On Tue, Aug 23, 2011 at 04:17:44PM +1000, Allan McRae wrote:
After most operations that touch the keyring, it is a good idea to always run a check on the trustdb as this prevents gpg complaining on later operations.
Signed-off-by: Allan McRae <allan@archlinux.org> --- scripts/pacman-key.sh.in | 9 +++++---- 1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 3e31abb..6d07482 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -253,10 +253,6 @@ populate_keyring() { "${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}" done fi - - # Update trustdb, just to be sure - msg "$(gettext "Updating trust database...")" - "${GPG_PACMAN[@]}" --batch --check-trustdb }
receive_keys() { @@ -417,4 +413,9 @@ esac (( UPDATEDB )) && "${GPG_PACMAN[@]}" --batch --check-trustdb (( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE
+if (( ADD || DELETE || EDITKEY || IMPORT || IMPORT_TRUSTDB || POPULATE || RECEIVE )); then + msg "$(gettext "Updating trust database...")" + "${GPG_PACMAN[@]}" --batch --check-trustdb +fi + # vim: set ts=2 sw=2 noet: -- 1.7.6
Just a different approach... instead of hardcoding another list, tag them in options parsing and check for UPDATEDB last. Patch below is against master, but probably gives you a better idea of what I mean... d diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 74ecfcf..2ebe22d 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -336,20 +336,20 @@ fi while true; do case "$1" in - -a|--add) ADD=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYFILES=($1) ;; + -a|--add) UPDATEDB=1 ADD=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYFILES=($1) ;; --config) shift; CONFIG=$1 ;; - -d|--delete) DELETE=1; shift; KEYIDS=($1) ;; - --edit-key) EDITKEY=1; shift; KEYIDS=($1) ;; + -d|--delete) UPDATEDB=1 DELETE=1; shift; KEYIDS=($1) ;; + --edit-key) UPDATEDB=1 EDITKEY=1; shift; KEYIDS=($1) ;; -e|--export) EXPORT=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;; -f|--finger) FINGER=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;; --gpgdir) shift; PACMAN_KEYRING_DIR=$1 ;; - --import) IMPORT=1; shift; IMPORT_DIRS=($1) ;; - --import-trustdb) IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1) ;; + --import) UPDATEDB=1 IMPORT=1; shift; IMPORT_DIRS=($1) ;; + --import-trustdb) UPDATEDB=1 IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1) ;; --init) INIT=1 ;; -l|--list-keys) LISTKEYS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;; --list-sigs) LISTSIGS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;; - -r|--receive) RECEIVE=1; shift; TMP=($1); KEYSERVER=${TMP[0]}; KEYIDS=(${TMP[@]:1}); unset TMP;; - --reload) RELOAD=1 ;; + -r|--receive) UPDATEDB=1 RECEIVE=1; shift; TMP=($1); KEYSERVER=${TMP[0]}; KEYIDS=(${TMP[@]:1}); unset TMP;; + --reload) UPDATEDB=1 RELOAD=1 ;; -u|--updatedb) UPDATEDB=1 ;; -v|--verify) VERIFY=1; shift; SIGNATURE=$1 ;; @@ -387,7 +387,7 @@ GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning) # check only a single operation has been given numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + IMPORT + IMPORT_TRUSTDB + - INIT + LISTKEYS + LISTSIGS + RECEIVE + RELOAD + UPDATEDB + VERIFY )) + INIT + LISTKEYS + LISTSIGS + RECEIVE + RELOAD + VERIFY )) case $numopt in 0) @@ -415,7 +415,8 @@ esac (( LISTSIGS )) && "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}" (( RECEIVE )) && receive_keys (( RELOAD )) && reload_keyring -(( UPDATEDB )) && "${GPG_PACMAN[@]}" --batch --check-trustdb (( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE +(( UPDATEDB )) && "${GPG_PACMAN[@]}" --batch --check-trustdb + # vim: set ts=2 sw=2 noet: