[pacman-dev] [PATCH] Change GPG_PACMAN and GPG_NOKEYRING to arrays

DJ Mills danielmills1 at gmail.com
Sat Jul 16 14:38:26 EDT 2011 

Allow the commands to safely handle any possible arguments.

Signed-off-by: DJ Mills <danielmills1 at gmail.com>
---
 scripts/pacman-key.sh.in |   48 +++++++++++++++++++++++-----------------------
 1 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 833943c..5ad83c3 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -78,7 +78,7 @@ get_from() {
 
 reload_keyring() {
 	local PACMAN_SHARE_DIR='@prefix@/share/pacman'
-	local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
+	local GPG_NOKEYRING=(gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir "${PACMAN_KEYRING_DIR}")
 
 	# Variable used for iterating on keyrings
 	local key
@@ -97,7 +97,7 @@ reload_keyring() {
 	# Verify signatures of related files, if they exist
 	if [[ -r "${ADDED_KEYS}" ]]; then
 		msg "$(gettext "Verifying official keys file signature...")"
-		if ! ${GPG_PACMAN} --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then
+		if ! "${GPG_PACMAN[@]}" --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then
 			error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
 			exit 1
 		fi
@@ -105,7 +105,7 @@ reload_keyring() {
 
 	if [[ -r "${DEPRECATED_KEYS}" ]]; then
 		msg "$(gettext "Verifying deprecated keys file signature...")"
-		if ! ${GPG_PACMAN} --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then
+		if ! "${GPG_PACMAN[@]}" --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then
 			error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
 			exit 1
 		fi
@@ -113,7 +113,7 @@ reload_keyring() {
 
 	if [[ -r "${REMOVED_KEYS}" ]]; then
 		msg "$(gettext "Verifying deleted keys file signature...")"
-		if ! ${GPG_PACMAN} --quiet --batch --verify "${REMOVED_KEYS}.sig"; then
+		if ! "${GPG_PACMAN[@]}" --quiet --batch --verify "${REMOVED_KEYS}.sig"; then
 			error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
 			exit 1
 		fi
@@ -126,7 +126,7 @@ reload_keyring() {
 	if [[ -r "${REMOVED_KEYS}" ]]; then
 		while read key; do
 			local key_values name
-			key_values=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')
+			key_values=$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')
 			if [[ -n $key_values ]]; then
 				# The first word is the key_id
 				key_id=${key_values%% *}
@@ -146,7 +146,7 @@ reload_keyring() {
 	# Remove the keys that must be kept from the set of keys that should be removed
 	if [[ -n ${HOLD_KEYS} ]]; then
 		for key in ${HOLD_KEYS}; do
-			key_id=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)
+			key_id=$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)
 			if [[ -n "${removed_ids[$key_id]}" ]]; then
 				unset removed_ids[$key_id]
 			fi
@@ -157,22 +157,22 @@ reload_keyring() {
 	# be updated automatically.
 	if [[ -r "${ADDED_KEYS}" ]]; then
 		msg "$(gettext "Appending official keys...")"
-		local add_keys=$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)
+		local add_keys=$("${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)
 		for key_id in ${add_keys}; do
 			# There is no point in adding a key that will be deleted right after
 			if [[ -z "${removed_ids[$key_id]}" ]]; then
-				${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import
+				"${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import
 			fi
 		done
 	fi
 
 	if [[ -r "${DEPRECATED_KEYS}" ]]; then
 		msg "$(gettext "Appending deprecated keys...")"
-		local add_keys=$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)
+		local add_keys=$("${GPG_NOKEYRING[@]}" --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)
 		for key_id in ${add_keys}; do
 			# There is no point in adding a key that will be deleted right after
 			if [[ -z "${removed_ids[$key_id]}" ]]; then
-				${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import
+				"${GPG_NOKEYRING[@]}" --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import
 			fi
 		done
 	fi
@@ -182,13 +182,13 @@ reload_keyring() {
 		msg "$(gettext "Removing deleted keys from keyring...")"
 		for key_id in "${!removed_ids[@]}"; do
 			echo "  removing key $key_id - ${removed_ids[$key_id]}"
-			${GPG_PACMAN} --quiet --batch --yes --delete-key "${key_id}"
+			"${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}"
 		done
 	fi
 
