[pacman-dev] [PATCH] Change GPG_PACMAN and GPG_NOKEYRING to arrays
Allow the commands to safely handle any possible arguments. Signed-off-by: DJ Mills <danielmills1@gmail.com> --- scripts/pacman-key.sh.in | 48 +++++++++++++++++++++++----------------------- 1 files changed, 24 insertions(+), 24 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 833943c..5ad83c3 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -78,7 +78,7 @@ get_from() { reload_keyring() { local PACMAN_SHARE_DIR='@prefix@/share/pacman' - local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}" + local GPG_NOKEYRING=(gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir "${PACMAN_KEYRING_DIR}") # Variable used for iterating on keyrings local key @@ -97,7 +97,7 @@ reload_keyring() { # Verify signatures of related files, if they exist if [[ -r "${ADDED_KEYS}" ]]; then msg "$(gettext "Verifying official keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then + if ! "${GPG_PACMAN[@]}" --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}" exit 1 fi @@ -105,7 +105,7 @@ reload_keyring() { if [[ -r "${DEPRECATED_KEYS}" ]]; then msg "$(gettext "Verifying deprecated keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then + if ! "${GPG_PACMAN[@]}" --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}" exit 1 fi @@ -113,7 +113,7 @@ reload_keyring() { if [[ -r "${REMOVED_KEYS}" ]]; then msg "$(gettext "Verifying deleted keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${REMOVED_KEYS}.sig"; then + if ! "${GPG_PACMAN[@]}" --quiet --batch --verify "${REMOVED_KEYS}.sig"; then error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}" exit 1 fi @@ -126,7 +126,7 @@ reload_keyring() { if [[ -r "${REMOVED_KEYS}" ]]; then while read key; do local key_values name - key_values=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ') + key_values=$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ') if [[ -n $key_values ]]; then # The first word is the key_id key_id=${key_values%% *} @@ -146,7 +146,7 @@ reload_keyring() { # Remove the keys that must be kept from the set of keys that should be removed if [[ -n ${HOLD_KEYS} ]]; then for key in ${HOLD_KEYS}; do - key_id=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5) + key_id=$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5) if [[ -n "${removed_ids[$key_id]}" ]]; then unset removed_ids[$key_id] fi @@ -157,22 +157,22 @@ reload_keyring() { # be updated automatically. if [[ -r "${ADDED_KEYS}" ]]; then msg "$(gettext "Appending official keys...")" - local add_keys=$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + local add_keys=$("${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) for key_id in ${add_keys}; do # There is no point in adding a key that will be deleted right after if [[ -z "${removed_ids[$key_id]}" ]]; then - ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import + "${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import fi done fi if [[ -r "${DEPRECATED_KEYS}" ]]; then msg "$(gettext "Appending deprecated keys...")" - local add_keys=$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + local add_keys=$("${GPG_NOKEYRING[@]}" --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) for key_id in ${add_keys}; do # There is no point in adding a key that will be deleted right after if [[ -z "${removed_ids[$key_id]}" ]]; then - ${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import + "${GPG_NOKEYRING[@]}" --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import fi done fi @@ -182,13 +182,13 @@ reload_keyring() { msg "$(gettext "Removing deleted keys from keyring...")" for key_id in "${!removed_ids[@]}"; do echo " removing key $key_id - ${removed_ids[$key_id]}" - ${GPG_PACMAN} --quiet --batch --yes --delete-key "${key_id}" + "${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}" done fi # Update trustdb, just to be sure msg "$(gettext "Updating trust database...")" - ${GPG_PACMAN} --batch --check-trustdb + "${GPG_PACMAN[@]}" --batch --check-trustdb } # PROGRAM START @@ -229,7 +229,7 @@ fi if [[ GPGDIR=$(get_from "$CONFIG" "GPGDir") == 0 ]]; then PACMAN_KEYRING_DIR="${GPGDIR}" fi -GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" +GPG_PACMAN=(gpg --homedir "${PACMAN_KEYRING_DIR}" --no-permission-warning) # Try to create $PACMAN_KEYRING_DIR if non-existent # Check for simple existence rather than for a directory as someone may want @@ -247,29 +247,29 @@ shift case "${command}" in -a|--add) # If there is no extra parameter, gpg will read stdin - ${GPG_PACMAN} --quiet --batch --import "$@" + "${GPG_PACMAN[@]}" --quiet --batch --import "$@" ;; -d|--del) if (( $# == 0 )); then error "$(gettext "You need to specify at least one key identifier")" exit 1 fi - ${GPG_PACMAN} --quiet --batch --delete-key --yes "$@" + "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "$@" ;; -u|--updatedb) - ${GPG_PACMAN} --batch --check-trustdb + "${GPG_PACMAN[@]}" --batch --check-trustdb ;; --reload) reload_keyring ;; -l|--list) - ${GPG_PACMAN} --batch --list-sigs "$@" + "${GPG_PACMAN[@]}" --batch --list-sigs "$@" ;; -f|--finger) - ${GPG_PACMAN} --batch --fingerprint "$@" + "${GPG_PACMAN[@]}" --batch --fingerprint "$@" ;; -e|--export) - ${GPG_PACMAN} --armor --export "$@" + "${GPG_PACMAN[@]}" --armor --export "$@" ;; -r|--receive) if (( $# < 2 )); then @@ -278,7 +278,7 @@ case "${command}" in fi keyserver="$1" shift - ${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@" + "${GPG_PACMAN[@]}" --keyserver "${keyserver}" --recv-keys "$@" ;; -t|--trust) if (( $# == 0 )); then @@ -287,8 +287,8 @@ case "${command}" in fi while (( $# > 0 )); do # Verify if the key exists in pacman's keyring - if ${GPG_PACMAN} --list-keys "$1" > /dev/null 2>&1; then - ${GPG_PACMAN} --edit-key "$1" + if "${GPG_PACMAN[@]}" --list-keys "$1" > /dev/null 2>&1; then + "${GPG_PACMAN[@]}" --edit-key "$1" else error "$(gettext "The key identified by %s doesn't exist")" "$1" exit 1 @@ -297,8 +297,8 @@ case "${command}" in done ;; --adv) - msg "$(gettext "Executing: %s ")$*" "${GPG_PACMAN}" - ${GPG_PACMAN} "$@" || ret=$? + msg "$(gettext "Executing: %s ")$*" ""${GPG_PACMAN[@]}"" + "${GPG_PACMAN[@]}" "$@" || ret=$? exit $ret ;; -h|--help) -- 1.7.6
On 17/07/11 04:38, DJ Mills wrote:
Allow the commands to safely handle any possible arguments.
Signed-off-by: DJ Mills<danielmills1@gmail.com>
Thanks. Rebased on to current master branch and pushed to my working branch. Allan
participants (2)
-
Allan McRae
-
DJ Mills