[pacman-dev] [PATCH 1/7] makepkg, pacman-key: unify help message with other scripts
From: Ivan Kanakarakis <ivan.kanak@gmail.com> The help message changed to match the one rankmirrors script has. It's clearer as to what the --help switch does. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/makepkg.sh.in | 2 +- scripts/pacman-key.sh.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 70d3cf3..3d5184a 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1607,7 +1607,7 @@ usage() { echo "$(gettext " -e, --noextract Do not extract source files (use existing src/ dir)")" echo "$(gettext " -f, --force Overwrite existing package")" echo "$(gettext " -g, --geninteg Generate integrity checks for source files")" - echo "$(gettext " -h, --help This help")" + echo "$(gettext " -h, --help Show this help message and exit")" echo "$(gettext " -i, --install Install package after successful build")" echo "$(gettext " -L, --log Log package build process")" echo "$(gettext " -m, --nocolor Disable colorized output messages")" diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 89e52fc..82268c9 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -63,7 +63,7 @@ usage() { echo "$(gettext " -d, --del <keyid(s)> Remove the specified keyids")" echo "$(gettext " -e, --export <keyid(s)> Export the specified keyids")" echo "$(gettext " -f, --finger [<keyid(s)>] List fingerprint for specified or all keyids")" - echo "$(gettext " -h, --help This help")" + echo "$(gettext " -h, --help Show this help message and exit")" echo "$(gettext " -l, --list List keys")" echo "$(gettext " -r, --receive <keyserver> <keyid(s)> Fetch the specified keyids")" echo "$(gettext " -t, --trust <keyid(s)> Set the trust level of the given keyids")" -- 1.7.4.4
From: Ivan Kanakarakis <ivan.kanak@gmail.com> If the user provides an unsupported command, inform the user that this switch is unknown, display usage and exit. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/pacman-key.sh.in | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 82268c9..73f4a77 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -321,5 +321,6 @@ case "${command}" in -V|--version) version; exit 0 ;; *) + error "$(gettext "Unknown command:") $command" usage; exit 1 ;; esac -- 1.7.4.4
From: Ivan Kanakarakis <ivan.kanak@gmail.com> This commit replaces the find_config() function with the get_from() function. get_from expects two arguments, the first is the file to read and the second is the key to look for in the given file. get_from returns the first matching value for the given key. The file is expected to be in the format: key = value Each of 'key' 'equal sign' 'value' can be surrounded be random whitespace. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/pacman-key.sh.in | 22 +++++++++++++--------- 1 files changed, 13 insertions(+), 9 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 73f4a77..c092989 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -82,11 +82,17 @@ This is free software; see the source for copying conditions.\n\ There is NO WARRANTY, to the extent permitted by law.\n")" } -find_config() { - # Prints on stdin the values of all the options from the configuration file that - # are associated with the first parameter of this function. - # The option names are stripped - grep -e "^[[:blank:]]*$1[[:blank:]]*=.*" "$CONFIG" | cut -d= -f 2- +# Read provided file and search for values matching the given key +# The contents of the file are expected to be in this format: key = value +# 'key', 'equal sign' and 'value' can be surrounded by random whitespace +# Usage: get_from "$file" "$key" # returns the value for the first matching key in the file +get_from() { + while read key _ value; do + if [[ $key = $2 ]]; then + echo "$value" + break + fi + done < "$1" } reload_keyring() { @@ -154,7 +160,7 @@ reload_keyring() { fi # List of keys that must be kept installed, even if in the list of keys to be removed - local HOLD_KEYS=$(find_config "HoldKeys") + local HOLD_KEYS=$(get_from "$CONFIG" "HoldKeys") # Remove the keys that must be kept from the set of keys that should be removed if [[ -n ${HOLD_KEYS} ]]; then @@ -239,9 +245,7 @@ if [[ ! -r "${CONFIG}" ]]; then fi # Read GPGDIR from $CONFIG. -# The pattern is: any spaces or tabs, GPGDir, any spaces or tabs, equal sign -# and the rest of the line. The string is splitted after the first occurrence of = -if [[ GPGDIR=$(find_config "GPGDir") == 0 ]]; then +if [[ GPGDIR=$(get_from "$CONFIG" "GPGDir") == 0 ]]; then PACMAN_KEYRING_DIR="${GPGDIR}" fi GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" -- 1.7.4.4
On Thu, Apr 21, 2011 at 8:59 AM, <ivan.kanak@gmail.com> wrote:
From: Ivan Kanakarakis <ivan.kanak@gmail.com>
This commit replaces the find_config() function with the get_from() function. get_from expects two arguments, the first is the file to read and the second is the key to look for in the given file. get_from returns the first matching value for the given key. The file is expected to be in the format: key = value Each of 'key' 'equal sign' 'value' can be surrounded be random whitespace.
No objection to this, but you explained the "what". What is the "why" on this one? -Dan
On 21 April 2011 19:52, Dan McGee <dpmcgee@gmail.com> wrote:
On Thu, Apr 21, 2011 at 8:59 AM, <ivan.kanak@gmail.com> wrote:
From: Ivan Kanakarakis <ivan.kanak@gmail.com>
This commit replaces the find_config() function with the get_from() function. get_from expects two arguments, the first is the file to read and the second is the key to look for in the given file. get_from returns the first matching value for the given key. The file is expected to be in the format: key = value Each of 'key' 'equal sign' 'value' can be surrounded be random whitespace.
No objection to this, but you explained the "what". What is the "why" on this one?
