[pacman-dev] [PATCH 3/3] pacman-key: better handling of options and supressing gpg output

Denis A. Altoé Falqueto denisfalqueto at gmail.com
Fri Feb 18 20:30:23 EST 2011


The option --trus was changed to --edit-key, for better alignment
with the underlying --edit-key of gnupg.

The options --config and --gpgdir were not being handled correctly.
They would not work if were not used as first arguments always.
Now the handling is more flexible.

The use of gpg for verification purposes was leaking inconvenient
messages to the output, so they were quieted with --quiet,
1>/dev/null and 2>&1.

Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto at gmail.com>
---
 doc/pacman-key.8.txt     |    4 +-
 scripts/pacman-key.sh.in |   55 ++++++++++++++++++++++++++++++----------------
 2 files changed, 38 insertions(+), 21 deletions(-)

diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 5ebbd0a..ba97b82 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -59,8 +59,8 @@ Commands
 *\--reload*::
 	Reloads the keys from the keyring package
 
-*-t*, *\--trust* 'keyid'::
-	Set the trust level of the given key
+*-t*, *\--edit-key* 'keyid ...'::
+	Edit trust properties for the given keys
 
 *-u*, *\--updatedb*::
 	Equivalent to \--check-trustdb in GnuPG
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index ccaf4b2..d97b071 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -71,7 +71,7 @@ usage() {
 	echo "$(gettext "  -l | --list                            - list keys")"
 	echo "$(gettext "  -r | --receive <keyserver> <keyid> ... - fetch the keyids from the specified")"
 	echo "$(gettext "                                           keyserver URL")"
-	echo "$(gettext "  -t | --trust <keyid> ...               - set the trust level of the given key")"
+	echo "$(gettext "  -t | --edit-key <keyid> ...            - edit trust properties for the given keys")"
 	echo "$(gettext "  -u | --updatedb                        - update the trustdb of pacman")"
 	echo "$(gettext "  -v | --version                         - displays the current version")"
 	echo "$(gettext "  --adv <params>                         - use pacman's keyring as target for")"
@@ -117,7 +117,7 @@ reload_keyring() {
 	# Verify signatures of related files, if they exist
 	if [[ -r "${ADDED_KEYS}" ]]; then
 		msg "$(gettext "Verifying official keys file signature...")"
-		if ! ${GPG_PACMAN} --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then
+		if ! ${GPG_PACMAN} --quiet --verify "${ADDED_KEYS}.sig" 1>/dev/null 2>&1; then
 			error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
 			exit 1
 		fi
@@ -125,7 +125,7 @@ reload_keyring() {
 
 	if [[ -r "${DEPRECATED_KEYS}" ]]; then
 		msg "$(gettext "Verifying deprecated keys file signature...")"
-		if ! ${GPG_PACMAN} --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then
+		if ! ${GPG_PACMAN} --quiet --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null 2>&1; then
 			error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
 			exit 1
 		fi
@@ -133,7 +133,7 @@ reload_keyring() {
 
 	if [[ -r "${REMOVED_KEYS}" ]]; then
 		msg "$(gettext "Verifying deleted keys file signature...")"
-		if ! ${GPG_PACMAN} --quiet --batch --verify "${REMOVED_KEYS}.sig"; then
+		if ! ${GPG_PACMAN} --quiet --verify "${REMOVED_KEYS}.sig" 1>/dev/null 2>&1; then
 			error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
 			exit 1
 		fi
@@ -229,15 +229,27 @@ if [[ $1 != "--version" && $1 != "-v" && $1 != "--help" && $1 != "-h" && $1 != "
 	fi
 fi
 
-# Parse global options
+# Iterate over the parameters to get --config and --gpgdir
+# This time, the parameters will not be consumed. This is needed
+# because the code needs to know where is pacman's keyring before
+# signing or verifying any files.
 CONFIG="@sysconfdir@/pacman.conf"
-PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg"
-while [[ $1 =~ ^--(config|gpgdir)$ ]]; do
-	case "$1" in
-		--config) shift; CONFIG="$1" ;;
-		--gpgdir) shift; PACMAN_KEYRING_DIR="$1" ;;
+GPGDIR=""
+isconfig=0
+isgpgdir=0
+for arg in "$@"; do
+	if (( isconfig )); then
+		isconfig=0
+		CONFIG="$arg"
+	fi
+	if (( isgpgdir )); then
+		isgpgdir=0
+		GPGDIR="$arg"
+	fi
+	case "$arg" in
+		--config) isconfig=1;;
+		--gpgdir) isgpgdir=1;;
 	esac
-	shift
 done
 
 if [[ ! -r "${CONFIG}" ]]; then
@@ -246,11 +258,13 @@ if [[ ! -r "${CONFIG}" ]]; then
 fi
 
 # Read GPGDIR from $CONFIG.
-# The pattern is: any spaces or tabs, GPGDir, any spaces or tabs, equal sign
-# and the rest of the line. The string is splitted after the first occurrence of =
-if [[ GPGDIR=$(find_config "GPGDir") == 0 ]]; then
-	PACMAN_KEYRING_DIR="${GPGDIR}"
-fi
+# The precedence for GPGDIR is:
+# 1st: command line
+# 2nd: pacman.conf
+# 3rd: default value
+[[ -z "$GPGDIR" ]] && GPGDIR=$(find_config "GPGDir")
+[[ -z "$GPGDIR" ]] && GPGDIR="@sysconfdir@/pacman.d/gnupg"
+PACMAN_KEYRING_DIR="${GPGDIR}"
 GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR}"
 
 # Parse and execute command
@@ -281,10 +295,10 @@ case "${command}" in
 		reload_keyring
 		;;
 	-l|--list)
-		${GPG_PACMAN} --batch --list-sigs "$@"
+		${GPG_PACMAN} --list-sigs "$@"
 		;;
 	-f|--finger)
-		${GPG_PACMAN} --batch --fingerprint $*
+		${GPG_PACMAN} --fingerprint $*
 		;;
 	-e|--export)
 		${GPG_PACMAN} --armor --export "$@"
@@ -299,7 +313,7 @@ case "${command}" in
 		shift
 		${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@"
 		;;
-	-t|--trust)
+	-t|--edit-key)
 		if (( $# == 0 )); then
 			error "$(gettext "You need to specify at least one key identifier")"
 			usage
@@ -328,6 +342,9 @@ case "${command}" in
 		version
 		exit 0
 		;;
+	# Parameters already handled
+	--config) shift ;;
+	--gpgdir) shift ;;
 	*)
 		usage
 		exit 1
-- 
1.7.4.1



More information about the pacman-dev mailing list