Re: [pacman-dev] [PATCH 6/8] pacman-key: allow verification of multiple sig files

Thu, 12 Apr 2012 20:25:22 -0700 

On 13/04/12 00:54, Dave Reisner wrote:
> Loop through arguments passed to verify_sig and treat each as a
> signature to be verified against a source file. Output each file as its
> checked to avoid ambiguity.
> 
> Signed-off-by: Dave Reisner <[email protected]>
> ---
>  doc/pacman-key.8.txt     |    2 +-
>  scripts/pacman-key.sh.in |   15 ++++++++++-----
>  2 files changed, 11 insertions(+), 6 deletions(-)
> 
> diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
> index 96ac31c..4a2122f 100644
> --- a/doc/pacman-key.8.txt
> +++ b/doc/pacman-key.8.txt
> @@ -96,7 +96,7 @@ Operations
>       Displays the program version.
>  
>  *-v, \--verify*::
> -     Verify the given signature file.
> +     Verify the given targets as signature files.

Not sure I like this wording...  How about sticking with the wording in
--help  "Verify the file(s) specified by the signature(s)".


>  
>  Options
>  -------
> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> index b2c3da9..2083a60 100644
> --- a/scripts/pacman-key.sh.in
> +++ b/scripts/pacman-key.sh.in
> @@ -66,7 +66,7 @@ usage() {
>       printf -- "$(gettext "  -l, --list-keys           List the specified or 
> all keys")\n"
>       printf -- "$(gettext "  -r, --recv-keys           Fetch the specified 
> keyids")\n"
>       printf -- "$(gettext "  -u, --updatedb            Update the trustdb of 
> pacman")\n"
> -     printf -- "$(gettext "  -v, --verify              Verify the file 
> specified by the signature")\n"
> +     printf -- "$(gettext "  -v, --verify              Verify the file(s) 
> specified by the signature(s)")\n"
>       printf -- "$(gettext "  --edit-key                Present a menu for 
> key management task on keyids")\n"
>       printf -- "$(gettext "  --import                  Imports pubring.gpg 
> from dir(s)")\n"
>       printf -- "$(gettext "  --import-trustdb          Imports ownertrust 
> values from trustdb.gpg in dir(s)")\n"
> @@ -455,10 +455,15 @@ refresh_keys() {
>  }
>  
>  verify_sig() {
> -     if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$1" | grep -qE 
> 'TRUST_(FULLY|ULTIMATE)'; then
> -             error "$(gettext "The signature identified by %s could not be 
> verified.")" "$1"
> -             exit 1
> -     fi
> +     local ret=0
> +     for sig; do
> +             msg "Checking %s ..." "$sig"
> +             if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep 
> -qE 'TRUST_(FULLY|ULTIMATE)'; then
> +                     error "$(gettext "The signature identified by %s could 
> not be verified.")" "$sig"
> +                     ret=1
> +             fi
> +     done
> +     exit $ret
>  }
>  
>  updatedb() {

Reply via email to