-Dan
I find this safer and easier to understand/read instead of a regex. A regex can hide flaws not apparent in first sight. More of a code-reading and keep my head in peace issue, for me. -- Ivan c00kiemon5ter V Kanak http://c00kiemon5ter.github.com
From: Ivan Kanakarakis <ivan.kanak@gmail.com> This commit adds quotes to several variable assignments. Unquoted values can cause problems on several occasions if the value is empty. It is safer to have every assignment quoted. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/pacman-key.sh.in | 24 ++++++++++++------------ 1 files changed, 12 insertions(+), 12 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index c092989..7b9c853 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -27,23 +27,23 @@ export TEXTDOMAINDIR='@localedir@' myver="@PACKAGE_VERSION@" msg() { - local mesg=$1; shift + local mesg="$1"; shift printf "==> ${mesg}\n" "$@" >&1 } msg2() { (( QUIET )) && return - local mesg=$1; shift + local mesg="$1"; shift printf " -> ${mesg}\n" "$@" >&1 } warning() { - local mesg=$1; shift + local mesg="$1"; shift printf "==> $(gettext "WARNING:") ${mesg}\n" "$@" >&2 } error() { - local mesg=$1; shift + local mesg="$1"; shift printf "==> $(gettext "ERROR:") ${mesg}\n" "$@" >&2 } @@ -145,12 +145,12 @@ reload_keyring() { if [[ -r "${REMOVED_KEYS}" ]]; then while read key; do local key_values name - key_values=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ') + key_values="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')" if [[ -n $key_values ]]; then # The first word is the key_id - key_id=${key_values%% *} + key_id="${key_values%% *}" # the rest if the name of the owner - name=${key_values#* } + name="${key_values#* }" if [[ -n ${key_id} ]]; then # Mark this key to be deleted removed_ids[$key_id]="$name" @@ -160,12 +160,12 @@ reload_keyring() { fi # List of keys that must be kept installed, even if in the list of keys to be removed - local HOLD_KEYS=$(get_from "$CONFIG" "HoldKeys") + local HOLD_KEYS="$(get_from "$CONFIG" "HoldKeys")" # Remove the keys that must be kept from the set of keys that should be removed if [[ -n ${HOLD_KEYS} ]]; then for key in ${HOLD_KEYS}; do - key_id=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5) + key_id="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)" if [[ -n "${removed_ids[$key_id]}" ]]; then unset removed_ids[$key_id] fi @@ -176,7 +176,7 @@ reload_keyring() { # be updated automatically. if [[ -r "${ADDED_KEYS}" ]]; then msg "$(gettext "Appending official keys...")" - local add_keys=$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + local add_keys="$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)" for key_id in ${add_keys}; do # There is no point in adding a key that will be deleted right after if [[ -z "${removed_ids[$key_id]}" ]]; then @@ -187,7 +187,7 @@ reload_keyring() { if [[ -r "${DEPRECATED_KEYS}" ]]; then msg "$(gettext "Appending deprecated keys...")" - local add_keys=$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + local add_keys="$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)" for key_id in ${add_keys}; do # There is no point in adding a key that will be deleted right after if [[ -z "${removed_ids[$key_id]}" ]]; then @@ -245,7 +245,7 @@ if [[ ! -r "${CONFIG}" ]]; then fi # Read GPGDIR from $CONFIG. -if [[ GPGDIR=$(get_from "$CONFIG" "GPGDir") == 0 ]]; then +if [[ GPGDIR="$(get_from "$CONFIG" "GPGDir")" == 0 ]]; then PACMAN_KEYRING_DIR="${GPGDIR}" fi GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" -- 1.7.4.4
On Thu, Apr 21, 2011 at 8:59 AM, <ivan.kanak@gmail.com> wrote:
From: Ivan Kanakarakis <ivan.kanak@gmail.com>
This commit adds quotes to several variable assignments. Unquoted values can cause problems on several occasions if the value is empty. It is safer to have every assignment quoted.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/pacman-key.sh.in | 24 ++++++++++++------------ 1 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index c092989..7b9c853 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -27,23 +27,23 @@ export TEXTDOMAINDIR='@localedir@' myver="@PACKAGE_VERSION@"
msg() { - local mesg=$1; shift + local mesg="$1"; shift printf "==> ${mesg}\n" "$@" >&1 }
msg2() { (( QUIET )) && return - local mesg=$1; shift + local mesg="$1"; shift printf " -> ${mesg}\n" "$@" >&1 }
warning() { - local mesg=$1; shift + local mesg="$1"; shift printf "==> $(gettext "WARNING:") ${mesg}\n" "$@" >&2 }
error() { - local mesg=$1; shift + local mesg="$1"; shift printf "==> $(gettext "ERROR:") ${mesg}\n" "$@" >&2 }
First, I don't think these ones are even necessary. Second, this doesn't belong in this commit if so, as you have several other places that would need to be fixed cross-script as these are common methods. dmcgee@galway ~/projects/pacman (master) $ git grep 'mesg=' | cat contrib/pacscripts.in: local mesg=$1; shift scripts/makepkg.sh.in: local mesg=$1; shift scripts/makepkg.sh.in: local mesg=$1; shift scripts/makepkg.sh.in: local mesg=$1; shift scripts/makepkg.sh.in: local mesg=$1; shift scripts/makepkg.sh.in: local mesg=$1; shift scripts/pacman-db-upgrade.sh.in: local mesg=$1; shift scripts/pacman-db-upgrade.sh.in: local mesg=$1; shift scripts/pacman-key.sh.in: local mesg=$1; shift scripts/pacman-key.sh.in: local mesg=$1; shift scripts/pacman-key.sh.in: local mesg=$1; shift scripts/pacman-key.sh.in: local mesg=$1; shift scripts/pacman-optimize.sh.in: local mesg=$1; shift scripts/pacman-optimize.sh.in: local mesg=$1; shift scripts/pkgdelta.sh.in: local mesg=$1; shift scripts/pkgdelta.sh.in: local mesg=$1; shift scripts/pkgdelta.sh.in: local mesg=$1; shift scripts/repo-add.sh.in: local mesg=$1; shift scripts/repo-add.sh.in: local mesg=$1; shift scripts/repo-add.sh.in: local mesg=$1; shift scripts/repo-add.sh.in: local mesg=$1; shift
@@ -145,12 +145,12 @@ reload_keyring() { if [[ -r "${REMOVED_KEYS}" ]]; then while read key; do local key_values name - key_values=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ') + key_values="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')" if [[ -n $key_values ]]; then # The first word is the key_id - key_id=${key_values%% *} + key_id="${key_values%% *}" # the rest if the name of the owner - name=${key_values#* } + name="${key_values#* }" if [[ -n ${key_id} ]]; then # Mark this key to be deleted removed_ids[$key_id]="$name" @@ -160,12 +160,12 @@ reload_keyring() { fi
# List of keys that must be kept installed, even if in the list of keys to be removed - local HOLD_KEYS=$(get_from "$CONFIG" "HoldKeys") + local HOLD_KEYS="$(get_from "$CONFIG" "HoldKeys")"
# Remove the keys that must be kept from the set of keys that should be removed if [[ -n ${HOLD_KEYS} ]]; then for key in ${HOLD_KEYS}; do - key_id=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5) + key_id="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)" if [[ -n "${removed_ids[$key_id]}" ]]; then unset removed_ids[$key_id] fi @@ -176,7 +176,7 @@ reload_keyring() { # be updated automatically. if [[ -r "${ADDED_KEYS}" ]]; then msg "$(gettext "Appending official keys...")" - local add_keys=$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + local add_keys="$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)" for key_id in ${add_keys}; do # There is no point in adding a key that will be deleted right after if [[ -z "${removed_ids[$key_id]}" ]]; then @@ -187,7 +187,7 @@ reload_keyring() {
if [[ -r "${DEPRECATED_KEYS}" ]]; then msg "$(gettext "Appending deprecated keys...")" - local add_keys=$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + local add_keys="$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)" for key_id in ${add_keys}; do # There is no point in adding a key that will be deleted right after if [[ -z "${removed_ids[$key_id]}" ]]; then @@ -245,7 +245,7 @@ if [[ ! -r "${CONFIG}" ]]; then fi
# Read GPGDIR from $CONFIG. -if [[ GPGDIR=$(get_from "$CONFIG" "GPGDir") == 0 ]]; then +if [[ GPGDIR="$(get_from "$CONFIG" "GPGDir")" == 0 ]]; then PACMAN_KEYRING_DIR="${GPGDIR}" fi GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning"
No objection to the rest of it, however. -Dan
