[pacman-dev] [PATCH] pacman-key: add --init option
Allan McRae
allan at archlinux.org
Sat Jul 9 03:35:45 EDT 2011
Add an --init option that ensures that the pacman keyring has all
the necessary files and they have the correct permissions for being
read as a user.
Signed-off-by: Allan McRae <allan at archlinux.org>
---
doc/pacman-key.8.txt | 4 ++++
scripts/pacman-key.sh.in | 34 ++++++++++++++++++++++++++--------
2 files changed, 30 insertions(+), 8 deletions(-)
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 2771ece..cf72b83 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -60,6 +60,10 @@ Options
*-h, \--help*::
Output syntax and command line options.
+*--init*::
+ Ensure the keyring is properly initialized and has the required access
+ permissions.
+
*-l, \--list*::
Equivalent to --list-sigs from GnuPG.
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 3c0b5d9..ba817ca 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -32,6 +32,7 @@ DELETE=0
EDITKEY=0
EXPORT=0
FINGER=0
+INIT=0
LIST=0
RECEIVE=0
RELOAD=0
@@ -65,6 +66,7 @@ usage() {
echo "$(gettext " --edit-key <keyid(s)> Present a menu for key management task on keyids")"
echo "$(gettext " --gpgdir <dir> Set an alternate directory for gnupg")"
printf "$(gettext " (instead of '%s')")\n" "@sysconfdir@/pacman.d/gnupg"
+ echo "$(gettest " --init Ensure the keyring is properly initialized")"
echo "$(gettext " --reload Reload the default keys")"
}
@@ -91,6 +93,25 @@ get_from() {
return 1
}
+initialize() {
+ # Check for simple existence rather than for a directory as someone
+ # may want to use a symlink here
+ [[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
+
+ # keyring files
+ [[ -f ${PACMAN_KEYRING_DIR}/pubring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/pubring.gpg
+ [[ -f ${PACMAN_KEYRING_DIR}/secring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/secring.gpg
+ [[ -f ${PACMAN_KEYRING_DIR}/trustdb.gpg ]] || ${GPG_PACMAN} --update-trustdb
+ chmod 644 ${PACMAN_KEYRING_DIR}/{{pub,sec}ring,trustdb}.gpg
+
+ # gpg.conf
+ [[ ! -f ${PACMAN_KEYRING_DIR}/gpg.conf ]] || touch ${PACMAN_KEYRING_DIR}/gpg.conf
+ if ! grep -w -q "lock-never" ${PACMAN_KEYRING_DIR}/gpg.conf; then
+ echo "lock-never" >> ${PACMAN_KEYRING_DIR}/gpg.conf
+ fi
+ chmod 644 ${PACMAN_KEYRING_DIR}/gpg.conf
+}
+
verify_keyring_input() {
local ret=0;
@@ -246,7 +267,7 @@ if ! type gettext &>/dev/null; then
fi
OPT_SHORT="a::d:e:f::hlr:t:uv:V"
-OPT_LONG="add,adv:,config:,del:,export::,finger::,gpgdir:,help,list"
+OPT_LONG="add,adv:,config:,del:,export::,finger::,gpgdir:,help,init,list"
OPT_LONG+=",receive:,reload,trust:,updatedb,verify:,version"
if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
echo; usage; exit 1 # E_INVALID_OPTION;
@@ -268,6 +289,7 @@ while true; do
-e|--export) EXPORT=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
-f|--finger) FINGER=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
--gpgdir) shift; PACMAN_KEYRING_DIR=$1 ;;
+ --init) INIT=1 ;;
-l|--list) LIST=1 ;;
-r|--receive) RECEIVE=1; shift; KEYSERVER="${1[0]}"; KEYIDS=("${1[@]:1}") ;;
--reload) RELOAD=1 ;;
@@ -289,7 +311,7 @@ if ! type -p gpg >/dev/null; then
exit 1
fi
-if (( (ADD || DELETE || EDITKEY || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then
+if (( (ADD || DELETE || EDITKEY || INIT || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then
error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key"
exit 1
fi
@@ -304,15 +326,10 @@ fi
# file, falling back on a hard default
PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "@sysconfdir@/pacman.d/gnupg")}
-# Try to create $PACMAN_KEYRING_DIR if non-existent
-# Check for simple existence rather than for a directory as someone may want
-# to use a symlink here
-[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
-
GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning"
# check only a single operation has been given
-numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + LIST + RECEIVE + RELOAD + UPDATEBD + VERIFY ))
+numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + INIT + LIST + RECEIVE + RELOAD + UPDATEBD + VERIFY ))
if (( ! numopt )); then
error "$(gettext "No operations specified")"
@@ -333,6 +350,7 @@ fi
(( EDITKEY )) && edit_keys
(( EXPORT )) && ${GPG_PACMAN} --armor --export "${KEYIDS[@]}"
(( FINGER )) && ${GPG_PACMAN} --batch --fingerprint "${KEYIDS[@]}"
+(( INIT )) && initialize
(( LIST )) && ${GPG_PACMAN} --batch --list-sigs "${KEYIDS[@]}"
(( RECEIVE )) && receive_keys
(( RELOAD )) && reload_keyring
--
1.7.6
More information about the pacman-dev
mailing list