[pacman-dev] [PATCH] pacman-key: hanlde local signing of multiple keys
gpg --lsign-key does not like being given multiple keys to sign. Signed-off-by: Allan McRae <allan@archlinux.org> --- scripts/pacman-key.sh.in | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index e5b6021..d2389b0 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -301,7 +301,6 @@ populate_keyring() { if (( ${#trusted_ids[@]} > 0 )); then msg "$(gettext "Locally signing trusted keys in keyring...")" for key_id in "${!trusted_ids[@]}"; do - msg2 "$(gettext "Locally signing key %s...")" "${key_id}" lsign_keys "${key_id}" done msg "$(gettext "Importing owner trust values...")" @@ -440,10 +439,19 @@ list_sigs() { lsign_keys() { check_keyids_exist - # we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid - printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "$@" 2>/dev/null - if (( PIPESTATUS[1] )); then - error "$(gettext "A specified key could not be locally signed.")" + + local ret=0 + for key_id in "$@"; do + msg2 "$(gettext "Locally signing key %s...")" "${key_id}" + # we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid + printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null + if (( PIPESTATUS[1] )); then + error "$(gettext "%s could not be locally signed.")" "${key_id}" + ret=1 + fi + done + + if (( ret )); then exit 1 fi } -- 1.7.11
Am 19.06.2012 06:56, schrieb Allan McRae:
gpg --lsign-key does not like being given multiple keys to sign.
Signed-off-by: Allan McRae <allan@archlinux.org> --- scripts/pacman-key.sh.in | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index e5b6021..d2389b0 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -301,7 +301,6 @@ populate_keyring() { if (( ${#trusted_ids[@]} > 0 )); then msg "$(gettext "Locally signing trusted keys in keyring...")" for key_id in "${!trusted_ids[@]}"; do - msg2 "$(gettext "Locally signing key %s...")" "${key_id}" lsign_keys "${key_id}" done
I'd suggest to replace the entire for loop with this then: lsign_keys "${!trusted_ids[@]}" -- Pierre Schmitz, https://pierre-schmitz.com
On 19/06/12 22:31, Pierre Schmitz wrote:
Am 19.06.2012 06:56, schrieb Allan McRae:
gpg --lsign-key does not like being given multiple keys to sign.
Signed-off-by: Allan McRae <allan@archlinux.org> --- scripts/pacman-key.sh.in | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index e5b6021..d2389b0 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -301,7 +301,6 @@ populate_keyring() { if (( ${#trusted_ids[@]} > 0 )); then msg "$(gettext "Locally signing trusted keys in keyring...")" for key_id in "${!trusted_ids[@]}"; do - msg2 "$(gettext "Locally signing key %s...")" "${key_id}" lsign_keys "${key_id}" done
I'd suggest to replace the entire for loop with this then:
lsign_keys "${!trusted_ids[@]}"
Amended on my working branch. Allan
participants (2)
-
Allan McRae
-
Pierre Schmitz