Perform a search for keys that clearly aren't key IDs. This allows
receiving keys by name or email address, but only if the key resolves
unambiguously.
Signed-off-by: Dave Reisner <dreis...@archlinux.org>
---
scripts/pacman-key.sh.in | 41 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 40 insertions(+), 1 deletion(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index bd2c739..e2e8980 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -116,6 +116,30 @@ get_from() {
return 1
}
+key_lookup_from_name() {
+ local ids
+
+ mapfile -t ids < \
+ <("${GPG_PACMAN[@]}" --search-keys --batch --with-colons "$1"
2>/dev/null |
+ awk -F: '$1 == "pub" { print $2 }')
+
+ # only return success on non-ambiguous lookup
+ case ${#ids[*]} in
+ 0)
+ error "$(gettext "Failed to lookup key by name:") %s"
"$name"
+ return 1
+ ;;
+ 1)
+ printf '%s' "${ids[0]}"
+ return 0
+ ;;
+ *)
+ error "$(gettext "Key name is ambiguous:") %s" "$name"
+ return 1
+ ;;
+ esac
+}
+
generate_master_key() {
# Generate the master key, which will be in both pubring and secring
"${GPG_PACMAN[@]}" --gen-key --batch <<EOF
@@ -424,7 +448,22 @@ lsign_keys() {
}
receive_keys() {
- if ! "${GPG_PACMAN[@]}" --recv-keys "$@" ; then
+ local name id keyids
+
+ # if the key is not a hex ID, do a lookup
+ for name; do
+ if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then
+ keyids+=("$name")
+ else
+ if id=$(key_lookup_from_name "$name"); then
+ keyids+=("$id")
+ fi
+ fi
+ done
+
+ (( ${#keyids[*]} > 0 )) || exit 1
+
+ if ! "${GPG_PACMAN[@]}" --recv-keys "${keyids[@]}" ; then
error "$(gettext "Remote key not fetched correctly from
keyserver.")"
exit 1
fi
--
1.7.10
