[pacman-dev] [PATCH 3/3] Changed makepkg and repo-add to use -S/--sign for signing. Added --gpgdir option to repo-add to allow GnuPG home directory configuration. Signed-off-by: Kerrick Staley <mail at kerrickstaley.com>
Kerrick Staley
mail at kerrickstaley.com
Wed Jun 1 16:03:19 EDT 2011
---
scripts/makepkg.sh.in | 6 +++---
scripts/repo-add.sh.in | 23 ++++++++++++++++++++---
2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index b0d0c23..95f541f 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1625,7 +1625,7 @@ usage() {
printf "$(gettext " --nocheck Do not run the check() function in the %s")\n" "$BUILDSCRIPT"
echo "$(gettext " --nosign Do not create a signature for the package")"
echo "$(gettext " --pkg <list> Only build listed packages from a split package")"
- echo "$(gettext " --sign Sign the resulting package with gpg")"
+ echo "$(gettext " -S, --sign Sign the resulting package with gpg")"
echo "$(gettext " --skipinteg Do not fail when integrity checks are missing")"
echo "$(gettext " --source Generate a source-only tarball without downloaded sources")"
echo
@@ -1659,7 +1659,7 @@ fi
ARGLIST=("$@")
# Parse Command Line Options.
-OPT_SHORT="AcCdefFghiLmop:rRsV"
+OPT_SHORT="AcCdefFghiLmop:rRsSV"
OPT_LONG="allsource,asroot,ignorearch,check,clean,cleancache,nodeps"
OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver"
OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps"
@@ -1708,7 +1708,7 @@ while true; do
-r|--rmdeps) RMDEPS=1 ;;
-R|--repackage) REPKG=1 ;;
--skipinteg) SKIPINTEG=1 ;;
- --sign) SIGNPKG='y' ;;
+ -S|--sign) SIGNPKG='y' ;;
--source) SOURCEONLY=1 ;;
-s|--syncdeps) DEP_BIN=1 ;;
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 820db36..f00b519 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -26,6 +26,8 @@ export TEXTDOMAINDIR='@localedir@'
myver='@PACKAGE_VERSION@'
confdir='@sysconfdir@'
+GPGDIR='@sysconfdir@/pacman.d/gnupg'
+
QUIET=0
DELTA=0
WITHFILES=0
@@ -80,8 +82,9 @@ specified on the command line from the given repo database. Multiple\n\
packages to remove can be specified on the command line.\n\n")"
printf "$(gettext "Options:\n")"
fi
+ printf "$(gettext " --gpgdir <dir> use the specified GnuPG home directory\n")"
printf "$(gettext " -q, --quiet minimize output\n")"
- printf "$(gettext " -s, --sign sign database with GnuPG after update\n")"
+ printf "$(gettext " -S, --sign sign database with GnuPG after update\n")"
printf "$(gettext " -k, --key <key> use the specified key to sign the database\n")"
printf "$(gettext " -v, --verify verify database's signature before update\n")"
printf "$(gettext "\n\
@@ -231,7 +234,12 @@ verify_signature() {
warning "$(gettext "No existing signature found, skipping verification.")"
return
fi
- gpg --verify "$dbfile.sig" || ret=$?
+ # unlike signing, verification of old database is done with pacman's keyring
+ if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then
+ error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")"
+ exit 1
+ fi
+ gpg --homedir "$GPGDIR" --verify "$dbfile.sig" || ret=$?
if (( ! ret )); then
msg2 "$(gettext "Database signature file verified.")"
else
@@ -552,7 +560,16 @@ while [[ $# > 0 ]]; do
-q|--quiet) QUIET=1;;
-d|--delta) DELTA=1;;
-f|--files) WITHFILES=1;;
- -s|--sign)
+ --gpgdir)
+ check_gpg
+ shift
+ GPGDIR="$1"
+ if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then
+ error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")"
+ exit 1
+ fi
+ ;;
+ -S|--sign)
check_gpg
SIGN=1
if ! gpg --list-key ${GPGKEY} &>/dev/null; then
--
1.7.5.2
More information about the pacman-dev
mailing list