 	# Update trustdb, just to be sure
 	msg "$(gettext "Updating trust database...")"
-	${GPG_PACMAN} --batch --check-trustdb
+	"${GPG_PACMAN[@]}" --batch --check-trustdb
 }
 
 # PROGRAM START
@@ -229,7 +229,7 @@ fi
 if [[ GPGDIR=$(get_from "$CONFIG" "GPGDir") == 0 ]]; then
 	PACMAN_KEYRING_DIR="${GPGDIR}"
 fi
-GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning"
+GPG_PACMAN=(gpg --homedir "${PACMAN_KEYRING_DIR}" --no-permission-warning)
 
 # Try to create $PACMAN_KEYRING_DIR if non-existent
 # Check for simple existence rather than for a directory as someone may want
@@ -247,29 +247,29 @@ shift
 case "${command}" in
 	-a|--add)
 		# If there is no extra parameter, gpg will read stdin
-		${GPG_PACMAN} --quiet --batch --import "$@"
+		"${GPG_PACMAN[@]}" --quiet --batch --import "$@"
 		;;
 	-d|--del)
 		if (( $# == 0 )); then
 			error "$(gettext "You need to specify at least one key identifier")"
 			exit 1
 		fi
-		${GPG_PACMAN} --quiet --batch --delete-key --yes "$@"
+		"${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "$@"
 		;;
 	-u|--updatedb)
-		${GPG_PACMAN} --batch --check-trustdb
+		"${GPG_PACMAN[@]}" --batch --check-trustdb
 		;;
 	--reload)
 		reload_keyring
 		;;
 	-l|--list)
-		${GPG_PACMAN} --batch --list-sigs "$@"
+		"${GPG_PACMAN[@]}" --batch --list-sigs "$@"
 		;;
 	-f|--finger)
-		${GPG_PACMAN} --batch --fingerprint "$@"
+		"${GPG_PACMAN[@]}" --batch --fingerprint "$@"
 		;;
 	-e|--export)
-		${GPG_PACMAN} --armor --export "$@"
+		"${GPG_PACMAN[@]}" --armor --export "$@"
 		;;
 	-r|--receive)
 		if (( $# < 2 )); then
@@ -278,7 +278,7 @@ case "${command}" in
 		fi
 		keyserver="$1"
 		shift
-		${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@"
+		"${GPG_PACMAN[@]}" --keyserver "${keyserver}" --recv-keys "$@"
 		;;
 	-t|--trust)
 		if (( $# == 0 )); then
@@ -287,8 +287,8 @@ case "${command}" in
 		fi
 		while (( $# > 0 )); do
 			# Verify if the key exists in pacman's keyring
-			if ${GPG_PACMAN} --list-keys "$1" > /dev/null 2>&1; then
-				${GPG_PACMAN} --edit-key "$1"
+			if "${GPG_PACMAN[@]}" --list-keys "$1" > /dev/null 2>&1; then
+				"${GPG_PACMAN[@]}" --edit-key "$1"
 			else
 				error "$(gettext "The key identified by %s doesn't exist")" "$1"
 				exit 1
@@ -297,8 +297,8 @@ case "${command}" in
 		done
 		;;
 	--adv)
-		msg "$(gettext "Executing: %s ")$*" "${GPG_PACMAN}"
-		${GPG_PACMAN} "$@" || ret=$?
+		msg "$(gettext "Executing: %s ")$*" ""${GPG_PACMAN[@]}""
+		"${GPG_PACMAN[@]}" "$@" || ret=$?
 		exit $ret
 		;;
 	-h|--help)
-- 
1.7.6

More information about the pacman-dev mailing list