From: Ivan Kanakarakis <ivan.kanak@gmail.com> This commit correctly redirects to /dev/null the output of several commands that get executed on logic checks. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/pacman-key.sh.in | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 7b9c853..b5fca2b 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -116,7 +116,7 @@ reload_keyring() { # Verify signatures of related files, if they exist if [[ -r "${ADDED_KEYS}" ]]; then msg "$(gettext "Verifying official keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then + if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}" exit 1 fi @@ -124,7 +124,7 @@ reload_keyring() { if [[ -r "${DEPRECATED_KEYS}" ]]; then msg "$(gettext "Verifying deprecated keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then + if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}" exit 1 fi @@ -132,7 +132,7 @@ reload_keyring() { if [[ -r "${REMOVED_KEYS}" ]]; then msg "$(gettext "Verifying deleted keys file signature...")" - if ! ${GPG_PACMAN} --quiet --batch --verify "${REMOVED_KEYS}.sig"; then + if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}" exit 1 fi @@ -218,7 +218,7 @@ if ! type gettext &>/dev/null; then fi if [[ $1 != "--version" && $1 != "-V" && $1 != "--help" && $1 != "-h" && $1 != "" ]]; then - if type -p gpg >/dev/null 2>&1 = 1; then + if ! type -p gpg &>/dev/null; then error "$(gettext "gnupg does not seem to be installed.")" msg2 "$(gettext "pacman-key requires gnupg for most operations.")" exit 1 @@ -306,7 +306,7 @@ case "${command}" in fi while (( $# > 0 )); do # Verify if the key exists in pacman's keyring - if ${GPG_PACMAN} --list-keys "$1" > /dev/null 2>&1; then + if ${GPG_PACMAN} --list-keys "$1" &>/dev/null; then ${GPG_PACMAN} --edit-key "$1" else error "$(gettext "The key identified by %s doesn't exist")" "$1" -- 1.7.4.4
On Thu, Apr 21, 2011 at 8:59 AM, <ivan.kanak@gmail.com> wrote:
From: Ivan Kanakarakis <ivan.kanak@gmail.com>
This commit correctly redirects to /dev/null the output of several commands that get executed on logic checks.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Why? I personally hate losing everything, especially stderr, to the trap that is /dev/null. Once there is problem most people like to know what is actually going on rather than our likely oversimplified error message. -Dan
On 21 April 2011 20:00, Dan McGee <dpmcgee@gmail.com> wrote:
On Thu, Apr 21, 2011 at 8:59 AM, <ivan.kanak@gmail.com> wrote:
From: Ivan Kanakarakis <ivan.kanak@gmail.com>
This commit correctly redirects to /dev/null the output of several commands that get executed on logic checks.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Why? I personally hate losing everything, especially stderr, to the trap that is /dev/null. Once there is problem most people like to know what is actually going on rather than our likely oversimplified error message.
-Dan
Of the 5 changes in this commit the last 2 hid stderr too. I'm used to hiding all output from a command in a logic check, and extensively checking return codes (provided the command returns different error codes for each failing case). I also see this as a more uniform style. Not something really important. -- Ivan c00kiemon5ter V Kanak http://c00kiemon5ter.github.com
From: Ivan Kanakarakis <ivan.kanak@gmail.com> This commit fixes handling of --help/-h --version/-V options. Previously $ pacman-key --help would return errors if the configuration file was missing or the user did not have root privileges. Same was for --version switch. Moreover this fixes a bug that caused the command line specified gpgdir (PACMAN_KEYRING_DIR) to be overridden by the values from the configuration file. The parsing now happens as follows: a. The script parses --config and/or --gpgdir if those are specified. These options should be the first arguments given to the script. b. The script reads the first command, that is the first argument after the --config and/or --gpgdir parsing is done. If no command was provided the script exits with an error. If the command is one of --help -h --version -V then it skip the checks that would otherwise be needed, executes those and exits. If the command is other, the script checks by order: - the dependencies are met (currently existence of gpg executable) - the user has root privileges - the configuration file is readable - the gpgdir is set and exists c. If all checks pass the command is matched to a case and the appropriate set of commands is executed. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/pacman-key.sh.in | 66 +++++++++++++++++++++++++--------------------- 1 files changed, 36 insertions(+), 30 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index b5fca2b..1d0229b 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -217,20 +217,11 @@ if ! type gettext &>/dev/null; then } fi -if [[ $1 != "--version" && $1 != "-V" && $1 != "--help" && $1 != "-h" && $1 != "" ]]; then - if ! type -p gpg &>/dev/null; then - error "$(gettext "gnupg does not seem to be installed.")" - msg2 "$(gettext "pacman-key requires gnupg for most operations.")" - exit 1 - elif (( EUID != 0 )); then - error "$(gettext "pacman-key needs to be run as root.")" - exit 1 - fi -fi +# Set default values +CONFIG_DEF="@sysconfdir@/pacman.conf" +PACMAN_KEYRING_DIR_DEF="@sysconfdir@/pacman.d/gnupg" -# Parse global options -CONFIG="@sysconfdir@/pacman.conf" -PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg" +# Parse command line options while [[ $1 =~ ^--(config|gpgdir)$ ]]; do case "$1" in --config) shift; CONFIG="$1" ;; @@ -239,23 +230,7 @@ while [[ $1 =~ ^--(config|gpgdir)$ ]]; do shift done -if [[ ! -r "${CONFIG}" ]]; then - error "$(gettext "%s not found.")" "$CONFIG" - exit 1 -fi - -# Read GPGDIR from $CONFIG. -if [[ GPGDIR="$(get_from "$CONFIG" "GPGDir")" == 0 ]]; then - PACMAN_KEYRING_DIR="${GPGDIR}" -fi -GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" - -# Try to create $PACMAN_KEYRING_DIR if non-existent -# Check for simple existence rather than for a directory as someone may want -# to use a symlink here -[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}" - -# Parse and execute command +# Parse the command command="$1" if [[ -z "${command}" ]]; then usage @@ -263,6 +238,37 @@ if [[ -z "${command}" ]]; then fi shift +# If command is --help/-h or --version/-V then skip checks and execute those +if [[ ! ${command} =~ ^(--help|-h|--version|-V)$ ]]; then + # check dependencies + if ! type -p gpg &>/dev/null; then + error "$(gettext "gnupg does not seem to be installed.")" + msg2 "$(gettext "pacman-key requires gnupg for most operations.")" + exit 1 + fi + # check permissions + if (( ! EUID )); then + error "$(gettext "pacman-key needs to be run as root.")" + exit 1 + fi + # Use the default CONFIG if the user didn't specify one + # If configuration file is not readable use the default + # even if it was specified by the user with --config + [[ ! -r $CONFIG ]] && CONFIG="$CONFIG_DEF" + # if the user didn't specify PACMAN_KEYRING_DIR + # then read GPGDir from the configuration file + [[ -z $PACMAN_KEYRING_DIR ]] && PACMAN_KEYRING_DIR="$(get_from "$CONFIG" "GPGDir")" + # if no such setting exists, use the default value + [[ -z $PACMAN_KEYRING_DIR ]] && PACMAN_KEYRING_DIR="$PACMAN_KEYRING_DIR_DEF" + # Try to create $PACMAN_KEYRING_DIR if non-existent + # Check for simple existence rather than a directory + # as someone may want to use a symlink here + [[ ! -e ${PACMAN_KEYRING_DIR} ]] && mkdir -p -m 755 "${PACMAN_KEYRING_DIR}" +fi + +GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" + +# Execute the command case "${command}" in -a|--add) # If there is no extra parameter, gpg will read stdin -- 1.7.4.4
On Thu, Apr 21, 2011 at 8:59 AM, <ivan.kanak@gmail.com> wrote:
From: Ivan Kanakarakis <ivan.kanak@gmail.com>
This commit fixes handling of --help/-h --version/-V options. Previously $ pacman-key --help would return errors if the configuration file was missing or the user did not have root privileges. Same was for --version switch. Moreover this fixes a bug that caused the command line specified gpgdir (PACMAN_KEYRING_DIR) to be overridden by the values from the configuration file.
