Currently, pacman-key allows users to import their keys using the --add option but no similar functionality exists for importing ownertrust values. The --import-trustdb option takes in a list of directories and imports ownertrust values if the directories have a trustdb.gpg database. The --import is a combination of --add and --import-trustdb. It takes in a list of directories and imports keys from pubring.gpg, ownertrust values from trustdb.gpg if any of these files exist. Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> --- NOTE: There is this very strange bug such that when new keys are added, previously imported keys will fail for signature verification. This happens with both --add and --import. Eg. Say you want to import trustdb.gpg and pubring.gpg from directories "first", "second" and "third", you'd have to: # pacman-key --import first second third # pacman-key --import first second third doc/pacman-key.8.txt | 7 +++++++ scripts/pacman-key.sh.in | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 0 deletions(-) diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index 892f14d..6071474 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -59,6 +59,13 @@ Commands *-h, \--help*:: Output syntax and command line options. +*\--import* dir ...:: + Adds keys from pubring.gpg into pacman's keyring and imports ownertrust + values from trustdb.gpg in the specified directories. + +*\--import-trustdb* dir ...:: + Imports ownertrust values from trustdb.gpg in the specified directories. + *-l, \--list*:: Equivalent to --list-sigs from GnuPG. diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 20ec20f..425f010 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -70,6 +70,8 @@ usage() { echo "$(gettext " -u, --updatedb Update the trustdb of pacman")" echo "$(gettext " -V, --version Show program version")" echo "$(gettext " --adv <params> Use pacman's keyring with advanced gpg commands")" + echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")" + echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")" printf "$(gettext " --reload Reload the default keys")" echo } @@ -228,6 +230,27 @@ if [[ $1 != "--version" && $1 != "-V" && $1 != "--help" && $1 != "-h" && $1 != " fi fi +import() { + local importdir + for importdir in "$@"; do + if [[ -f "${importdir}/trustdb.gpg" ]]; then + import_trustdb "${importdir}" + fi + if [[ -f "${importdir}/pubring.gpg" ]]; then + ${GPG_PACMAN} --quiet --batch --import "${importdir}/pubring.gpg" + fi + done +} + +import_trustdb() { + local importdir + for importdir in "$@"; do + if [[ -f "${importdir}/trustdb.gpg" ]]; then + gpg --homedir "${importdir}" --export-ownertrust | ${GPG_PACMAN} --import-ownertrust + fi + done +} + # Parse global options CONFIG="@sysconfdir@/pacman.conf" PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg" @@ -322,6 +345,20 @@ case "${command}" in ;; -h|--help) usage; exit 0 ;; + --import-trustdb) + if (( $# == 0 )); then + error "$(gettext "You need to specify at least one trustdb")" + exit 1 + fi + import_trustdb "$@" + ;; + --import) + if (( $# == 0 )); then + error "$(gettext "You need to specify at least one gpg directory")" + exit 1 + fi + import "$@" + ;; -V|--version) version; exit 0 ;; *) -- 1.7.6.rc0