Some additional comments
On 5/11/19 9:40 am, Allan McRae wrote:
>> +lsigned_already() {
>> + # Determines whether a key has already been signed locally by getting
>> the
>> + # local pacman secret key and comparing it against signatures on the key
>> + # returns 0 if key is signed, 1 if it is unsigned
>> + secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | head
>> -n1 | awk -F : '{print $5}')
gpg --with-colons --list-secret-key | awk -F : 'NR==1 {print $5}'
>> + while IFS=: read -r _ valid _ _ signkey _; do
We should read the first value and check it is "sig".
>> + if [[ "$valid" != "!" ]]; then
>
> We don't quote the left hand side.
>
>> + continue
>> + fi
>> + if [[ "$signkey" = "$secret_key" ]]; then
>> + return 0
>> + fi
>> + done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
>> + return 1
>> +
>> +}
>>
>> lsign_keys() {
>> check_keyids_exist
>> @@ -454,6 +475,7 @@ lsign_keys() {
>> local ret=0
>> local key_count=0
>> for key_id in "$@"; do
>> + if lsigned_already "$key_id" ; then continue; fi
>
> Put this over multiple lines.
>
>> if (( VERBOSE )); then
>> msg2 "$(gettext "Locally signing key %s...")"
>> "${key_id}"
>> fi
>> @@ -469,7 +491,9 @@ lsign_keys() {
>> if (( ret )); then
>> exit 1
>> fi
>> - msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
>> + if (( key_count )); then
>> + msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
>> + fi
>> }
>>
>> receive_keys() {
>> @@ -511,6 +535,19 @@ refresh_keys() {
>> fi
>> }
>>
>> +revoked_already() {
>> +
>> + while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
>> + if [[ "$type" != "pub" ]]; then
>> + continue
>> + fi
>> + if [[ "$flags" = *"D"* ]]; then
>
> That quoting on the RHS looked weird to me, but I think is fine...
>
>> + return 0
>> + fi
>> + done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
>> + return 1
>> +}
>> +
>> verify_sig() {
>> local ret=0 sig=$1 file=$2
>> if [[ -z $file && -f ${sig%.*} ]]; then
>>
> .
>
