^^^ You deleted the blank line between the patch subject and the summary text, which makes it do what it did. You'll want to put that back. On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley <mail@kerrickstaley.com> wrote: I'm not against either of these two things, but it probably should be two patches. The first should add -S to both repo-add and makepkg (and update the documentation appropriately). The other should implement --gpgdir (as well as document it). Here is what I notice at quick glance- to the casual user, it isn't very clear why only one gpg invocation was changed. Your comment is unfortunately hidden away in the code, but is very helpful: "unlike signing, verification of old database is done with pacman's keyring." The usage string should reflect this accordingly, and it needs to be documented in the manpages as well this way. -Dan
--- scripts/makepkg.sh.in | 6 +++--- scripts/repo-add.sh.in | 23 ++++++++++++++++++++--- 2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index b0d0c23..95f541f 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1625,7 +1625,7 @@ usage() { printf "$(gettext " --nocheck Do not run the check() function in the %s")\n" "$BUILDSCRIPT" echo "$(gettext " --nosign Do not create a signature for the package")" echo "$(gettext " --pkg <list> Only build listed packages from a split package")" - echo "$(gettext " --sign Sign the resulting package with gpg")" + echo "$(gettext " -S, --sign Sign the resulting package with gpg")" echo "$(gettext " --skipinteg Do not fail when integrity checks are missing")" echo "$(gettext " --source Generate a source-only tarball without downloaded sources")" echo @@ -1659,7 +1659,7 @@ fi ARGLIST=("$@")
# Parse Command Line Options. -OPT_SHORT="AcCdefFghiLmop:rRsV" +OPT_SHORT="AcCdefFghiLmop:rRsSV" OPT_LONG="allsource,asroot,ignorearch,check,clean,cleancache,nodeps" OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver" OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps" @@ -1708,7 +1708,7 @@ while true; do -r|--rmdeps) RMDEPS=1 ;; -R|--repackage) REPKG=1 ;; --skipinteg) SKIPINTEG=1 ;; - --sign) SIGNPKG='y' ;; + -S|--sign) SIGNPKG='y' ;; --source) SOURCEONLY=1 ;; -s|--syncdeps) DEP_BIN=1 ;;
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 820db36..f00b519 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -26,6 +26,8 @@ export TEXTDOMAINDIR='@localedir@' myver='@PACKAGE_VERSION@' confdir='@sysconfdir@'
+GPGDIR='@sysconfdir@/pacman.d/gnupg' + QUIET=0 DELTA=0 WITHFILES=0 @@ -80,8 +82,9 @@ specified on the command line from the given repo database. Multiple\n\ packages to remove can be specified on the command line.\n\n")" printf "$(gettext "Options:\n")" fi + printf "$(gettext " --gpgdir <dir> use the specified GnuPG home directory\n")" printf "$(gettext " -q, --quiet minimize output\n")" - printf "$(gettext " -s, --sign sign database with GnuPG after update\n")" + printf "$(gettext " -S, --sign sign database with GnuPG after update\n")" printf "$(gettext " -k, --key <key> use the specified key to sign the database\n")" printf "$(gettext " -v, --verify verify database's signature before update\n")" printf "$(gettext "\n\ @@ -231,7 +234,12 @@ verify_signature() { warning "$(gettext "No existing signature found, skipping verification.")" return fi - gpg --verify "$dbfile.sig" || ret=$? + # unlike signing, verification of old database is done with pacman's keyring + if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then + error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")" + exit 1 + fi + gpg --homedir "$GPGDIR" --verify "$dbfile.sig" || ret=$? if (( ! ret )); then msg2 "$(gettext "Database signature file verified.")" else @@ -552,7 +560,16 @@ while [[ $# > 0 ]]; do -q|--quiet) QUIET=1;; -d|--delta) DELTA=1;; -f|--files) WITHFILES=1;; - -s|--sign) + --gpgdir) + check_gpg + shift + GPGDIR="$1" + if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then + error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")" + exit 1 + fi + ;; + -S|--sign) check_gpg SIGN=1 if ! gpg --list-key ${GPGKEY} &>/dev/null; then -- 1.7.5.2