summaryrefslogtreecommitdiff
path: root/scripts/pacman-key.sh.in
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/pacman-key.sh.in')
-rw-r--r--scripts/pacman-key.sh.in174
1 files changed, 144 insertions, 30 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 689dc564..4e321e63 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -4,7 +4,7 @@
# Based on apt-key, from Debian
# @configure_input@
#
-# Copyright (c) 2010-2011 Pacman Development Team <pacman-dev@archlinux.org>
+# Copyright (c) 2010-2012 Pacman Development Team <pacman-dev@archlinux.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -88,7 +88,7 @@ usage() {
version() {
printf "pacman-key (pacman) %s\n" "${myver}"
printf "$(gettext "\
-Copyright (c) 2010-2011 Pacman Development Team <pacman-dev@archlinux.org>.\n\
+Copyright (c) 2010-2012 Pacman Development Team <pacman-dev@archlinux.org>.\n\
This is free software; see the source for copying conditions.\n\
There is NO WARRANTY, to the extent permitted by law.\n")"
}
@@ -144,6 +144,20 @@ add_gpg_conf_option() {
fi
}
+check_keyids_exist() {
+ local ret=0
+ for key in "${KEYIDS[@]}"; do
+ # Verify if the key exists in pacman's keyring
+ if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null ; then
+ error "$(gettext "The key identified by %s could not be found locally.")" "$key"
+ ret=1
+ fi
+ done
+ if (( ret )); then
+ exit 1
+ fi
+}
+
initialize() {
local conffile keyserv
# Check for simple existence rather than for a directory as someone
@@ -338,41 +352,144 @@ populate_keyring() {
fi
}
+add_keys() {
+ if ! "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}" ; then
+ error "$(gettext "A specified keyfile could not be added to the gpg keychain.")"
+ exit 1
+ fi
+}
+
+delete_keys() {
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}" ; then
+ error "$(gettext "A specified key could not be removed from the gpg keychain.")"
+ exit 1
+ fi
+}
+
edit_keys() {
- local errors=0;
+ check_keyids_exist
+ local ret=0
for key in "${KEYIDS[@]}"; do
- # Verify if the key exists in pacman's keyring
- if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null; then
- error "$(gettext "The key identified by %s does not exist.")" "$key"
- errors=1;
+ if ! "${GPG_PACMAN[@]}" --edit-key "$key" ; then
+ error "$(gettext "The key identified by %s could not be edited.")" "$key"
+ ret=1
fi
done
- (( errors )) && exit 1;
+ if (( ret )); then
+ exit 1
+ fi
+}
- for key in "${KEYIDS[@]}"; do
- "${GPG_PACMAN[@]}" --edit-key "$key"
- done
+export_keys() {
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}" ; then
+ error "$(gettext "A specified key could not be exported from the gpg keychain.")"
+ exit 1
+ fi
+}
+
+finger_keys() {
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}" ; then
+ error "$(gettext "The fingerprint of a specified key could not be determined.")"
+ exit 1
+ fi
}
import_trustdb() {
local importdir
-
+ local ret=0
for importdir in "${IMPORT_DIRS[@]}"; do
if [[ -f "${importdir}/trustdb.gpg" ]]; then
gpg --homedir "${importdir}" --export-ownertrust | \
"${GPG_PACMAN[@]}" --import-ownertrust -
+ if (( PIPESTATUS )); then
+ error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg"
+ ret=1
+ fi
+ else
+ error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg"
+ ret=1
fi
done
+ if (( ret )); then
+ exit 1
+ fi
}
import() {
local importdir
-
+ local ret=0
for importdir in "${IMPORT_DIRS[@]}"; do
if [[ -f "${importdir}/pubring.gpg" ]]; then
- "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg"
+ if ! "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg" ; then
+ error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg"
+ ret=1
+ fi
+ else
+ error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg"
+ ret=1
fi
done
+ if (( ret )); then
+ exit 1
+ fi
+}
+
+list_keys() {
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --batch --list-keys "${KEYIDS[@]}" ; then
+ error "$(gettext "A specified key could not be listed.")"
+ exit 1
+ fi
+}
+
+list_sigs() {
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}" ; then
+ error "$(gettext "A specified signature could not be listed.")"
+ exit 1
+ fi
+}
+
+lsign_keys() {
+ check_keyids_exist
+ printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${KEYIDS[@]}" 2>/dev/null
+ if (( PIPESTATUS[1] )); then
+ error "$(gettext "A specified key could not be locally signed.")"
+ exit 1
+ fi
+}
+
+receive_keys() {
+ if ! "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}" ; then
+ error "$(gettext "Remote key not fetched correctly from keyserver.")"
+ exit 1
+ fi
+}
+
+refresh_keys() {
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}" ; then
+ error "$(gettext "A specified local key could not be updated from a keyserver.")"
+ exit 1
+ fi
+}
+
+verify_sig() {
+ if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then
+ error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE"
+ exit 1
+ fi
+}
+
+updatedb() {
+ msg "$(gettext "Updating trust database...")"
+ if ! "${GPG_PACMAN[@]}" --batch --check-trustdb ; then
+ error "$(gettext "Trust database could not be updated.")"
+ exit 1
+ fi
}
# PROGRAM START
@@ -476,27 +593,24 @@ esac
(( ! INIT )) && check_keyring
-(( ADD )) && "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}"
-(( DELETE )) && "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}"
+(( ADD )) && add_keys
+(( DELETE )) && delete_keys
(( EDITKEY )) && edit_keys
-(( EXPORT )) && "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}"
-(( FINGER )) && "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}"
+(( EXPORT )) && export_keys
+(( FINGER )) && finger_keys
(( IMPORT )) && import
(( IMPORT_TRUSTDB)) && import_trustdb
(( INIT )) && initialize
-(( LISTKEYS )) && "${GPG_PACMAN[@]}" --batch --list-keys "${KEYIDS[@]}"
-(( LISTSIGS )) && "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}"
-if (( LSIGNKEY )); then
- printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${KEYIDS[@]}" 2>/dev/null
-fi
+(( LISTKEYS )) && list_keys
+(( LISTSIGS )) && list_sigs
+(( LSIGNKEY )) && lsign_keys
(( POPULATE )) && populate_keyring
-(( RECEIVE )) && "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}"
-(( REFRESH )) && "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}"
-(( VERIFY )) && "${GPG_PACMAN[@]}" --verify "$SIGNATURE"
+(( RECEIVE )) && receive_keys
+(( REFRESH )) && refresh_keys
+(( VERIFY )) && verify_sig
-if (( UPDATEDB )); then
- msg "$(gettext "Updating trust database...")"
- "${GPG_PACMAN[@]}" --batch --check-trustdb
-fi
+(( UPDATEDB )) && updatedb
+
+exit 0
# vim: set ts=2 sw=2 noet: