Some additional comments On 5/11/19 9:40 am, Allan McRae wrote:
+lsigned_already() { + # Determines whether a key has already been signed locally by getting the + # local pacman secret key and comparing it against signatures on the key + # returns 0 if key is signed, 1 if it is unsigned + secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | head -n1 | awk -F : '{print $5}')
gpg --with-colons --list-secret-key | awk -F : 'NR==1 {print $5}'
+ while IFS=: read -r _ valid _ _ signkey _; do
We should read the first value and check it is "sig".
+ if [[ "$valid" != "!" ]]; then
We don't quote the left hand side.
+ continue + fi + if [[ "$signkey" = "$secret_key" ]]; then + return 0 + fi + done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1") + return 1 + +}
lsign_keys() { check_keyids_exist @@ -454,6 +475,7 @@ lsign_keys() { local ret=0 local key_count=0 for key_id in "$@"; do + if lsigned_already "$key_id" ; then continue; fi
Put this over multiple lines.
if (( VERBOSE )); then msg2 "$(gettext "Locally signing key %s...")" "${key_id}" fi @@ -469,7 +491,9 @@ lsign_keys() { if (( ret )); then exit 1 fi - msg2 "$(gettext "Locally signed %s keys.")" "${key_count}" + if (( key_count )); then + msg2 "$(gettext "Locally signed %s keys.")" "${key_count}" + fi }
receive_keys() { @@ -511,6 +535,19 @@ refresh_keys() { fi }
+revoked_already() { + + while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do + if [[ "$type" != "pub" ]]; then + continue + fi + if [[ "$flags" = *"D"* ]]; then
That quoting on the RHS looked weird to me, but I think is fine...
+ return 0 + fi + done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1") + return 1 +} + verify_sig() { local ret=0 sig=$1 file=$2 if [[ -z $file && -f ${sig%.*} ]]; then
.