Re: [pacman-dev] [PATCH 6/8] pacman-key: allow verification of multiple sig files

On 13/04/12 00:54, Dave Reisner wrote:

Loop through arguments passed to verify_sig and treat each as a signature to be verified against a source file. Output each file as its checked to avoid ambiguity.

Signed-off-by: Dave Reisner --- doc/pacman-key.8.txt | 2 +- scripts/pacman-key.sh.in | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index 96ac31c..4a2122f 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -96,7 +96,7 @@ Operations Displays the program version.

*-v, \--verify*:: - Verify the given signature file. + Verify the given targets as signature files.

Not sure I like this wording... How about sticking with the wording in --help "Verify the file(s) specified by the signature(s)".

Options ------- diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index b2c3da9..2083a60 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -66,7 +66,7 @@ usage() { printf -- "$(gettext " -l, --list-keys List the specified or all keys")\n" printf -- "$(gettext " -r, --recv-keys Fetch the specified keyids")\n" printf -- "$(gettext " -u, --updatedb Update the trustdb of pacman")\n" - printf -- "$(gettext " -v, --verify Verify the file specified by the signature")\n" + printf -- "$(gettext " -v, --verify Verify the file(s) specified by the signature(s)")\n" printf -- "$(gettext " --edit-key Present a menu for key management task on keyids")\n" printf -- "$(gettext " --import Imports pubring.gpg from dir(s)")\n" printf -- "$(gettext " --import-trustdb Imports ownertrust values from trustdb.gpg in dir(s)")\n" @@ -455,10 +455,15 @@ refresh_keys() { }

verify_sig() { - if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$1" | grep -qE 'TRUST_(FULLY|ULTIMATE)'; then - error "$(gettext "The signature identified by %s could not be verified.")" "$1" - exit 1 - fi + local ret=0 + for sig; do + msg "Checking %s ..." "$sig" + if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE 'TRUST_(FULLY|ULTIMATE)'; then + error "$(gettext "The signature identified by %s could not be verified.")" "$sig" + ret=1 + fi + done + exit $ret }

updatedb() {