[pacman-dev] [PATCH 3/5] pacman-key: update trust database for relevant operations

Tue Aug 23 06:21:52 EDT 2011

On Tue, Aug 23, 2011 at 04:17:44PM +1000, Allan McRae wrote:
> After most operations that touch the keyring, it is a good idea to
> always run a check on the trustdb as this prevents gpg complaining
> on later operations.
> 
> Signed-off-by: Allan McRae <allan at archlinux.org>
> ---
>  scripts/pacman-key.sh.in |    9 +++++----
>  1 files changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> index 3e31abb..6d07482 100644
> --- a/scripts/pacman-key.sh.in
> +++ b/scripts/pacman-key.sh.in
> @@ -253,10 +253,6 @@ populate_keyring() {
>  			"${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}"
>  		done
>  	fi
> -
> -	# Update trustdb, just to be sure
> -	msg "$(gettext "Updating trust database...")"
> -	"${GPG_PACMAN[@]}" --batch --check-trustdb
>  }
>  
>  receive_keys() {
> @@ -417,4 +413,9 @@ esac
>  (( UPDATEDB )) && "${GPG_PACMAN[@]}" --batch --check-trustdb
>  (( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE
>  
> +if (( ADD || DELETE || EDITKEY || IMPORT || IMPORT_TRUSTDB || POPULATE || RECEIVE )); then
> +	msg "$(gettext "Updating trust database...")"
> +	"${GPG_PACMAN[@]}" --batch --check-trustdb
> +fi
> +
>  # vim: set ts=2 sw=2 noet:
> -- 
> 1.7.6
> 
> 

Just a different approach... instead of hardcoding another list, tag
them in options parsing and check for UPDATEDB last. Patch below is
against master, but probably gives you a better idea of what I mean...

d

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 74ecfcf..2ebe22d 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -336,20 +336,20 @@ fi
 
 while true; do
  case "$1" in
-   -a|--add)         ADD=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYFILES=($1) ;;
+   -a|--add)         UPDATEDB=1 ADD=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYFILES=($1) ;;
    --config)         shift; CONFIG=$1 ;;
-   -d|--delete)      DELETE=1; shift; KEYIDS=($1) ;;
-   --edit-key)       EDITKEY=1; shift; KEYIDS=($1) ;;
+   -d|--delete)      UPDATEDB=1 DELETE=1; shift; KEYIDS=($1) ;;
+   --edit-key)       UPDATEDB=1 EDITKEY=1; shift; KEYIDS=($1) ;;
    -e|--export)      EXPORT=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
    -f|--finger)      FINGER=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
    --gpgdir)         shift; PACMAN_KEYRING_DIR=$1 ;;
-   --import)         IMPORT=1; shift; IMPORT_DIRS=($1) ;;
-   --import-trustdb) IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1) ;;
+   --import)         UPDATEDB=1 IMPORT=1; shift; IMPORT_DIRS=($1) ;;
+   --import-trustdb) UPDATEDB=1 IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1) ;;
    --init)           INIT=1 ;;
    -l|--list-keys)   LISTKEYS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
    --list-sigs)      LISTSIGS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
-   -r|--receive)     RECEIVE=1; shift; TMP=($1); KEYSERVER=${TMP[0]}; KEYIDS=(${TMP[@]:1}); unset TMP;;
-   --reload)         RELOAD=1 ;;
+   -r|--receive)     UPDATEDB=1 RECEIVE=1; shift; TMP=($1); KEYSERVER=${TMP[0]}; KEYIDS=(${TMP[@]:1}); unset TMP;;
+   --reload)         UPDATEDB=1 RELOAD=1 ;;
    -u|--updatedb)    UPDATEDB=1 ;;
    -v|--verify)      VERIFY=1; shift; SIGNATURE=$1 ;;
 
@@ -387,7 +387,7 @@ GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning)
 
 # check only a single operation has been given
 numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + IMPORT + IMPORT_TRUSTDB +
-   INIT + LISTKEYS + LISTSIGS + RECEIVE + RELOAD + UPDATEDB + VERIFY ))
+   INIT + LISTKEYS + LISTSIGS + RECEIVE + RELOAD + VERIFY ))
 
 case $numopt in
  0)
@@ -415,7 +415,8 @@ esac
 (( LISTSIGS )) && "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}"
 (( RECEIVE )) && receive_keys
 (( RELOAD )) && reload_keyring
-(( UPDATEDB )) && "${GPG_PACMAN[@]}" --batch --check-trustdb
 (( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE
 
+(( UPDATEDB )) && "${GPG_PACMAN[@]}" --batch --check-trustdb
+
 # vim: set ts=2 sw=2 noet:

