[pacman-dev] [PATCH 3/3] pacman-key: better handling of options and supressing gpg output

22 Feb 2011

The option --trus was changed to --edit-key, for better alignment
with the underlying --edit-key of gnupg.

The options --config and --gpgdir were not being handled correctly.
They would not work if were not used as first arguments always.
Now the handling is more flexible.

The use of gpg for verification purposes was leaking inconvenient
messages to the output, so they were quieted with --quiet,
1>/dev/null and 2>&1.

Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
---
 doc/pacman-key.8.txt     |    4 +-
 scripts/pacman-key.sh.in |  100 ++++++++++++++++++++++++++++++----------------
 2 files changed, 67 insertions(+), 37 deletions(-)

diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 5ebbd0a..ba97b82 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -59,8 +59,8 @@ Commands
 *\--reload*::
 	Reloads the keys from the keyring package
 
-*-t*, *\--trust* 'keyid'::
-	Set the trust level of the given key
+*-t*, *\--edit-key* 'keyid ...'::
+	Edit trust properties for the given keys
 
 *-u*, *\--updatedb*::
 	Equivalent to \--check-trustdb in GnuPG
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index ccaf4b2..dd20172 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -71,7 +71,7 @@ usage() {
 	echo "$(gettext "  -l | --list                            - list keys")"
 	echo "$(gettext "  -r | --receive <keyserver> <keyid> ... - fetch the keyids from the specified")"
 	echo "$(gettext "                                           keyserver URL")"
-	echo "$(gettext "  -t | --trust <keyid> ...               - set the trust level of the given key")"
+	echo "$(gettext "  -t | --edit-key <keyid> ...            - edit trust properties for the given keys")"
 	echo "$(gettext "  -u | --updatedb                        - update the trustdb of pacman")"
 	echo "$(gettext "  -v | --version                         - displays the current version")"
 	echo "$(gettext "  --adv <params>                         - use pacman's keyring as target for")"
@@ -117,7 +117,7 @@ reload_keyring() {
 	# Verify signatures of related files, if they exist
 	if [[ -r "${ADDED_KEYS}" ]]; then
 		msg "$(gettext "Verifying official keys file signature...")"
-		if ! ${GPG_PACMAN} --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then
+		if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then
 			error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
 			exit 1
 		fi
@@ -125,7 +125,7 @@ reload_keyring() {
 
 	if [[ -r "${DEPRECATED_KEYS}" ]]; then
 		msg "$(gettext "Verifying deprecated keys file signature...")"
-		if ! ${GPG_PACMAN} --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then
+		if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
 			error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
 			exit 1
 		fi
@@ -133,7 +133,7 @@ reload_keyring() {
 
 	if [[ -r "${REMOVED_KEYS}" ]]; then
 		msg "$(gettext "Verifying deleted keys file signature...")"
-		if ! ${GPG_PACMAN} --quiet --batch --verify "${REMOVED_KEYS}.sig"; then
+		if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
 			error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
 			exit 1
 		fi
@@ -229,15 +229,40 @@ if [[ $1 != "--version" && $1 != "-v" && $1 != "--help" && $1 != "-h" && $1 != "
 	fi
 fi
 
-# Parse global options
+# Iterate over the parameters to get --config and --gpgdir
+# The other parameters will be filtered to another array,
+# so --config and --gpgdir don't interfere with other options.
 CONFIG="@sysconfdir@/pacman.conf"
-PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg"
-while [[ $1 =~ ^--(config|gpgdir)$ ]]; do
-	case "$1" in
-		--config) shift; CONFIG="$1" ;;
-		--gpgdir) shift; PACMAN_KEYRING_DIR="$1" ;;
+declare -a PARAMS
+GPGDIR=""
+isconfig=0
+isgpgdir=0
+for arg in "$@"; do
+	if (( isconfig )); then
+		isconfig=0
+		CONFIG="$arg"
+		if [[ ! -f "$CONFIG" ]]; then
+			error "$(gettext "The configuration file is not a valid file.")"
+			usage
+			exit 1
+		fi
+		continue
+	fi
+	if (( isgpgdir )); then
+		isgpgdir=0
+		GPGDIR="$arg"
+		if [[ ! -d "$GPGDIR" ]]; then
+			error "$(gettext "The home directory for GnuPG is not valid.")"
+			usage
+			exit 1
+		fi
+		continue
+	fi
+	case "$arg" in
+		--config) isconfig=1;;
+		--gpgdir) isgpgdir=1;;
+		*) PARAMS[${#PARAMS[@]}]="$arg"
 	esac
-	shift
 done
 
 if [[ ! -r "${CONFIG}" ]]; then
@@ -246,33 +271,35 @@ if [[ ! -r "${CONFIG}" ]]; then
 fi
 
