[pacman-dev] [PATCH 1/4] pacman-key: lsign keys in --populate without prompting
There is no gain in security when we ask the user to type in "y" on every
single key. It also makes scripting harder.
Signed-off-by: Pierre Schmitz
We can just use --yes in batch mode. Also piping "y" two times was unnecessary.
We also no longer need to use LANG=C for this call.
Signed-off-by: Pierre Schmitz
Do not bother the user with gpg's verbose output.
Signed-off-by: Pierre Schmitz
We cannot rely on gpg's exit code. Instead we have to check the status-fd to
figoure out whether a signature is valid or not.
In addition to this pacman-key --verify can now be used in scripts as it will
return an exit code of 1 if the signature is invalid.
Signed-off-by: Pierre Schmitz
On 25/03/12 22:10, Pierre Schmitz wrote:
We cannot rely on gpg's exit code. Instead we have to check the status-fd to figoure out whether a signature is valid or not.
typo ^
In addition to this pacman-key --verify can now be used in scripts as it will return an exit code of 1 if the signature is invalid.
Signed-off-by: Pierre Schmitz
--- scripts/pacman-key.sh.in | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 4c02d7d..c5ecca5 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -436,10 +436,16 @@ refresh_keys() { }
verify_sig() { - if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then + local fd="$(mktemp)" + exec 4>"${fd}" + "${GPG_PACMAN[@]}" --status-fd 4 --verify $SIGNATURE
I think it would be safer to use --status-file here. We do that when verifying signatures in makepkg.
+ exec 4>&- + if ! grep -q TRUST_FULLY "${fd}"; then + rm -f "${fd}" error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE" exit 1 fi + rm -f "${fd}" }
updatedb() {
On 25/03/12 22:10, Pierre Schmitz wrote:
Do not bother the user with gpg's verbose output.
Signed-off-by: Pierre Schmitz
--- scripts/pacman-key.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 46773ac..4c02d7d 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -250,7 +250,7 @@ populate_keyring() { # Add keys from requested keyrings for keyring in "${KEYRINGIDS[@]}"; do msg "$(gettext "Appending keys from %s.gpg...")" "$keyring" - "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" + "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" 2>/dev/null
Is the output on stderr? I am reluctant to remove real error output.
done
# Read the trusted key IDs to an array. Because this is an ownertrust @@ -275,12 +275,12 @@ populate_keyring() { msg "$(gettext "Locally signing trusted keys in keyring...")" for key_id in "${!trusted_ids[@]}"; do msg2 "$(gettext "Locally signing key %s...")" "${key_id}" - "${GPG_PACMAN[@]}" --quiet --batch --yes --lsign-key "${key_id}" + "${GPG_PACMAN[@]}" --quiet --batch --yes --lsign-key "${key_id}" 2>/dev/null done msg "$(gettext "Importing owner trust values...")" for keyring in "${KEYRINGIDS[@]}"; do if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then - "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" + "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" 2>/dev/null fi done fi
Am 25.03.2012 15:25, schrieb Allan McRae:
On 25/03/12 22:10, Pierre Schmitz wrote:
Do not bother the user with gpg's verbose output.
Signed-off-by: Pierre Schmitz
--- scripts/pacman-key.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 46773ac..4c02d7d 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -250,7 +250,7 @@ populate_keyring() { # Add keys from requested keyrings for keyring in "${KEYRINGIDS[@]}"; do msg "$(gettext "Appending keys from %s.gpg...")" "$keyring" - "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" + "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" 2>/dev/null
Is the output on stderr? I am reluctant to remove real error output.
There shouldn't be much critical output here. But gpg also accepts the --quiet flag here which still outputs useless data but much less. -- Pierre Schmitz, https://pierre-schmitz.com
Do not bother the user with gpg's verbose output.
Signed-off-by: Pierre Schmitz
We cannot rely on gpg's exit code. Instead we have to check the status-fd to
figure out whether a signature is valid or not.
In addition to this pacman-key --verify can now be used in scripts as it will
return an exit code of 1 if the signature is invalid.
Signed-off-by: Pierre Schmitz
participants (2)
-
Allan McRae
-
Pierre Schmitz