The parsing now happens as follows: a. The script parses --config and/or --gpgdir if those are specified. These options should be the first arguments given to the script. b. The script reads the first command, that is the first argument after the --config and/or --gpgdir parsing is done. If no command was provided the script exits with an error. If the command is one of --help -h --version -V then it skip the checks that would otherwise be needed, executes those and exits. If the command is other, the script checks by order: - the dependencies are met (currently existence of gpg executable) - the user has root privileges - the configuration file is readable - the gpgdir is set and exists c. If all checks pass the command is matched to a case and the appropriate set of commands is executed.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/pacman-key.sh.in | 66 +++++++++++++++++++++++++--------------------- 1 files changed, 36 insertions(+), 30 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index b5fca2b..1d0229b 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -217,20 +217,11 @@ if ! type gettext &>/dev/null; then } fi
-if [[ $1 != "--version" && $1 != "-V" && $1 != "--help" && $1 != "-h" && $1 != "" ]]; then - if ! type -p gpg &>/dev/null; then - error "$(gettext "gnupg does not seem to be installed.")" - msg2 "$(gettext "pacman-key requires gnupg for most operations.")" - exit 1 - elif (( EUID != 0 )); then - error "$(gettext "pacman-key needs to be run as root.")" - exit 1 - fi -fi +# Set default values +CONFIG_DEF="@sysconfdir@/pacman.conf" +PACMAN_KEYRING_DIR_DEF="@sysconfdir@/pacman.d/gnupg"
-# Parse global options -CONFIG="@sysconfdir@/pacman.conf" -PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg" +# Parse command line options while [[ $1 =~ ^--(config|gpgdir)$ ]]; do case "$1" in --config) shift; CONFIG="$1" ;; @@ -239,23 +230,7 @@ while [[ $1 =~ ^--(config|gpgdir)$ ]]; do shift done
-if [[ ! -r "${CONFIG}" ]]; then - error "$(gettext "%s not found.")" "$CONFIG" - exit 1 -fi - -# Read GPGDIR from $CONFIG. -if [[ GPGDIR="$(get_from "$CONFIG" "GPGDir")" == 0 ]]; then - PACMAN_KEYRING_DIR="${GPGDIR}" -fi -GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" - -# Try to create $PACMAN_KEYRING_DIR if non-existent -# Check for simple existence rather than for a directory as someone may want -# to use a symlink here -[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}" - -# Parse and execute command +# Parse the command command="$1" if [[ -z "${command}" ]]; then usage @@ -263,6 +238,37 @@ if [[ -z "${command}" ]]; then fi shift
+# If command is --help/-h or --version/-V then skip checks and execute those +if [[ ! ${command} =~ ^(--help|-h|--version|-V)$ ]]; then + # check dependencies + if ! type -p gpg &>/dev/null; then + error "$(gettext "gnupg does not seem to be installed.")" + msg2 "$(gettext "pacman-key requires gnupg for most operations.")" + exit 1 + fi + # check permissions + if (( ! EUID )); then + error "$(gettext "pacman-key needs to be run as root.")" + exit 1 + fi + # Use the default CONFIG if the user didn't specify one + # If configuration file is not readable use the default + # even if it was specified by the user with --config -1 from me. This makes no sense other than confusion for the user. If I specify a bogus or unreadable file, blow up on me. Fixing this to not be magic also means you don't need CONFIG_DEF at all either.
+ [[ ! -r $CONFIG ]] && CONFIG="$CONFIG_DEF" + # if the user didn't specify PACMAN_KEYRING_DIR + # then read GPGDir from the configuration file + [[ -z $PACMAN_KEYRING_DIR ]] && PACMAN_KEYRING_DIR="$(get_from "$CONFIG" "GPGDir")" + # if no such setting exists, use the default value + [[ -z $PACMAN_KEYRING_DIR ]] && PACMAN_KEYRING_DIR="$PACMAN_KEYRING_DIR_DEF" + # Try to create $PACMAN_KEYRING_DIR if non-existent + # Check for simple existence rather than a directory + # as someone may want to use a symlink here + [[ ! -e ${PACMAN_KEYRING_DIR} ]] && mkdir -p -m 755 "${PACMAN_KEYRING_DIR}" +fi + +GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" + +# Execute the command case "${command}" in -a|--add) # If there is no extra parameter, gpg will read stdin --
Looks OK to me otherwise, but I'll let Allan weigh in as well. -Dan
On 21 April 2011 20:08, Dan McGee <dpmcgee@gmail.com> wrote:
From: Ivan Kanakarakis <ivan.kanak@gmail.com>
This commit fixes handling of --help/-h --version/-V options. Previously $ pacman-key --help would return errors if the configuration file was missing or the user did not have root privileges. Same was for --version switch. Moreover this fixes a bug that caused the command line specified gpgdir (PACMAN_KEYRING_DIR) to be overridden by the values from the configuration file.
