[pacman-dev] [PATCH 1/2] pacman-key: added verbose to commandline options
Signed-off-by: Matthew Sexton
To cut down on spam during --populate, both locally signing and
revoking keys now hide the specific keys being signed or revoked,
but can be shown with --verbose. A count was added, to show the
number of keys signed/revoked during the process.
This commit closes:
FS#64142 - pacman-key: make populate less noisy
Signed-off-by: Matthew Sexton
On 4/11/19 3:14 am, Matthew Sexton wrote:
To cut down on spam during --populate, both locally signing and revoking keys now hide the specific keys being signed or revoked, but can be shown with --verbose. A count was added, to show the number of keys signed/revoked during the process.
Typo in commit subject - hid -> hide. Also change "spam" to output.
This commit closes: FS#64142 - pacman-key: make populate less noisy
There is an addition comment in the bug: "Additionally, we should consider only counting keys to be disabled that are not currently disabled. Same with lsign key." So, partially implements FS#64142. Minor comment below.
Signed-off-by: Matthew Sexton
--- scripts/pacman-key.sh.in | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index a59dba52..4eea248b 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -334,11 +334,16 @@ populate_keyring() { done
if (( ${#revoked_ids[@]} > 0 )); then + local key_count=0 msg "$(gettext "Disabling revoked keys in keyring...")" for key_id in "${!revoked_ids[@]}"; do - msg2 "$(gettext "Disabling key %s...")" "${key_id}" + key_count=$((key_count+1))
Putting the key counting at the end would be useful if in the future we detect those keys already disabled and don't re-disable them.
+ if (( VERBOSE )); then + msg2 "$(gettext "Disabling key %s...")" "${key_id}" + fi printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null done + msg2 "$(gettext "Disabled %s keys.")" "${key_count}" fi }
@@ -447,19 +452,24 @@ lsign_keys() { check_keyids_exist
local ret=0 + local key_count=0 for key_id in "$@"; do - msg2 "$(gettext "Locally signing key %s...")" "${key_id}" + if (( VERBOSE )); then + msg2 "$(gettext "Locally signing key %s...")" "${key_id}" + fi # we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null if (( PIPESTATUS[1] )); then error "$(gettext "%s could not be locally signed.")" "${key_id}" ret=1 fi + key_count=$((key_count+1)) done
if (( ret )); then exit 1 fi + msg2 "$(gettext "Locally signed %s keys.")" "${key_count}" }
receive_keys() {
On 11/3/19 6:35 PM, Allan McRae wrote:
This commit closes: FS#64142 - pacman-key: make populate less noisy
There is an addition comment in the bug: "Additionally, we should consider only counting keys to be disabled that are not currently disabled. Same with lsign key."
So, partially implements FS#64142.
So I dug around in /usr/share/doc/gnupg/DETAILS and I think I basically
know what we need to get the rest of the way there. gpg --with-colons
will be our friend here. We'll need to:
figure out the keyid of the local master key (secret key):
$ gpg --homedir /etc/pacman.d/gnupg --no-permission-warning
--with-colons --list-secret-key
sec:u:2048:1:2150A73FE449203E:1539640294:::u:::scSC:::+:::23::0:
fpr:::::::::708A83C140BD668A8D52DDFF2150A73FE449203E:
grp:::::::::2595A2681C2DA4806EC088E4DF877DA80528FEB5:
uid:u::::1539640294::79311EDEA01302E0DBBB2F33AE799F8BB677652F::Pacman
Keyring Master Key
On 4/11/19 3:14 am, Matthew Sexton wrote:
Signed-off-by: Matthew Sexton
I'm OK with adding this option in a separate patch that does not use it. But note in the commit message that it currently does nothing. Couple of minor points below.
--- scripts/pacman-key.sh.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 05aab0c2..a59dba52 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -51,6 +51,7 @@ REFRESH=0 UPDATEDB=0 USE_COLOR='y' VERIFY=0 +VERBOSE=0
usage() { printf "pacman-key (pacman) %s\n" ${myver} @@ -77,6 +78,7 @@ usage() { printf -- "$(gettext " --populate Reload the default keys from the (given) keyrings\n\ in '%s'")\n" "@pkgdatadir@/keyrings" printf -- "$(gettext " --refresh-keys Update specified or all keys from a keyserver")\n" + printf -- "$(gettext " --verbose Show extra information")\n" echo printf -- "$(gettext "Options:")\n" printf -- "$(gettext " --config <file> Use an alternate config file (instead of\n\ @@ -541,7 +543,7 @@ OPT_SHORT="adefhlruvV" OPT_LONG=('add' 'config:' 'delete' 'edit-key' 'export' 'finger' 'gpgdir:' 'help' 'import' 'import-trustdb' 'init' 'keyserver:' 'list-keys' 'list-sigs' 'lsign-key' 'nocolor' 'populate' 'recv-keys' 'refresh-keys' 'updatedb' - 'verify' 'version') + 'verify' 'version' 'verbose')
These are in alphabetical order.
if ! parseopts "$OPT_SHORT" "${OPT_LONG[@]}" -- "$@"; then exit 1 # E_INVALID_OPTION fi @@ -575,6 +577,7 @@ while (( $# )); do --refresh-keys) REFRESH=1 ;; -u|--updatedb) UPDATEDB=1 ;; -v|--verify) VERIFY=1 ;; + --verbose) VERBOSE=1 ;;
Align with spaces.
-h|--help) usage; exit 0 ;; -V|--version) version; exit 0 ;;
participants (3)
-
Allan McRae
-
Eli Schwartz
-
Matthew Sexton