On 23/05/14 03:24, Andrew Gregory wrote:
On 05/04/14 at 10:30am, Thomas Bächler wrote:
Instead of invoking grep multiple times, parse the status file once.
This refactoring also changes the behvaiour when signature verification fails due to a missing public key: It is now an error instead of a warning. --- scripts/makepkg.sh.in | 92 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 73 insertions(+), 19 deletions(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index d8cdc88..7eeeaba 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1244,13 +1244,56 @@ check_checksums() { fi }
+parse_gpg_statusfile() { + local type arg1 arg6 + + while read -r _ type arg1 _ _ _ _ arg6 _; do + case "$type" in + GOODSIG) + pubkey=$arg1 + success=1 + status="good" + ;; + EXPSIG) + pubkey=$arg1 + success=1 + status="expired" + ;; + EXPKEYSIG) + pubkey=$arg1 + success=1 + status="expiredkey" + ;; + REVKEYSIG) + pubkey=$arg1 + success=0 + status="revokedkey" + ;; + BADSIG) + pubkey=$arg1 + success=0 + status="bad" + ;; + ERRSIG) + pubkey=$arg1 + success=0 + if [[ $arg6 == 9 ]]; then + status="missingkey" + else + status="error" + fi + ;; + esac + done < "$1" +} + check_pgpsigs() { (( SKIPPGPCHECK )) && return 0 ! source_has_signatures && return 0
msg "$(gettext "Verifying source file signatures with %s...")" "gpg"
- local file pubkey ext decompress found + local file ext decompress found pubkey success status local warning=0 local errors=0 local statusfile=$(mktemp) @@ -1292,31 +1335,42 @@ check_pgpsigs() { "") decompress="cat" ;; esac
- if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then + $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null
Comment added: # these variables are assigned values in parse_gpg_statusfile
+ success=0 + status= + pubkey= + parse_gpg_statusfile "$statusfile"
Before this actually gets merged, could we add a comment that parse_gpg_statusfile modifies the "local" variables success, status, and pubkey? This behavior is non-obvious and makes the following test confusing.