[pacman-dev] [PATCH 2/4] pacman-key: move verifying keyring files to own function
Allan McRae
allan at archlinux.org
Fri Jul 8 21:59:28 EDT 2011
Also check all files before bailing on errors.
Signed-off-by: Allan McRae <allan at archlinux.org>
---
scripts/pacman-key.sh.in | 48 ++++++++++++++++++++++++++-------------------
1 files changed, 28 insertions(+), 20 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index c8f5111..5be627f 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -87,30 +87,15 @@ get_from() {
done < "$1"
}
-reload_keyring() {
- local PACMAN_SHARE_DIR='@prefix@/share/pacman'
- local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
-
- # Variable used for iterating on keyrings
- local key
- local key_id
-
- # Keyring with keys to be added to the keyring
- local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg"
-
- # Keyring with keys that were deprecated and will eventually be deleted
- local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg"
-
- # List of keys removed from the keyring. This file is not a keyring, unlike the others.
- # It is a textual list of values that gpg recogniezes as identifiers for keys.
- local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
+verify_keyring_input() {
+ local ret=0;
# Verify signatures of related files, if they exist
if [[ -r "${ADDED_KEYS}" ]]; then
msg "$(gettext "Verifying official keys file signature...")"
if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
- exit 1
+ ret=1
fi
fi
@@ -118,7 +103,7 @@ reload_keyring() {
msg "$(gettext "Verifying deprecated keys file signature...")"
if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
- exit 1
+ ret=1
fi
fi
@@ -126,10 +111,33 @@ reload_keyring() {
msg "$(gettext "Verifying deleted keys file signature...")"
if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
- exit 1
+ ret=1
fi
fi
+ return errors
+}
+
+reload_keyring() {
+ local PACMAN_SHARE_DIR='@prefix@/share/pacman'
+ local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
+
+ # Variable used for iterating on keyrings
+ local key
+ local key_id
+
+ # Keyring with keys to be added to the keyring
+ local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg"
+
+ # Keyring with keys that were deprecated and will eventually be deleted
+ local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg"
+
+ # List of keys removed from the keyring. This file is not a keyring, unlike the others.
+ # It is a textual list of values that gpg recogniezes as identifiers for keys.
+ local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
+
+ verify_keyring_input || exit 1
+
# Read the key ids to an array. The conversion from whatever is inside the file
# to key ids is important, because key ids are the only guarantee of identification
# for the keys.
--
1.7.6
More information about the pacman-dev
mailing list