The parsing now happens as follows: a. The script parses --config and/or --gpgdir if those are specified. These options should be the first arguments given to the script. b. The script reads the first command, that is the first argument after the --config and/or --gpgdir parsing is done. If no command was provided the script exits with an error. If the command is one of --help -h --version -V then it skip the checks that would otherwise be needed, executes those and exits. If the command is other, the script checks by order: - the dependencies are met (currently existence of gpg executable) - the user has root privileges - the configuration file is readable - the gpgdir is set and exists c. If all checks pass the command is matched to a case and the appropriate set of commands is executed.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/pacman-key.sh.in | 66 +++++++++++++++++++++++++--------------------- 1 files changed, 36 insertions(+), 30 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index b5fca2b..1d0229b 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -217,20 +217,11 @@ if ! type gettext &>/dev/null; then } fi
-if [[ $1 != "--version" && $1 != "-V" && $1 != "--help" && $1 != "-h" && $1 != "" ]]; then - if ! type -p gpg &>/dev/null; then - error "$(gettext "gnupg does not seem to be installed.")" - msg2 "$(gettext "pacman-key requires gnupg for most operations.")" - exit 1 - elif (( EUID != 0 )); then - error "$(gettext "pacman-key needs to be run as root.")" - exit 1 - fi -fi +# Set default values +CONFIG_DEF="@sysconfdir@/pacman.conf" +PACMAN_KEYRING_DIR_DEF="@sysconfdir@/pacman.d/gnupg"
-# Parse global options -CONFIG="@sysconfdir@/pacman.conf" -PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg" +# Parse command line options while [[ $1 =~ ^--(config|gpgdir)$ ]]; do case "$1" in --config) shift; CONFIG="$1" ;; @@ -239,23 +230,7 @@ while [[ $1 =~ ^--(config|gpgdir)$ ]]; do shift done
-if [[ ! -r "${CONFIG}" ]]; then - error "$(gettext "%s not found.")" "$CONFIG" - exit 1 -fi - -# Read GPGDIR from $CONFIG. -if [[ GPGDIR="$(get_from "$CONFIG" "GPGDir")" == 0 ]]; then - PACMAN_KEYRING_DIR="${GPGDIR}" -fi -GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" - -# Try to create $PACMAN_KEYRING_DIR if non-existent -# Check for simple existence rather than for a directory as someone may want -# to use a symlink here -[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}" - -# Parse and execute command +# Parse the command command="$1" if [[ -z "${command}" ]]; then usage @@ -263,6 +238,37 @@ if [[ -z "${command}" ]]; then fi shift
+# If command is --help/-h or --version/-V then skip checks and execute
On Thu, Apr 21, 2011 at 8:59 AM, <ivan.kanak@gmail.com> wrote: those
+if [[ ! ${command} =~ ^(--help|-h|--version|-V)$ ]]; then + # check dependencies + if ! type -p gpg &>/dev/null; then + error "$(gettext "gnupg does not seem to be installed.")" + msg2 "$(gettext "pacman-key requires gnupg for most operations.")" + exit 1 + fi + # check permissions + if (( ! EUID )); then + error "$(gettext "pacman-key needs to be run as root.")" + exit 1 + fi + # Use the default CONFIG if the user didn't specify one + # If configuration file is not readable use the default + # even if it was specified by the user with --config -1 from me. This makes no sense other than confusion for the user. If I specify a bogus or unreadable file, blow up on me. Fixing this to not be magic also means you don't need CONFIG_DEF at all either.
Oh, I agree on this. I had an error message there informing the user that the configuration was unreadable and that the script would fall back to the default. I missed it on this commit, sorry.
+ [[ ! -r $CONFIG ]] && CONFIG="$CONFIG_DEF" + # if the user didn't specify PACMAN_KEYRING_DIR + # then read GPGDir from the configuration file + [[ -z $PACMAN_KEYRING_DIR ]] && PACMAN_KEYRING_DIR="$(get_from "$CONFIG" "GPGDir")" + # if no such setting exists, use the default value + [[ -z $PACMAN_KEYRING_DIR ]] && PACMAN_KEYRING_DIR="$PACMAN_KEYRING_DIR_DEF" + # Try to create $PACMAN_KEYRING_DIR if non-existent + # Check for simple existence rather than a directory + # as someone may want to use a symlink here + [[ ! -e ${PACMAN_KEYRING_DIR} ]] && mkdir -p -m 755 "${PACMAN_KEYRING_DIR}" +fi + +GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" + +# Execute the command case "${command}" in -a|--add) # If there is no extra parameter, gpg will read stdin --
Looks OK to me otherwise, but I'll let Allan weigh in as well.
-Dan
-- Ivan c00kiemon5ter V Kanak http://c00kiemon5ter.github.com
From: Ivan Kanakarakis <ivan.kanak@gmail.com> This commit fixes handling of --help/-h --version/-V options. Previously $ pacman-key --help would return errors if the configuration file was missing or the user did not have root privileges. Same was for --version switch. Moreover this fixes a bug that caused the command line specified gpgdir (PACMAN_KEYRING_DIR) to be overridden by the values from the configuration file. The parsing now happens as follows: a. The script parses --config and/or --gpgdir if those are specified. These options should be the first arguments given to the script. b. The script reads the first command, that is the first argument after the --config and/or --gpgdir parsing is done. If no command was provided the script exits with an error. If the command is one of --help -h --version -V then it skip the checks that would otherwise be needed, executes those and exits. If the command is other, the script checks by order: - the dependencies are met (currently existence of gpg executable) - the user has root privileges - the configuration file is readable - the gpgdir is set and exists c. If all checks pass the command is matched to a case and the appropriate set of commands is executed. