On 6/8/19 1:32 am, Jonas Witschel wrote: > If an email address is specified, we use --locate-key to look up the key > using WKD and keyserver as a fallback. If the key is specified as a key > ID, this doesn't work, so we use the normal keyserver-based --recv-keys. > > Note that --refresh-keys still uses the keyservers exclusively for > refreshing, though the situation might potentially be improved in a new > version of GnuPG: > https://lists.gnupg.org/pipermail/gnupg-users/2019-July/062169.html > > Signed-off-by: Jonas Witschel <diabo...@gmx.de> > ---
Some fairly minor changes below. > scripts/pacman-key.sh.in | 21 ++++++++++++++------- > 1 file changed, 14 insertions(+), 7 deletions(-) > > diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in > index b05754e5..a4bdbaa9 100644 > --- a/scripts/pacman-key.sh.in > +++ b/scripts/pacman-key.sh.in > @@ -455,22 +455,29 @@ lsign_keys() { > } > > receive_keys() { > - local name id keyids > + local name id keyids emails > > # if the key is not a hex ID, do a lookup > for name; do > if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then > keyids+=("$name") > - else > - if id=$(key_lookup_from_name "$name"); then > - keyids+=("$id") > - fi > + elif [[ $name = *@*.* ]]; then > + emails+=("$name") > + elif id=$(key_lookup_from_name "$name"); then > + keyids+=("$id") > fi > done > > - (( ${#keyids[*]} > 0 )) || exit 1 > + (( ${#keyids[*]}+${#emails[*]} > 0 )) || exit 1 > + > + if (( ${#emails[*]} > 0 )) && \ > + ! "${GPG_PACMAN[@]}" --auto-key-locate nodefault,clear,wkd,keyserver > \ >From the man page: clear Clear all defined mechanisms. This is useful to override mechanisms given in a config file. Note that a nodefault in mechanisms will also be cleared unless it is given af‐ ter the clear. so clear,nodefault,wkd,keyserver ? > + --locate-key "${emails[@]}" ; then > + error "$(gettext "Remote key not fetched correctly from WKD or > keyserver.")" > + exit 1 Instead of exiting here, catch the failure (ret=1), both here and... > + fi > > - if ! "${GPG_PACMAN[@]}" --recv-keys "${keyids[@]}" ; then > + if (( ${#keyids[*]} > 0 )) && ! "${GPG_PACMAN[@]}" --recv-keys > "${keyids[@]}" ; then > error "$(gettext "Remote key not fetched correctly from > keyserver.")" > exit 1 here... > fi and exit here if there was a failure. > -- > 2.22.0 > . >