[pacman-dev] [PATCH 2/4] pacman-key: move verifying keyring files to own function

Allan McRae allan at archlinux.org
Fri Jul 8 21:59:28 EDT 2011


Also check all files before bailing on errors.

Signed-off-by: Allan McRae <allan at archlinux.org>
---
 scripts/pacman-key.sh.in |   48 ++++++++++++++++++++++++++-------------------
 1 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index c8f5111..5be627f 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -87,30 +87,15 @@ get_from() {
 	done < "$1"
 }
 
-reload_keyring() {
-	local PACMAN_SHARE_DIR='@prefix@/share/pacman'
-	local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
-
-	# Variable used for iterating on keyrings
-	local key
-	local key_id
-
-	# Keyring with keys to be added to the keyring
-	local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg"
-
-	# Keyring with keys that were deprecated and will eventually be deleted
-	local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg"
-
-	# List of keys removed from the keyring. This file is not a keyring, unlike the others.
-	# It is a textual list of values that gpg recogniezes as identifiers for keys.
-	local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
+verify_keyring_input() {
+	local ret=0;
 
 	# Verify signatures of related files, if they exist
 	if [[ -r "${ADDED_KEYS}" ]]; then
 		msg "$(gettext "Verifying official keys file signature...")"
 		if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then
 			error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
-			exit 1
+			ret=1
 		fi
 	fi
 
@@ -118,7 +103,7 @@ reload_keyring() {
 		msg "$(gettext "Verifying deprecated keys file signature...")"
 		if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
 			error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
-			exit 1
+			ret=1
 		fi
 	fi
 
@@ -126,10 +111,33 @@ reload_keyring() {
 		msg "$(gettext "Verifying deleted keys file signature...")"
 		if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
 			error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
-			exit 1
+			ret=1
 		fi
 	fi
 
+	return errors
+}
+
+reload_keyring() {
+	local PACMAN_SHARE_DIR='@prefix@/share/pacman'
+	local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
+
+	# Variable used for iterating on keyrings
+	local key
+	local key_id
+
+	# Keyring with keys to be added to the keyring
+	local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg"
+
+	# Keyring with keys that were deprecated and will eventually be deleted
+	local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg"
+
+	# List of keys removed from the keyring. This file is not a keyring, unlike the others.
+	# It is a textual list of values that gpg recogniezes as identifiers for keys.
+	local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
+
+	verify_keyring_input || exit 1
+
 	# Read the key ids to an array. The conversion from whatever is inside the file
 	# to key ids is important, because key ids are the only guarantee of identification
 	# for the keys.
-- 
1.7.6



More information about the pacman-dev mailing list