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/pacman-key.sh.in | 69 ++++++++++++++++++++++++++-------------------- 1 files changed, 39 insertions(+), 30 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index b5fca2b..5a07784 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -217,20 +217,11 @@ if ! type gettext &>/dev/null; then } fi -if [[ $1 != "--version" && $1 != "-V" && $1 != "--help" && $1 != "-h" && $1 != "" ]]; then - if ! type -p gpg &>/dev/null; then - error "$(gettext "gnupg does not seem to be installed.")" - msg2 "$(gettext "pacman-key requires gnupg for most operations.")" - exit 1 - elif (( EUID != 0 )); then - error "$(gettext "pacman-key needs to be run as root.")" - exit 1 - fi -fi +# Set default values +CONFIG_DEF="@sysconfdir@/pacman.conf" +PACMAN_KEYRING_DIR_DEF="@sysconfdir@/pacman.d/gnupg" -# Parse global options -CONFIG="@sysconfdir@/pacman.conf" -PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg" +# Parse command line options while [[ $1 =~ ^--(config|gpgdir)$ ]]; do case "$1" in --config) shift; CONFIG="$1" ;; @@ -239,23 +230,7 @@ while [[ $1 =~ ^--(config|gpgdir)$ ]]; do shift done -if [[ ! -r "${CONFIG}" ]]; then - error "$(gettext "%s not found.")" "$CONFIG" - exit 1 -fi - -# Read GPGDIR from $CONFIG. -if [[ GPGDIR="$(get_from "$CONFIG" "GPGDir")" == 0 ]]; then - PACMAN_KEYRING_DIR="${GPGDIR}" -fi -GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" - -# Try to create $PACMAN_KEYRING_DIR if non-existent -# Check for simple existence rather than for a directory as someone may want -# to use a symlink here -[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}" - -# Parse and execute command +# Parse the command command="$1" if [[ -z "${command}" ]]; then usage @@ -263,6 +238,40 @@ if [[ -z "${command}" ]]; then fi shift +# If command is --help/-h or --version/-V then skip checks and execute those +if [[ ! ${command} =~ ^(--help|-h|--version|-V)$ ]]; then + # check dependencies + if ! type -p gpg &>/dev/null; then + error "$(gettext "gnupg does not seem to be installed.")" + msg2 "$(gettext "pacman-key requires gnupg for most operations.")" + exit 1 + fi + # check permissions + if (( ! EUID )); then + error "$(gettext "pacman-key needs to be run as root.")" + exit 1 + fi + # Use the default CONFIG if the user didn't specify one + [[ -z $CONFIG ]] && CONFIG="$CONFIG_DEF" + # If configuration file is not readable exit with error message + if [[ ! -r $CONFIG ]]; then + error "$(gettext "unreadable configuration file: %s")" "$CONFIG" + exit 1 + fi + # if the user didn't specify PACMAN_KEYRING_DIR + # then read GPGDir from the configuration file + [[ -z $PACMAN_KEYRING_DIR ]] && PACMAN_KEYRING_DIR="$(get_from "$CONFIG" "GPGDir")" + # if no such setting exists, use the default value + [[ -z $PACMAN_KEYRING_DIR ]] && PACMAN_KEYRING_DIR="$PACMAN_KEYRING_DIR_DEF" + # Try to create $PACMAN_KEYRING_DIR if non-existent + # Check for simple existence rather than a directory + # as someone may want to use a symlink here + [[ ! -e ${PACMAN_KEYRING_DIR} ]] && mkdir -p -m 755 "${PACMAN_KEYRING_DIR}" +fi + +GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" + +# Execute the command case "${command}" in -a|--add) # If there is no extra parameter, gpg will read stdin -- 1.7.4.4
From: Ivan Kanakarakis <ivan.kanak@gmail.com> This commit is just cosmetics-formatting fixing. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> --- scripts/pacman-key.sh.in | 423 +++++++++++++++++++++++----------------------- 1 files changed, 214 insertions(+), 209 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 1d0229b..41dc574 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -27,56 +27,56 @@ export TEXTDOMAINDIR='@localedir@' myver="@PACKAGE_VERSION@" msg() { - local mesg="$1"; shift - printf "==> ${mesg}\n" "$@" >&1 + local mesg="$1"; shift + printf "==> ${mesg}\n" "$@" >&1 } msg2() { - (( QUIET )) && return - local mesg="$1"; shift - printf " -> ${mesg}\n" "$@" >&1 + (( QUIET )) && return + local mesg="$1"; shift + printf " -> ${mesg}\n" "$@" >&1 } warning() { - local mesg="$1"; shift - printf "==> $(gettext "WARNING:") ${mesg}\n" "$@" >&2 + local mesg="$1"; shift + printf "==> $(gettext "WARNING:") ${mesg}\n" "$@" >&2 } error() { - local mesg="$1"; shift - printf "==> $(gettext "ERROR:") ${mesg}\n" "$@" >&2 + local mesg="$1"; shift + printf "==> $(gettext "ERROR:") ${mesg}\n" "$@" >&2 } usage() { - printf "pacman-key (pacman) %s\n" ${myver} - echo - printf "$(gettext "Usage: %s [options] <command> [arguments]")\n" $(basename $0) - echo - echo "$(gettext "Manage pacman's list of trusted keys")" - echo - echo "$(gettext "Options must be placed before commands. The available options are:")" - printf "$(gettext " --config <file> Use an alternate config file (instead of '%s')")\n" "$CONFIG" - echo "$(gettext " --gpgdir Set an alternate directory for gnupg")" - echo - echo "$(gettext "The available commands are:")" - echo "$(gettext " -a, --add [<file(s)>] Add the specified keys (empty for stdin)")" - echo "$(gettext " -d, --del <keyid(s)> Remove the specified keyids")" - echo "$(gettext " -e, --export <keyid(s)> Export the specified keyids")" - echo "$(gettext " -f, --finger [<keyid(s)>] List fingerprint for specified or all keyids")" - echo "$(gettext " -h, --help Show this help message and exit")" - echo "$(gettext " -l, --list List keys")" - echo "$(gettext " -r, --receive <keyserver> <keyid(s)> Fetch the specified keyids")" - echo "$(gettext " -t, --trust <keyid(s)> Set the trust level of the given keyids")" - echo "$(gettext " -u, --updatedb Update the trustdb of pacman")" - echo "$(gettext " -V, --version Show program version")" - echo "$(gettext " --adv <params> Use pacman's keyring with advanced gpg commands")" - printf "$(gettext " --reload Reload the default keys")" - echo + printf "pacman-key (pacman) %s\n" ${myver} + echo + printf "$(gettext "Usage: %s [options] <command> [arguments]")\n" $(basename $0) + echo + echo "$(gettext "Manage pacman's list of trusted keys")" + echo + echo "$(gettext "Options must be placed before commands. The available options are:")" + printf "$(gettext " --config <file> Use an alternate config file (instead of '%s')")\n" "$CONFIG" + echo "$(gettext " --gpgdir Set an alternate directory for gnupg")" + echo + echo "$(gettext "The available commands are:")" + echo "$(gettext " -a, --add [<file(s)>] Add the specified keys (empty for stdin)")" + echo "$(gettext " -d, --del <keyid(s)> Remove the specified keyids")" + echo "$(gettext " -e, --export <keyid(s)> Export the specified keyids")" + echo "$(gettext " -f, --finger [<keyid(s)>] List fingerprint for specified or all keyids")" + echo "$(gettext " -h, --help Show this help message and exit")" + echo "$(gettext " -l, --list List keys")" + echo "$(gettext " -r, --receive <keyserver> <keyid(s)> Fetch the specified keyids")" + echo "$(gettext " -t, --trust <keyid(s)> Set the trust level of the given keyids")" + echo "$(gettext " -u, --updatedb Update the trustdb of pacman")" + echo "$(gettext " -V, --version Show program version")" + echo "$(gettext " --adv <params> Use pacman's keyring with advanced gpg commands")" + printf "$(gettext " --reload Reload the default keys")" + echo } version() { - printf "pacman-key (pacman) %s\n" "${myver}" - printf "$(gettext "\ + printf "pacman-key (pacman) %s\n" "${myver}" + printf "$(gettext "\ Copyright (c) 2010-2011 Pacman Development Team <pacman-dev@archlinux.org>.