Currently, pacman-key allows the user to import their keys using the --add option. However, no similar functionality exists for importing ownertrust values. The --import-trustdb option takes a list of directories and imports ownertrust values if the directories have a trustdb.gpg database. The --import option takes a list of directories and imports keys from pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination of --add and --import-trustdb Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> --- doc/pacman-key.8.txt | 7 +++++++ scripts/pacman-key.sh.in | 45 ++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 3 deletions(-) diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index cf72b83..14f3cb9 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -60,6 +60,13 @@ Options *-h, \--help*:: Output syntax and command line options. +*--import* <dir(s)>:: + Adds keys from pubring.gpg into pacman's keyring and imports ownertrust + values from trustdb.gpg in the specified directories. + +*--import-dirs* <dir(s)> :: + Imports ownertrust values from trustdb.gpg in the specified directories. + *--init*:: Ensure the keyring is properly initialized and has the required access permissions. diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index cb108ac..ef23290 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -32,6 +32,8 @@ DELETE=0 EDITKEY=0 EXPORT=0 FINGER=0 +IMPORT=0 +IMPORT_TRUSTDB=0 INIT=0 LIST=0 RECEIVE=0 @@ -39,6 +41,9 @@ RELOAD=0 UPDATEDB=0 VERIFY=0 +# Globals +TMP_TRUSTDB='tmp_trustdb.gpg' + m4_include(library/output_format.sh) m4_include(library/parse_options.sh) @@ -66,6 +71,8 @@ usage() { echo "$(gettext " --edit-key <keyid(s)> Present a menu for key management task on keyids")" echo "$(gettext " --gpgdir <dir> Set an alternate directory for gnupg")" printf "$(gettext " (instead of '%s')")\n" "@sysconfdir@/pacman.d/gnupg" + echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")" + echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")" echo "$(gettext " --init Ensure the keyring is properly initialized")" echo "$(gettext " --reload Reload the default keys")" } @@ -278,6 +285,33 @@ edit_keys() { done } +import_trustdb() { + local importdir + ${GPG_PACMAN} --export-ownertrust > ${TMP_TRUSTDB} + + for importdir in "${IMPORT_DIRS[@]}"; do + if [[ -f "${importdir}/trustdb.gpg" ]]; then + gpg --homedir "${importdir}" --export-ownertrust >> ${TMP_TRUSTDB} + fi + done + + ${GPG_PACMAN} --import-ownertrust ${TMP_TRUSTDB} + rm -f ${TMP_TRUSTDB} +} + +import() { + local importdir + + # Imports public keys, then import trustdbs + for importdir in "${IMPORT_DIRS[@]}"; do + if [[ -f "${importdir}/pubring.gpg" ]]; then + ${GPG_PACMAN} --quiet --batch --import "${importdir}/pubring.gpg" + fi + done + + import_trustdb +} + # PROGRAM START if ! type gettext &>/dev/null; then gettext() { @@ -287,7 +321,8 @@ fi OPT_SHORT="a::d:e:f::hlr:uv:V" OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:" -OPT_LONG+=",help,init,list,receive:,reload,updatedb,verify:,version" +OPT_LONG+=",help,import:,import-trustdb:,init,list,receive:,reload,updatedb" +OPT_LONG+=",verify:,version" if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then echo; usage; exit 1 # E_INVALID_OPTION; fi @@ -308,6 +343,8 @@ while true; do -e|--export) EXPORT=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;; -f|--finger) FINGER=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;; --gpgdir) shift; PACMAN_KEYRING_DIR=$1 ;; + --import) IMPORT=1; shift; IMPORT_DIRS=($1) ;; + --import-trustdb) IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1) ;; --init) INIT=1 ;; -l|--list) LIST=1 ;; -r|--receive) RECEIVE=1; shift; KEYSERVER="${1[0]}"; KEYIDS=("${1[@]:1}") ;; @@ -330,7 +367,7 @@ if ! type -p gpg >/dev/null; then exit 1 fi -if (( (ADD || DELETE || EDITKEY || INIT || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then +if (( (ADD || DELETE || EDITKEY || IMPORT || IMPORT_TRUSTDB || INIT || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key" exit 1 fi @@ -348,7 +385,7 @@ PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo " GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" # check only a single operation has been given -numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + INIT + LIST + RECEIVE + RELOAD + UPDATEBD + VERIFY )) +numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + IMPORT + IMPORT_TRUSTDB + INIT + LIST + RECEIVE + RELOAD + UPDATEBD + VERIFY )) if (( ! numopt )); then error "$(gettext "No operations specified")" @@ -370,6 +407,8 @@ fi (( EDITKEY )) && edit_keys (( EXPORT )) && ${GPG_PACMAN} --armor --export "${KEYIDS[@]}" (( FINGER )) && ${GPG_PACMAN} --batch --fingerprint "${KEYIDS[@]}" +(( IMPORT )) && import +(( IMPORT_TRUSTDB)) && import_trustdb (( INIT )) && initialize (( LIST )) && ${GPG_PACMAN} --batch --list-sigs "${KEYIDS[@]}" (( RECEIVE )) && receive_keys -- 1.7.6.178.g55272