--- scripts/makepkg.sh.in | 6 +++--- scripts/repo-add.sh.in | 23 ++++++++++++++++++++--- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index b0d0c23..95f541f 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1625,7 +1625,7 @@ usage() { printf "$(gettext " --nocheck Do not run the check() function in the %s")\n" "$BUILDSCRIPT" echo "$(gettext " --nosign Do not create a signature for the package")" echo "$(gettext " --pkg <list> Only build listed packages from a split package")" - echo "$(gettext " --sign Sign the resulting package with gpg")" + echo "$(gettext " -S, --sign Sign the resulting package with gpg")" echo "$(gettext " --skipinteg Do not fail when integrity checks are missing")" echo "$(gettext " --source Generate a source-only tarball without downloaded sources")" echo @@ -1659,7 +1659,7 @@ fi ARGLIST=("$@") # Parse Command Line Options. -OPT_SHORT="AcCdefFghiLmop:rRsV" +OPT_SHORT="AcCdefFghiLmop:rRsSV" OPT_LONG="allsource,asroot,ignorearch,check,clean,cleancache,nodeps" OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver" OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps" @@ -1708,7 +1708,7 @@ while true; do -r|--rmdeps) RMDEPS=1 ;; -R|--repackage) REPKG=1 ;; --skipinteg) SKIPINTEG=1 ;; - --sign) SIGNPKG='y' ;; + -S|--sign) SIGNPKG='y' ;; --source) SOURCEONLY=1 ;; -s|--syncdeps) DEP_BIN=1 ;; diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 820db36..f00b519 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -26,6 +26,8 @@ export TEXTDOMAINDIR='@localedir@' myver='@PACKAGE_VERSION@' confdir='@sysconfdir@' +GPGDIR='@sysconfdir@/pacman.d/gnupg' + QUIET=0 DELTA=0 WITHFILES=0 @@ -80,8 +82,9 @@ specified on the command line from the given repo database. Multiple\n\ packages to remove can be specified on the command line.\n\n")" printf "$(gettext "Options:\n")" fi + printf "$(gettext " --gpgdir <dir> use the specified GnuPG home directory\n")" printf "$(gettext " -q, --quiet minimize output\n")" - printf "$(gettext " -s, --sign sign database with GnuPG after update\n")" + printf "$(gettext " -S, --sign sign database with GnuPG after update\n")" printf "$(gettext " -k, --key <key> use the specified key to sign the database\n")" printf "$(gettext " -v, --verify verify database's signature before update\n")" printf "$(gettext "\n\ @@ -231,7 +234,12 @@ verify_signature() { warning "$(gettext "No existing signature found, skipping verification.")" return fi - gpg --verify "$dbfile.sig" || ret=$? + # unlike signing, verification of old database is done with pacman's keyring + if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then + error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")" + exit 1 + fi + gpg --homedir "$GPGDIR" --verify "$dbfile.sig" || ret=$? if (( ! ret )); then msg2 "$(gettext "Database signature file verified.")" else @@ -552,7 +560,16 @@ while [[ $# > 0 ]]; do -q|--quiet) QUIET=1;; -d|--delta) DELTA=1;; -f|--files) WITHFILES=1;; - -s|--sign) + --gpgdir) + check_gpg + shift + GPGDIR="$1" + if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then + error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")" + exit 1 + fi + ;; + -S|--sign) check_gpg SIGN=1 if ! gpg --list-key ${GPGKEY} &>/dev/null; then -- 1.7.5.2