedb) UPDATEDB=1 ;;
|
||||||
-v|--verify) VERIFY=1; shift; SIGNATURE=$1 ;;
|
-v|--verify) VERIFY=1; shift; SIGNATURE=$1 ;;
|
||||||
|
|
||||||
|
@ -429,6 +427,9 @@ fi
|
||||||
PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "@sysconfdir@/pacman.d/gnupg")}
|
PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "@sysconfdir@/pacman.d/gnupg")}
|
||||||
|
|
||||||
GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning)
|
GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning)
|
||||||
|
if [[ -n ${KEYSERVER} ]]; then
|
||||||
|
GPG_PACMAN+=(--keyserver ${KEYSERVER})
|
||||||
|
fi
|
||||||
|
|
||||||
# check only a single operation has been given
|
# check only a single operation has been given
|
||||||
# don't include UPDATEDB in here as other opts can induce it
|
# don't include UPDATEDB in here as other opts can induce it
|
||||||
|
@ -464,7 +465,7 @@ esac
|
||||||
# TODO: we can't do --batch on lsign until we figure out --command-fd
|
# TODO: we can't do --batch on lsign until we figure out --command-fd
|
||||||
(( LSIGNKEY )) && "${GPG_PACMAN[@]}" --lsign-key "${KEYIDS[@]}"
|
(( LSIGNKEY )) && "${GPG_PACMAN[@]}" --lsign-key "${KEYIDS[@]}"
|
||||||
(( POPULATE )) && populate_keyring
|
(( POPULATE )) && populate_keyring
|
||||||
(( RECEIVE )) && receive_keys
|
(( RECEIVE )) && "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}"
|
||||||
(( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE
|
(( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE
|
||||||
|
|
||||||
if (( UPDATEDB )); then
|
if (( UPDATEDB )); then
|
||||||
|
|
Loading…
Reference in New Issue