There is no gain in security when we ask the user to type in "y" on every single key. It also makes scripting harder.
Signed-off-by: Pierre Schmitz pierre@archlinux.de --- scripts/pacman-key.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 482b56d..32c70dc 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -275,7 +275,7 @@ populate_keyring() { msg "$(gettext "Locally signing trusted keys in keyring...")" for key_id in "${!trusted_ids[@]}"; do msg2 "$(gettext "Locally signing key %s...")" "${key_id}" - "${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}" + "${GPG_PACMAN[@]}" --quiet --batch --yes --lsign-key "${key_id}" done msg "$(gettext "Importing owner trust values...")" for keyring in "${KEYRINGIDS[@]}"; do
We can just use --yes in batch mode. Also piping "y" two times was unnecessary. We also no longer need to use LANG=C for this call.
Signed-off-by: Pierre Schmitz pierre@archlinux.de --- scripts/pacman-key.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 32c70dc..46773ac 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -413,7 +413,7 @@ list_sigs() {
lsign_keys() { check_keyids_exist - printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${KEYIDS[@]}" 2>/dev/null + "${GPG_PACMAN[@]}" --yes --quiet --batch --lsign-key "${KEYIDS[@]}" 2>/dev/null if (( PIPESTATUS[1] )); then error "$(gettext "A specified key could not be locally signed.")" exit 1
Do not bother the user with gpg's verbose output.
Signed-off-by: Pierre Schmitz pierre@archlinux.de --- scripts/pacman-key.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 46773ac..4c02d7d 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -250,7 +250,7 @@ populate_keyring() { # Add keys from requested keyrings for keyring in "${KEYRINGIDS[@]}"; do msg "$(gettext "Appending keys from %s.gpg...")" "$keyring" - "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" + "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" 2>/dev/null done
# Read the trusted key IDs to an array. Because this is an ownertrust @@ -275,12 +275,12 @@ populate_keyring() { msg "$(gettext "Locally signing trusted keys in keyring...")" for key_id in "${!trusted_ids[@]}"; do msg2 "$(gettext "Locally signing key %s...")" "${key_id}" - "${GPG_PACMAN[@]}" --quiet --batch --yes --lsign-key "${key_id}" + "${GPG_PACMAN[@]}" --quiet --batch --yes --lsign-key "${key_id}" 2>/dev/null done msg "$(gettext "Importing owner trust values...")" for keyring in "${KEYRINGIDS[@]}"; do if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then - "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" + "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" 2>/dev/null fi done fi
We cannot rely on gpg's exit code. Instead we have to check the status-fd to figoure out whether a signature is valid or not.
In addition to this pacman-key --verify can now be used in scripts as it will return an exit code of 1 if the signature is invalid.
Signed-off-by: Pierre Schmitz pierre@archlinux.de --- scripts/pacman-key.sh.in | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 4c02d7d..c5ecca5 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -436,10 +436,16 @@ refresh_keys() { }
verify_sig() { - if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then + local fd="$(mktemp)" + exec 4>"${fd}" + "${GPG_PACMAN[@]}" --status-fd 4 --verify $SIGNATURE + exec 4>&- + if ! grep -q TRUST_FULLY "${fd}"; then + rm -f "${fd}" error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE" exit 1 fi + rm -f "${fd}" }
updatedb() {
On 25/03/12 22:10, Pierre Schmitz wrote:
We cannot rely on gpg's exit code. Instead we have to check the status-fd to figoure out whether a signature is valid or not.
typo ^
In addition to this pacman-key --verify can now be used in scripts as it will return an exit code of 1 if the signature is invalid.
Signed-off-by: Pierre Schmitz pierre@archlinux.de
scripts/pacman-key.sh.in | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 4c02d7d..c5ecca5 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -436,10 +436,16 @@ refresh_keys() { }
verify_sig() {
- if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then
- local fd="$(mktemp)"
- exec 4>"${fd}"
- "${GPG_PACMAN[@]}" --status-fd 4 --verify $SIGNATURE
I think it would be safer to use --status-file here. We do that when verifying signatures in makepkg.
