[pacman-dev] [PATCH 2/2] Add configure option to specify package signing key

Allan McRae allan at archlinux.org
Sun Apr 17 08:44:12 EDT 2011 

Add the "GPGKEY" option to makepkg.conf for specifying signing packages
with the non-default key from the keyring.  Is overridded by makepkg's
--key option.

Signed-off-by: Allan McRae <allan at archlinux.org>
---
 doc/makepkg.8.txt      |    5 +++--
 doc/makepkg.conf.5.txt |    4 ++++
 etc/makepkg.conf.in    |    3 +++
 scripts/makepkg.sh.in  |   14 ++++++++------
 4 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/doc/makepkg.8.txt b/doc/makepkg.8.txt
index 319e45c..85a7759 100644
--- a/doc/makepkg.8.txt
+++ b/doc/makepkg.8.txt
@@ -169,8 +169,9 @@ Options
 	Do not create a signature for the package.
 
 *\--key* <key>::
-	Specify a key to use when signing a packages.  If not specified, the default
-	key from the keyring will be used.
+	Specify a key to use when signing a packages, overriding the GPGKEY setting
+	in linkman:makepkg.conf[5].  If not specified in either location, the
+	default key from the keyring will be used.
 
 *\--noconfirm*::
 	(Passed to pacman) Prevent pacman from waiting for user input before
diff --git a/doc/makepkg.conf.5.txt b/doc/makepkg.conf.5.txt
index a9faa14..9d3ad0a 100644
--- a/doc/makepkg.conf.5.txt
+++ b/doc/makepkg.conf.5.txt
@@ -110,6 +110,10 @@ Options
 	running in the DistCC cluster. In addition, you will want to modify your
 	`MAKEFLAGS`.
 
+**GPGKEY=**""::
+	Specify a key to use for gpg signing instead of the default key in the
+	keyring. Can be overridden with makepkg's `--key` option.
+
 **OPTIONS=(**strip !docs libtool emptydirs zipman**)**::
 	This array contains options that affect the default packaging. They are
 	equivalent to options that can be placed in the PKGBUILD; the defaults are
diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in
index c3b7cc0..9bfb5b9 100644
--- a/etc/makepkg.conf.in
+++ b/etc/makepkg.conf.in
@@ -54,6 +54,9 @@ BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
 #-- specify a space-delimited list of hosts running in the DistCC cluster.
 #DISTCC_HOSTS=""
+#
+#-- Specify a key to use for package signing
+#GPGKEY=""
 
 #########################################################################
 # GLOBAL PACKAGE OPTIONS
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 36ac728..70d3cf3 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1116,8 +1116,8 @@ create_signature() {
 	fi
 
 	local SIGNWITHKEY=""
-	if [[ -n $SIGNKEY ]]; then
-		SIGNWITHKEY="-u ${SIGNKEY}"
+	if [[ -n $GPGKEY ]]; then
+		SIGNWITHKEY="-u ${GPGKEY}"
 	fi
 	# The signature will be generated directly in ascii-friendly format
 	gpg --detach-sign --use-agent ${SIGNWITHKEY} "$filename" &>/dev/null || ret=$?
@@ -1697,7 +1697,7 @@ while true; do
 		-g|--geninteg)    GENINTEG=1 ;;
 		--holdver)        HOLDVER=1 ;;
 		-i|--install)     INSTALL=1 ;;
-		--key)            shift; SIGNKEY=$1 ;;
+		--key)            shift; GPGKEY=$1 ;;
 		-L|--log)         LOGGING=1 ;;
 		-m|--nocolor)     USE_COLOR='n' ;;
 		--nocheck)        RUN_CHECK='n' ;;
@@ -1727,6 +1727,7 @@ done
 [[ -n ${SRCPKGDEST} ]] && _SRCPKGDEST=$(canonicalize_path ${SRCPKGDEST})
 [[ -n ${PKGEXT} ]] && _PKGEXT=${PKGEXT}
 [[ -n ${SRCEXT} ]] && _SRCEXT=${SRCEXT}
+[[ -n ${GPGKEY} ]] && _GPGKEY=${GPGKEY}
 
 # default config is makepkg.conf
 MAKEPKG_CONF=${MAKEPKG_CONF:-$confdir/makepkg.conf}
@@ -1792,6 +1793,7 @@ SRCPKGDEST=${SRCPKGDEST:-$startdir} #default to $startdir if undefined
 
 PKGEXT=${_PKGEXT:-$PKGEXT}
 SRCEXT=${_SRCEXT:-$SRCEXT}
+GPGKEY=${_GPGKEY:-$GPGKEY}
 
 if (( HOLDVER )) && [[ -n $FORCE_VER ]]; then
 	# The '\\0' is here to prevent gettext from thinking --holdver is an option
@@ -1948,9 +1950,9 @@ if [[ -z "$SIGNPKG" && $(check_buildenv sign) == 'y' ]]; then
   SIGNPKG='y'
 fi
 if [[ $SIGNPKG == 'y' ]]; then
-	if ! gpg --list-key ${SIGNKEY} &>/dev/null; then
-		if [[ ! -z $SIGNKEY ]]; then
-			error "$(gettext "The key ${SIGNKEY} does not exist in your keyring.")"
+	if ! gpg --list-key ${GPGKEY} &>/dev/null; then
+		if [[ ! -z $GPGKEY ]]; then
+			error "$(gettext "The key ${GPGKEY} does not exist in your keyring.")"
 		else
 			error "$(gettext "There is no key in your keyring.")"
 		fi
-- 
1.7.4.4

More information about the pacman-dev mailing list