On Thu, Apr 12, 2012 at 11:25 PM, Allan McRae <allan@archlinux.org> wrote:
On 13/04/12 00:54, Dave Reisner wrote:
Loop through arguments passed to verify_sig and treat each as a signature to be verified against a source file. Output each file as its checked to avoid ambiguity.
Signed-off-by: Dave Reisner <dreisner@archlinux.org> --- doc/pacman-key.8.txt | 2 +- scripts/pacman-key.sh.in | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index 96ac31c..4a2122f 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -96,7 +96,7 @@ Operations Displays the program version.
*-v, \--verify*:: - Verify the given signature file. + Verify the given targets as signature files.
Not sure I like this wording... How about sticking with the wording in --help "Verify the file(s) specified by the signature(s)".
Agreed.
Options ------- diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index b2c3da9..2083a60 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -66,7 +66,7 @@ usage() { printf -- "$(gettext " -l, --list-keys List the
specified or all keys")\n"
printf -- "$(gettext " -r, --recv-keys Fetch the
specified keyids")\n"
printf -- "$(gettext " -u, --updatedb Update the
- printf -- "$(gettext " -v, --verify Verify the file specified by the signature")\n" + printf -- "$(gettext " -v, --verify Verify the file(s) specified by the signature(s)")\n" printf -- "$(gettext " --edit-key Present a menu for key management task on keyids")\n" printf -- "$(gettext " --import Imports
trustdb of pacman")\n" pubring.gpg from dir(s)")\n"
printf -- "$(gettext " --import-trustdb Imports
ownertrust values from trustdb.gpg in dir(s)")\n"
@@ -455,10 +455,15 @@ refresh_keys() { }
verify_sig() { - if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$1" | grep -qE 'TRUST_(FULLY|ULTIMATE)'; then - error "$(gettext "The signature identified by %s could not be verified.")" "$1" - exit 1 - fi + local ret=0 + for sig; do + msg "Checking %s ..." "$sig" + if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE 'TRUST_(FULLY|ULTIMATE)'; then + error "$(gettext "The signature identified by %s could not be verified.")" "$sig" + ret=1 + fi + done + exit $ret }
updatedb() {