\n\ This is free software; see the source for copying conditions.\n\ There is NO WARRANTY, to the extent permitted by law.\n")" @@ -96,125 +96,125 @@ get_from() { } reload_keyring() { - local PACMAN_SHARE_DIR='@prefix@/share/pacman' - local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}" + local PACMAN_SHARE_DIR='@prefix@/share/pacman' + local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}" - # Variable used for iterating on keyrings - local key - local key_id + # Variable used for iterating on keyrings + local key + local key_id - # Keyring with keys to be added to the keyring - local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg" + # Keyring with keys to be added to the keyring + local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg" - # Keyring with keys that were deprecated and will eventually be deleted - local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg" + # Keyring with keys that were deprecated and will eventually be deleted + local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg" - # List of keys removed from the keyring. This file is not a keyring, unlike the others. - # It is a textual list of values that gpg recogniezes as identifiers for keys. - local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys" + # List of keys removed from the keyring. This file is not a keyring, unlike the others. + # It is a textual list of values that gpg recogniezes as identifiers for keys. + local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys" - # Verify signatures of related files, if they exist - if [[ -r "${ADDED_KEYS}" ]]; then - msg "$(gettext "Verifying official keys file signature...")" - if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then - error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}" - exit 1 - fi - fi + # Verify signatures of related files, if they exist + if [[ -r "${ADDED_KEYS}" ]]; then + msg "$(gettext "Verifying official keys file signature...")" + if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then + error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}" + exit 1 + fi + fi - if [[ -r "${DEPRECATED_KEYS}" ]]; then - msg "$(gettext "Verifying deprecated keys file signature...")" - if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then - error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}" - exit 1 - fi - fi + if [[ -r "${DEPRECATED_KEYS}" ]]; then + msg "$(gettext "Verifying deprecated keys file signature...")" + if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then + error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}" + exit 1 + fi + fi - if [[ -r "${REMOVED_KEYS}" ]]; then - msg "$(gettext "Verifying deleted keys file signature...")" - if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then - error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}" - exit 1 - fi - fi + if [[ -r "${REMOVED_KEYS}" ]]; then + msg "$(gettext "Verifying deleted keys file signature...")" + if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then + error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}" + exit 1 + fi + fi - # Read the key ids to an array. The conversion from whatever is inside the file - # to key ids is important, because key ids are the only guarantee of identification - # for the keys. - local -A removed_ids - if [[ -r "${REMOVED_KEYS}" ]]; then - while read key; do - local key_values name - key_values="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')" - if [[ -n $key_values ]]; then - # The first word is the key_id - key_id="${key_values%% *}" - # the rest if the name of the owner - name="${key_values#* }" - if [[ -n ${key_id} ]]; then - # Mark this key to be deleted - removed_ids[$key_id]="$name" - fi - fi - done < "${REMOVED_KEYS}" - fi + # Read the key ids to an array. The conversion from whatever is inside the file + # to key ids is important, because key ids are the only guarantee of identification + # for the keys. + local -A removed_ids + if [[ -r "${REMOVED_KEYS}" ]]; then + while read key; do + local key_values name + key_values="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')" + if [[ -n $key_values ]]; then + # The first word is the key_id + key_id="${key_values%% *}" + # the rest if the name of the owner + name="${key_values#* }" + if [[ -n ${key_id} ]]; then + # Mark this key to be deleted + removed_ids[$key_id]="$name" + fi + fi + done < "${REMOVED_KEYS}" + fi - # List of keys that must be kept installed, even if in the list of keys to be removed - local HOLD_KEYS="$(get_from "$CONFIG" "HoldKeys")" + # List of keys that must be kept installed, even if in the list of keys to be removed + local HOLD_KEYS="$(get_from "$CONFIG" "HoldKeys")" - # Remove the keys that must be kept from the set of keys that should be removed - if [[ -n ${HOLD_KEYS} ]]; then - for key in ${HOLD_KEYS}; do - key_id="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)" - if [[ -n "${removed_ids[$key_id]}" ]]; then - unset removed_ids[$key_id] - fi - done - fi + # Remove the keys that must be kept from the set of keys that should be removed + if [[ -n ${HOLD_KEYS} ]]; then + for key in ${HOLD_KEYS}; do + key_id="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)" + if [[ -n "${removed_ids[$key_id]}" ]]; then + unset removed_ids[$key_id] + fi + done + fi - # Add keys from the current set of keys from pacman-keyring package. The web of trust will - # be updated automatically. - if [[ -r "${ADDED_KEYS}" ]]; then - msg "$(gettext "Appending official keys...")" - local add_keys="$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)" - for key_id in ${add_keys}; do - # There is no point in adding a key that will be deleted right after - if [[ -z "${removed_ids[$key_id]}" ]]; then - ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import - fi - done - fi + # Add keys from the current set of keys from pacman-keyring package. The web of trust will + # be updated automatically. + if [[ -r "${ADDED_KEYS}" ]]; then + msg "$(gettext "Appending official keys...")" + local add_keys="$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)" + for key_id in ${add_keys}; do + # There is no point in adding a key that will be deleted right after + if [[ -z "${removed_ids[$key_id]}" ]]; then + ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import + fi + done + fi - if [[ -r "${DEPRECATED_KEYS}" ]]; then - msg "$(gettext "Appending deprecated keys...")" - local add_keys="$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)" - for key_id in ${add_keys}; do - # There