[pacman-dev] [PATCH 1/2] Change GPG_PACMAN to array
Allows GPG_PACMAN to safely handle any arguments Signed-off-by: DJ Mills <danielmills1@gmail.com> --- scripts/pacman-key.sh.in | 46 +++++++++++++++++++++++----------------------- 1 files changed, 23 insertions(+), 23 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 833943c..0d3729d 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -78,7 +78,7 @@ get_from() { reload_keyring() { local PACMAN_SHARE_DIR='@prefix@/share/pacman' - local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}" + local GPG_NOKEYRING=(gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir "${PACMAN_KEYRING_DIR}") # Variable used for iterating on keyrings local key @@ -97,7 +97,7 @@ reload_keyring() { # Verify signatures of related files, if they exist if [[ -r "${ADDED_KEYS}" ]]; then msg "$(gettext "Verifying official keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then + if ! "${GPG_PACMAN[@]}" --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}" exit 1 fi @@ -105,7 +105,7 @@ reload_keyring() { if [[ -r "${DEPRECATED_KEYS}" ]]; then msg "$(gettext "Verifying deprecated keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then + if ! ""${GPG_PACMAN[@]}"" --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}" exit 1 fi @@ -113,7 +113,7 @@ reload_keyring() { if [[ -r "${REMOVED_KEYS}" ]]; then msg "$(gettext "Verifying deleted keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${REMOVED_KEYS}.sig"; then + if ! "${GPG_PACMAN[@]}" --quiet --batch --verify "${REMOVED_KEYS}.sig"; then error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}" exit 1 fi @@ -126,7 +126,7 @@ reload_keyring() { if [[ -r "${REMOVED_KEYS}" ]]; then while read key; do local key_values name - key_values=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ') + key_values=$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ') if [[ -n $key_values ]]; then # The first word is the key_id key_id=${key_values%% *} @@ -146,7 +146,7 @@ reload_keyring() { # Remove the keys that must be kept from the set of keys that should be removed if [[ -n ${HOLD_KEYS} ]]; then for key in ${HOLD_KEYS}; do - key_id=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5) + key_id=$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5) if [[ -n "${removed_ids[$key_id]}" ]]; then unset removed_ids[$key_id] fi @@ -161,7 +161,7 @@ reload_keyring() { for key_id in ${add_keys}; do # There is no point in adding a key that will be deleted right after if [[ -z "${removed_ids[$key_id]}" ]]; then - ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import + ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import fi done fi @@ -172,7 +172,7 @@ reload_keyring() { for key_id in ${add_keys}; do # There is no point in adding a key that will be deleted right after if [[ -z "${removed_ids[$key_id]}" ]]; then - ${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import + ${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import fi done fi @@ -182,13 +182,13 @@ reload_keyring() { msg "$(gettext "Removing deleted keys from keyring...")" for key_id in "${!removed_ids[@]}"; do echo " removing key $key_id - ${removed_ids[$key_id]}" - ${GPG_PACMAN} --quiet --batch --yes --delete-key "${key_id}" + "${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}" done fi # Update trustdb, just to be sure msg "$(gettext "Updating trust database...")" - ${GPG_PACMAN} --batch --check-trustdb + "${GPG_PACMAN[@]}" --batch --check-trustdb } # PROGRAM START @@ -229,7 +229,7 @@ fi if [[ GPGDIR=$(get_from "$CONFIG" "GPGDir") == 0 ]]; then PACMAN_KEYRING_DIR="${GPGDIR}" fi -GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" +GPG_PACMAN=(gpg --homedir "${PACMAN_KEYRING_DIR}" --no-permission-warning) # Try to create $PACMAN_KEYRING_DIR if non-existent # Check for simple existence rather than for a directory as someone may want @@ -247,29 +247,29 @@ shift case "${command}" in -a|--add) # If there is no extra parameter, gpg will read stdin - ${GPG_PACMAN} --quiet --batch --import "$@" + "${GPG_PACMAN[@]}" --quiet --batch --import "$@" ;; -d|--del) if (( $# == 0 )); then error "$(gettext "You need to specify at least one key identifier")" exit 1 fi - ${GPG_PACMAN} --quiet --batch --delete-key --yes "$@" + "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "$@" ;; -u|--updatedb) - ${GPG_PACMAN} --batch --check-trustdb + "${GPG_PACMAN[@]}" --batch --check-trustdb ;; --reload) reload_keyring ;; -l|--list) - ${GPG_PACMAN} --batch --list-sigs "$@" + "${GPG_PACMAN[@]}" --batch --list-sigs "$@" ;; -f|--finger) - ${GPG_PACMAN} --batch --fingerprint "$@" + "${GPG_PACMAN[@]}" --batch --fingerprint "$@" ;; -e|--export) - ${GPG_PACMAN} --armor --export "$@" + "${GPG_PACMAN[@]}" --armor --export "$@" ;; -r|--receive) if (( $# < 2 )); then @@ -278,7 +278,7 @@ case "${command}" in fi keyserver="$1" shift - ${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@" + "${GPG_PACMAN[@]}" --keyserver "${keyserver}" --recv-keys "$@" ;; -t|--trust) if (( $# == 0 )); then @@ -287,8 +287,8 @@ case "${command}" in fi while (( $# > 0 )); do # Verify if the key exists in pacman's keyring - if ${GPG_PACMAN} --list-keys "$1" > /dev/null 2>&1; then - ${GPG_PACMAN} --edit-key "$1" + if "${GPG_PACMAN[@]}" --list-keys "$1" > /dev/null 2>&1; then + "${GPG_PACMAN[@]}" --edit-key "$1" else error "$(gettext "The key identified by %s doesn't exist")" "$1" exit 1 @@ -297,11 +297,11 @@ case "${command}" in done ;; --adv) - msg "$(gettext "Executing: %s ")$*" "${GPG_PACMAN}" - ${GPG_PACMAN} "$@" || ret=$? + msg "$(gettext "Executing: %s ")$*" "${GPG_PACMAN[*]}" + "${GPG_PACMAN[@]}" "$@" || ret=$? exit $ret ;; - -h|--help) + -h|--help usage; exit 0 ;; -V|--version) version; exit 0 ;; -- 1.7.6
Currently declared as an array, but expanded as a string. Signed-off-by: DJ Mills <danielmills1@gmail.com> --- scripts/pacman-key.sh.in | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 0d3729d..84e47bb 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -157,22 +157,22 @@ reload_keyring() { # be updated automatically. if [[ -r "${ADDED_KEYS}" ]]; then msg "$(gettext "Appending official keys...")" - local add_keys=$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + local add_keys=$("${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) for key_id in ${add_keys}; do # There is no point in adding a key that will be deleted right after if [[ -z "${removed_ids[$key_id]}" ]]; then - ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import + "${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import fi done fi if [[ -r "${DEPRECATED_KEYS}" ]]; then msg "$(gettext "Appending deprecated keys...")" - local add_keys=$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + local add_keys=$("${GPG_NOKEYRING[@]}" --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) for key_id in ${add_keys}; do # There is no point in adding a key that will be deleted right after if [[ -z "${removed_ids[$key_id]}" ]]; then - ${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import + "${GPG_NOKEYRING[@]}" --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import fi done fi -- 1.7.6
Subject typo? Fix usage of GPG_NOKEYRING? On 10/07/11 18:00, DJ Mills wrote:
Currently declared as an array, but expanded as a string.
Why not just do this in the previous patch where you change GPG_NOKEYRING to an array? Allan
On Sun, Jul 10, 2011 at 4:58 AM, Allan McRae <allan@archlinux.org> wrote:
Subject typo? Fix usage of GPG_NOKEYRING?
On 10/07/11 18:00, DJ Mills wrote:
Currently declared as an array, but expanded as a string.
Why not just do this in the previous patch where you change GPG_NOKEYRING to an array?
Allan
Hah, I thought it was already like that. It's ridiculously late here, sorry
On 10/07/11 18:58, DJ Mills wrote:
On Sun, Jul 10, 2011 at 4:58 AM, Allan McRae<allan@archlinux.org> wrote:
Subject typo? Fix usage of GPG_NOKEYRING?
On 10/07/11 18:00, DJ Mills wrote:
Currently declared as an array, but expanded as a string.
Why not just do this in the previous patch where you change GPG_NOKEYRING to an array?
Allan
Hah, I thought it was already like that. It's ridiculously late here, sorry
Any chance of resubmitting with those two patches joint as one and based on top of my working branch? Allan
On Sat, Jul 16, 2011 at 9:08 AM, Allan McRae <allan@archlinux.org> wrote:
On 10/07/11 18:58, DJ Mills wrote:
On Sun, Jul 10, 2011 at 4:58 AM, Allan McRae<allan@archlinux.org> wrote:
Subject typo? Fix usage of GPG_NOKEYRING?
On 10/07/11 18:00, DJ Mills wrote:
Currently declared as an array, but expanded as a string.
Why not just do this in the previous patch where you change GPG_NOKEYRING to an array?
Allan
Hah, I thought it was already like that. It's ridiculously late here, sorry
Any chance of resubmitting with those two patches joint as one and based on top of my working branch?
Allan
Sure
participants (2)
-
Allan McRae
-
DJ Mills