[pacman-dev] [PATCH] pacman-key: lookup keys before receiving
Perform a search for keys that clearly aren't key IDs. This allows receiving keys by name or email address, but only if the key resolves unambiguously. Signed-off-by: Dave Reisner <dreisner@archlinux.org> --- scripts/pacman-key.sh.in | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index bd2c739..e2e8980 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -116,6 +116,30 @@ get_from() { return 1 } +key_lookup_from_name() { + local ids + + mapfile -t ids < \ + <("${GPG_PACMAN[@]}" --search-keys --batch --with-colons "$1" 2>/dev/null | + awk -F: '$1 == "pub" { print $2 }') + + # only return success on non-ambiguous lookup + case ${#ids[*]} in + 0) + error "$(gettext "Failed to lookup key by name:") %s" "$name" + return 1 + ;; + 1) + printf '%s' "${ids[0]}" + return 0 + ;; + *) + error "$(gettext "Key name is ambiguous:") %s" "$name" + return 1 + ;; + esac +} + generate_master_key() { # Generate the master key, which will be in both pubring and secring "${GPG_PACMAN[@]}" --gen-key --batch <<EOF @@ -424,7 +448,22 @@ lsign_keys() { } receive_keys() { - if ! "${GPG_PACMAN[@]}" --recv-keys "$@" ; then + local name id keyids + + # if the key is not a hex ID, do a lookup + for name; do + if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then + keyids+=("$name") + else + if id=$(key_lookup_from_name "$name"); then + keyids+=("$id") + fi + fi + done + + (( ${#keyids[*]} > 0 )) || exit 1 + + if ! "${GPG_PACMAN[@]}" --recv-keys "${keyids[@]}" ; then error "$(gettext "Remote key not fetched correctly from keyserver.")" exit 1 fi -- 1.7.10
participants (1)
-
Dave Reisner