is no point in adding a key that will be deleted right after - if [[ -z "${removed_ids[$key_id]}" ]]; then - ${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import - fi - done - fi + if [[ -r "${DEPRECATED_KEYS}" ]]; then + msg "$(gettext "Appending deprecated keys...")" + local add_keys="$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)" + for key_id in ${add_keys}; do + # There is no point in adding a key that will be deleted right after + if [[ -z "${removed_ids[$key_id]}" ]]; then + ${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import + fi + done + fi - # Remove the keys not marked to keep - if (( ${#removed_ids[@]} > 0 )); then - msg "$(gettext "Removing deleted keys from keyring...")" - for key_id in "${!removed_ids[@]}"; do - echo " removing key $key_id - ${removed_ids[$key_id]}" - ${GPG_PACMAN} --quiet --batch --yes --delete-key "${key_id}" - done - fi + # Remove the keys not marked to keep + if (( ${#removed_ids[@]} > 0 )); then + msg "$(gettext "Removing deleted keys from keyring...")" + for key_id in "${!removed_ids[@]}"; do + echo " removing key $key_id - ${removed_ids[$key_id]}" + ${GPG_PACMAN} --quiet --batch --yes --delete-key "${key_id}" + done + fi - # Update trustdb, just to be sure - msg "$(gettext "Updating trust database...")" - ${GPG_PACMAN} --batch --check-trustdb + # Update trustdb, just to be sure + msg "$(gettext "Updating trust database...")" + ${GPG_PACMAN} --batch --check-trustdb } # PROGRAM START if ! type gettext &>/dev/null; then - gettext() { - echo "$@" - } + gettext() { + echo "$@" + } fi # Set default values @@ -223,18 +223,20 @@ PACMAN_KEYRING_DIR_DEF="@sysconfdir@/pacman.d/gnupg" # Parse command line options while [[ $1 =~ ^--(config|gpgdir)$ ]]; do - case "$1" in - --config) shift; CONFIG="$1" ;; - --gpgdir) shift; PACMAN_KEYRING_DIR="$1" ;; - esac - shift + case "$1" in + --config) shift; CONFIG="$1" + ;; + --gpgdir) shift; PACMAN_KEYRING_DIR="$1" + ;; + esac + shift done # Parse the command command="$1" if [[ -z "${command}" ]]; then - usage - exit 1 + usage + exit 1 fi shift @@ -242,9 +244,9 @@ shift if [[ ! ${command} =~ ^(--help|-h|--version|-V)$ ]]; then # check dependencies if ! type -p gpg &>/dev/null; then - error "$(gettext "gnupg does not seem to be installed.")" - msg2 "$(gettext "pacman-key requires gnupg for most operations.")" - exit 1 + error "$(gettext "gnupg does not seem to be installed.")" + msg2 "$(gettext "pacman-key requires gnupg for most operations.")" + exit 1 fi # check permissions if (( ! EUID )); then @@ -270,67 +272,70 @@ GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" # Execute the command case "${command}" in - -a|--add) - # If there is no extra parameter, gpg will read stdin - ${GPG_PACMAN} --quiet --batch --import "$@" - ;; - -d|--del) - if (( $# == 0 )); then - error "$(gettext "You need to specify at least one key identifier")" - exit 1 - fi - ${GPG_PACMAN} --quiet --batch --delete-key --yes "$@" - ;; - -u|--updatedb) - ${GPG_PACMAN} --batch --check-trustdb - ;; - --reload) - reload_keyring - ;; - -l|--list) - ${GPG_PACMAN} --batch --list-sigs "$@" - ;; - -f|--finger) - ${GPG_PACMAN} --batch --fingerprint "$@" - ;; - -e|--export) - ${GPG_PACMAN} --armor --export "$@" - ;; - -r|--receive) - if (( $# < 2 )); then - error "$(gettext "You need to specify the keyserver and at least one key identifier")" - exit 1 - fi - keyserver="$1" - shift - ${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@" - ;; - -t|--trust) - if (( $# == 0 )); then - error "$(gettext "You need to specify at least one key identifier")" - exit 1 - fi - while (( $# > 0 )); do - # Verify if the key exists in pacman's keyring - if ${GPG_PACMAN} --list-keys "$1" &>/dev/null; then - ${GPG_PACMAN} --edit-key "$1" - else - error "$(gettext "The key identified by %s doesn't exist")" "$1" - exit 1 - fi - shift - done - ;; - --adv) - msg "$(gettext "Executing: %s ")$*" "${GPG_PACMAN}" - ${GPG_PACMAN} "$@" || ret=$? - exit $ret - ;; - -h|--help) - usage; exit 0 ;; - -V|--version) - version; exit 0 ;; - *) - error "$(gettext "Unknown command:") $command" - usage; exit 1 ;; + -a|--add) + # If there is no extra parameter, gpg will read stdin + ${GPG_PACMAN} --quiet --batch --import "$@" + ;; + -d|--del) + if (( $# == 0 )); then + error "$(gettext "You need to specify at least one key identifier")" + exit 1 + fi + ${GPG_PACMAN} --quiet --batch --delete-key --yes "$@" + ;; + -u|--updatedb) + ${GPG_PACMAN} --batch --check-trustdb + ;; + --reload) + reload_keyring + ;; + -l|--list) + ${GPG_PACMAN} --batch --list-sigs "$@" + ;; + -f|--finger) + ${GPG_PACMAN} --batch --fingerprint "$@" + ;; + -e|--export) + ${GPG_PACMAN} --armor --export "$@" + ;; + -r|--receive) + if (( $# < 2 )); then + error "$(gettext "You need to specify the keyserver and at least one key identifier")" + exit 1 + fi + keyserver="$1" + shift + ${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@" + ;; + -t|--trust) + if (( $# == 0 )); then + error "$(gettext "You need to specify at least one key identifier")" + exit 1 + fi + while (( $# > 0 )); do + # Verify if the key exists in pacman's keyring + if ${GPG_PACMAN} --list-keys "$1" &>/dev/null; then + ${GPG_PACMAN} --edit-key "$1" + else + error "$(gettext "The key identified by %s doesn't exist")" "$1" + exit 1 + fi + shift + done + ;; + --adv) + msg "$(gettext "Executing: %s ")$*" "${GPG_PACMAN}" + ${GPG_PACMAN} "$@" || ret=$? + exit $ret + ;; + -h|--help) + usage; exit 0 + ;; + -V|--version) + version; exit 0 + ;; + *) + error "$(gettext "Unknown command:") $command" + usage; exit 1 + ;; esac -- 1.7.4.4
On Thu, Apr 21, 2011 at 8:59 AM, <ivan.kanak@gmail.com> wrote:
From: Ivan Kanakarakis <ivan.kanak@gmail.com>
This commit is just cosmetics-formatting fixing.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Damn it, we weren't very vigilant when we took these new scripts in. Looks like pkgdelta and pacman-key are the bad apples. I'll take care of reformatting them in one fell swoop later on, it'll be too much of a mess for you to do so with patches getting applied. -Dan dmcgee@galway ~/projects/pacman (master) $ tail -n1 scripts/*.sh.in ==> scripts/makepkg.sh.in <== # vim: set ts=2 sw=2 noet: ==> scripts/pacman-db-upgrade.sh.in <== # vim: set ts=2 sw=2 noet: ==> scripts/pacman-key.sh.in <== esac ==> scripts/pacman-optimize.sh.in <== # vim: set ts=2 sw=2 noet: ==> scripts/pkgdelta.sh.in <== create_xdelta "$1" "$2" ==> scripts/rankmirrors.sh.in <== # vim: set ts=2 sw=2 noet: ==> scripts/repo-add.sh.in <== # vim: set ts=2 sw=2 noet:
participants (3)
-
Dan McGee
-
Ivan Kanak
-
ivan.kanak@gmail.com