 # Read GPGDIR from $CONFIG.
-# The pattern is: any spaces or tabs, GPGDir, any spaces or tabs, equal sign
-# and the rest of the line. The string is splitted after the first occurrence of =
-if [[ GPGDIR=$(find_config "GPGDir") == 0 ]]; then
-	PACMAN_KEYRING_DIR="${GPGDIR}"
-fi
+# The precedence for GPGDIR is:
+# 1st: command line
+# 2nd: pacman.conf
+# 3rd: default value
+[[ -z "$GPGDIR" ]] && GPGDIR=$(find_config "GPGDir")
+[[ -z "$GPGDIR" ]] && GPGDIR="@sysconfdir@/pacman.d/gnupg"
+PACMAN_KEYRING_DIR="${GPGDIR}"
 GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR}"
 
 # Parse and execute command
-command="$1"
+command="${PARAMS[0]}"
 if [[ -z "${command}" ]]; then
 	usage
 	exit 1
 fi
-shift
+unset PARAMS[0]
 
 case "${command}" in
 	-a|--add)
 		# If there is no extra parameter, gpg will read stdin
-		${GPG_PACMAN} --quiet --batch --import "$@"
+		${GPG_PACMAN} --quiet --batch --import "${PARAMS[@]}"
 		;;
 	-d|--del)
-		if (( $# == 0 )); then
+		if (( ${#PARAMS[@]} == 0 )); then
 			error "$(gettext "You need to specify at least one key identifier")"
 			usage
 			exit 1
 		fi
-		${GPG_PACMAN} --quiet --batch --delete-key --yes "$@"
+		${GPG_PACMAN} --quiet --batch --delete-key --yes "${PARAMS[@]}"
 		;;
 	-u|--updatedb)
 		${GPG_PACMAN} --batch --check-trustdb
@@ -281,39 +308,39 @@ case "${command}" in
 		reload_keyring
 		;;
 	-l|--list)
-		${GPG_PACMAN} --batch --list-sigs "$@"
+		${GPG_PACMAN} --list-sigs "${PARAMS[@]}"
 		;;
 	-f|--finger)
-		${GPG_PACMAN} --batch --fingerprint $*
+		${GPG_PACMAN} --fingerprint "${PARAMS[@]}"
 		;;
 	-e|--export)
-		${GPG_PACMAN} --armor --export "$@"
+		${GPG_PACMAN} --armor --export "${PARAMS[@]}"
 		;;
 	-r|--receive)
-		if (( $# < 2 )); then
+		if (( ${#PARAMS[@]} < 2 )); then
 			error "$(gettext "You need to specify the keyserver and at least one key identifier")"
 			usage
 			exit 1
 		fi
-		keyserver="$1"
-		shift
-		${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@"
+		keyserver="${PARAMS[0]}"
+		unset PARAMS[0]
+		${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "${PARAMS[@]}"
 		;;
-	-t|--trust)
-		if (( $# == 0 )); then
+	-t|--edit-key)
+		if (( ${#PARAMS[@]} == 0 )); then
 			error "$(gettext "You need to specify at least one key identifier")"
 			usage
 			exit 1
 		fi
-		while (( $# > 0 )); do
+		while (( ${#PARAMS[@]} > 0 )); do
 			# Verify if the key exists in pacman's keyring
-			if ${GPG_PACMAN} --list-keys "$1" > /dev/null 2>&1; then
-				${GPG_PACMAN} --edit-key "$1"
+			if ${GPG_PACMAN} --list-keys "${PARAMS[0]}" &>/dev/null; then
+				${GPG_PACMAN} --edit-key "${PARAMS[0]}"
 			else
-				error "$(gettext "The key identified by %s doesn't exist")" "$1"
+				error "$(gettext "The key identified by %s doesn't exist")" "${PARAMS[0]}"
 				exit 1
 			fi
-			shift
+			unset PARAMS[0]
 		done
 		;;
 	--adv)
@@ -328,6 +355,9 @@ case "${command}" in
 		version
 		exit 0
 		;;
+	# Parameters already handled
+	--config) shift ;;
+	--gpgdir) shift ;;
 	*)
 		usage
 		exit 1
-- 
1.7.4.1

    