The option --trus was changed to --edit-key, for better alignment with the underlying --edit-key of gnupg.
The options --config and --gpgdir were not being handled correctly. They would not work if were not used as first arguments always. Now the handling is more flexible. The use of gpg for verification purposes was leaking inconvenient messages to the output, so they were quieted with --quiet, 1>/dev/null and 2>&1. Signed-off-by: Denis A. Altoé Falqueto <[email protected]> --- doc/pacman-key.8.txt | 4 +- scripts/pacman-key.sh.in | 100 ++++++++++++++++++++++++++++++---------------- 2 files changed, 67 insertions(+), 37 deletions(-) diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index 5ebbd0a..ba97b82 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -59,8 +59,8 @@ Commands *\--reload*:: Reloads the keys from the keyring package -*-t*, *\--trust* 'keyid':: - Set the trust level of the given key +*-t*, *\--edit-key* 'keyid ...':: + Edit trust properties for the given keys *-u*, *\--updatedb*:: Equivalent to \--check-trustdb in GnuPG diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index ccaf4b2..dd20172 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -71,7 +71,7 @@ usage() { echo "$(gettext " -l | --list - list keys")" echo "$(gettext " -r | --receive <keyserver> <keyid> ... - fetch the keyids from the specified")" echo "$(gettext " keyserver URL")" - echo "$(gettext " -t | --trust <keyid> ... - set the trust level of the given key")" + echo "$(gettext " -t | --edit-key <keyid> ... - edit trust properties for the given keys")" echo "$(gettext " -u | --updatedb - update the trustdb of pacman")" echo "$(gettext " -v | --version - displays the current version")" echo "$(gettext " --adv <params> - use pacman's keyring as target for")" @@ -117,7 +117,7 @@ reload_keyring() { # Verify signatures of related files, if they exist if [[ -r "${ADDED_KEYS}" ]]; then msg "$(gettext "Verifying official keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then + if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}" exit 1 fi @@ -125,7 +125,7 @@ reload_keyring() { if [[ -r "${DEPRECATED_KEYS}" ]]; then msg "$(gettext "Verifying deprecated keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then + if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}" exit 1 fi @@ -133,7 +133,7 @@ reload_keyring() { if [[ -r "${REMOVED_KEYS}" ]]; then msg "$(gettext "Verifying deleted keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${REMOVED_KEYS}.sig"; then + if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}" exit 1 fi @@ -229,15 +229,40 @@ if [[ $1 != "--version" && $1 != "-v" && $1 != "--help" && $1 != "-h" && $1 != " fi fi -# Parse global options +# Iterate over the parameters to get --config and --gpgdir +# The other parameters will be filtered to another array, +# so --config and --gpgdir don't interfere with other options. CONFIG="@sysconfdir@/pacman.conf" -PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg" -while [[ $1 =~ ^--(config|gpgdir)$ ]]; do - case "$1" in - --config) shift; CONFIG="$1" ;; - --gpgdir) shift; PACMAN_KEYRING_DIR="$1" ;; +declare -a PARAMS +GPGDIR="" +isconfig=0 +isgpgdir=0 +for arg in "$@"; do + if (( isconfig )); then + isconfig=0 + CONFIG="$arg" + if [[ ! -f "$CONFIG" ]]; then + error "$(gettext "The configuration file is not a valid file.")" + usage + exit 1 + fi + continue + fi + if (( isgpgdir )); then + isgpgdir=0 + GPGDIR="$arg" + if [[ ! -d "$GPGDIR" ]]; then + error "$(gettext "The home directory for GnuPG is not valid.")" + usage + exit 1 + fi + continue + fi + case "$arg" in + --config) isconfig=1;; + --gpgdir) isgpgdir=1;; + *) PARAMS[${#PARAMS[@]}]="$arg" esac - shift done if [[ ! -r "${CONFIG}" ]]; then @@ -246,33 +271,35 @@ if [[ ! -r "${CONFIG}" ]]; then fi # Read GPGDIR from $CONFIG. -# The pattern is: any spaces or tabs, GPGDir, any spaces or tabs, equal sign -# and the rest of the line. The string is splitted after the first occurrence of = -if [[ GPGDIR=$(find_config "GPGDir") == 0 ]]; then - PACMAN_KEYRING_DIR="${GPGDIR}" -fi +# The precedence for GPGDIR is: +# 1st: command line +# 2nd: pacman.conf +# 3rd: default value +[[ -z "$GPGDIR" ]] && GPGDIR=$(find_config "GPGDir") +[[ -z "$GPGDIR" ]] && GPGDIR="@sysconfdir@/pacman.d/gnupg" +PACMAN_KEYRING_DIR="${GPGDIR}" GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR}" # Parse and execute command -command="$1" +command="${PARAMS[0]}" if [[ -z "${command}" ]]; then usage exit 1 fi -shift +unset PARAMS[0] case "${command}" in -a|--add) # If there is no extra parameter, gpg will read stdin - ${GPG_PACMAN} --quiet --batch --import "$@" + ${GPG_PACMAN} --quiet --batch --import "${PARAMS[@]}" ;; -d|--del) - if (( $# == 0 )); then + if (( ${#PARAMS[@]} == 0 )); then error "$(gettext "You need to specify at least one key identifier")" usage exit 1 fi - ${GPG_PACMAN} --quiet --batch --delete-key --yes "$@" + ${GPG_PACMAN} --quiet --batch --delete-key --yes "${PARAMS[@]}" ;; -u|--updatedb) ${GPG_PACMAN} --batch --check-trustdb @@ -281,39 +308,39 @@ case "${command}" in reload_keyring ;; -l|--list) - ${GPG_PACMAN} --batch --list-sigs "$@" + ${GPG_PACMAN} --list-sigs "${PARAMS[@]}" ;; -f|--finger) - ${GPG_PACMAN} --batch --fingerprint $* + ${GPG_PACMAN} --fingerprint "${PARAMS[@]}" ;; -e|--export) - ${GPG_PACMAN} --armor --export "$@" + ${GPG_PACMAN} --armor --export "${PARAMS[@]}" ;; -r|--receive) - if (( $# < 2 )); then + if (( ${#PARAMS[@]} < 2 )); then error "$(gettext "You need to specify the keyserver and at least one key identifier")" usage exit 1 fi - keyserver="$1" - shift - ${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@" + keyserver="${PARAMS[0]}" + unset PARAMS[0] + ${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "${PARAMS[@]}" ;; - -t|--trust) - if (( $# == 0 )); then + -t|--edit-key) + if (( ${#PARAMS[@]} == 0 )); then error "$(gettext "You need to specify at least one key identifier")" usage exit 1 fi - while (( $# > 0 )); do + while (( ${#PARAMS[@]} > 0 )); do # Verify if the key exists in pacman's keyring - if ${GPG_PACMAN} --list-keys "$1" > /dev/null 2>&1; then - ${GPG_PACMAN} --edit-key "$1" + if ${GPG_PACMAN} --list-keys "${PARAMS[0]}" &>/dev/null; then + ${GPG_PACMAN} --edit-key "${PARAMS[0]}" else - error "$(gettext "The key identified by %s doesn't exist")" "$1" + error "$(gettext "The key identified by %s doesn't exist")" "${PARAMS[0]}" exit 1 fi - shift + unset PARAMS[0] done ;; --adv) @@ -328,6 +355,9 @@ case "${command}" in version exit 0 ;; + # Parameters already handled + --config) shift ;; + --gpgdir) shift ;; *) usage exit 1 -- 1.7.4.1