- exec 4>&-
- if ! grep -q TRUST_FULLY "${fd}"; then
rm -f "${fd}"- rm -f "${fd}"
}
updatedb() {
On 25/03/12 22:10, Pierre Schmitz wrote:
Do not bother the user with gpg's verbose output.
Signed-off-by: Pierre Schmitz pierre@archlinux.de
scripts/pacman-key.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 46773ac..4c02d7d 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -250,7 +250,7 @@ populate_keyring() { # Add keys from requested keyrings for keyring in "${KEYRINGIDS[@]}"; do msg "$(gettext "Appending keys from %s.gpg...")" "$keyring"
"${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
"${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" 2>/dev/null
Is the output on stderr? I am reluctant to remove real error output.
done
# Read the trusted key IDs to an array. Because this is an ownertrust @@ -275,12 +275,12 @@ populate_keyring() { msg "$(gettext "Locally signing trusted keys in keyring...")" for key_id in "${!trusted_ids[@]}"; do msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
"${GPG_PACMAN[@]}" --quiet --batch --yes --lsign-key "${key_id}"
"${GPG_PACMAN[@]}" --quiet --batch --yes --lsign-key "${key_id}" 2>/dev/null
"${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
"${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" 2>/dev/null fi
Am 25.03.2012 15:25, schrieb Allan McRae:
On 25/03/12 22:10, Pierre Schmitz wrote:
Do not bother the user with gpg's verbose output.
Signed-off-by: Pierre Schmitz pierre@archlinux.de
scripts/pacman-key.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 46773ac..4c02d7d 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -250,7 +250,7 @@ populate_keyring() { # Add keys from requested keyrings for keyring in "${KEYRINGIDS[@]}"; do msg "$(gettext "Appending keys from %s.gpg...")" "$keyring"
"${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
"${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" 2>/dev/nullIs the output on stderr? I am reluctant to remove real error output.
There shouldn't be much critical output here. But gpg also accepts the --quiet flag here which still outputs useless data but much less.
Do not bother the user with gpg's verbose output.
Signed-off-by: Pierre Schmitz pierre@archlinux.de --- scripts/pacman-key.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 46773ac..b4bad1d 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -250,7 +250,7 @@ populate_keyring() { # Add keys from requested keyrings for keyring in "${KEYRINGIDS[@]}"; do msg "$(gettext "Appending keys from %s.gpg...")" "$keyring" - "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" + "${GPG_PACMAN[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" done
# Read the trusted key IDs to an array. Because this is an ownertrust @@ -275,12 +275,12 @@ populate_keyring() { msg "$(gettext "Locally signing trusted keys in keyring...")" for key_id in "${!trusted_ids[@]}"; do msg2 "$(gettext "Locally signing key %s...")" "${key_id}" - "${GPG_PACMAN[@]}" --quiet --batch --yes --lsign-key "${key_id}" + "${GPG_PACMAN[@]}" --quiet --batch --yes --lsign-key "${key_id}" 2>/dev/null done msg "$(gettext "Importing owner trust values...")" for keyring in "${KEYRINGIDS[@]}"; do if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then - "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" + "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" 2>/dev/null fi done fi
We cannot rely on gpg's exit code. Instead we have to check the status-fd to figure out whether a signature is valid or not.
In addition to this pacman-key --verify can now be used in scripts as it will return an exit code of 1 if the signature is invalid.
Signed-off-by: Pierre Schmitz pierre@archlinux.de --- scripts/pacman-key.sh.in | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index b4bad1d..081a10a 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -436,10 +436,14 @@ refresh_keys() { }
verify_sig() { - if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then + local fd="$(mktemp)" + "${GPG_PACMAN[@]}" --status-file "${fd}" --verify $SIGNATURE + if ! grep -q TRUST_FULLY "${fd}"; then + rm -f "${fd}" error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE" exit 1 fi + rm -f "${fd}" }
updatedb() {
pacman-dev@lists.archlinux.org