On 6/8/19 1:32 am, Jonas Witschel wrote:
If an email address is specified, we use --locate-key to look up the key using WKD and keyserver as a fallback. If the key is specified as a key ID, this doesn't work, so we use the normal keyserver-based --recv-keys.
Note that --refresh-keys still uses the keyservers exclusively for refreshing, though the situation might potentially be improved in a new version of GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2019-July/062169.html
Signed-off-by: Jonas Witschel <diabonas@gmx.de> ---
Some fairly minor changes below.
scripts/pacman-key.sh.in | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index b05754e5..a4bdbaa9 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -455,22 +455,29 @@ lsign_keys() { }
receive_keys() { - local name id keyids + local name id keyids emails
# if the key is not a hex ID, do a lookup for name; do if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then keyids+=("$name") - else - if id=$(key_lookup_from_name "$name"); then - keyids+=("$id") - fi + elif [[ $name = *@*.* ]]; then + emails+=("$name") + elif id=$(key_lookup_from_name "$name"); then + keyids+=("$id") fi done
- (( ${#keyids[*]} > 0 )) || exit 1 + (( ${#keyids[*]}+${#emails[*]} > 0 )) || exit 1 + + if (( ${#emails[*]} > 0 )) && \ + ! "${GPG_PACMAN[@]}" --auto-key-locate nodefault,clear,wkd,keyserver \
From the man page:
clear Clear all defined mechanisms. This is useful to override mechanisms given in a config file. Note that a nodefault in mechanisms will also be cleared unless it is given af‐ ter the clear. so clear,nodefault,wkd,keyserver ?
+ --locate-key "${emails[@]}" ; then + error "$(gettext "Remote key not fetched correctly from WKD or keyserver.")" + exit 1
Instead of exiting here, catch the failure (ret=1), both here and...
+ fi
- if ! "${GPG_PACMAN[@]}" --recv-keys "${keyids[@]}" ; then + if (( ${#keyids[*]} > 0 )) && ! "${GPG_PACMAN[@]}" --recv-keys "${keyids[@]}" ; then error "$(gettext "Remote key not fetched correctly from keyserver.")" exit 1
here...
fi
and exit here if there was a failure.
-- 2.22.0 .