[pacman-dev] [PATCH] pacman-key: Add --import and --import-trustdb
Pang Yan Han
pangyanhan at gmail.com
Fri Jun 10 02:38:34 EDT 2011
Currently, pacman-key allows users to import their keys using the --add option
but no similar functionality exists for importing ownertrust values.
The --import-trustdb option takes in a list of directories and imports
ownertrust values if the directories have a trustdb.gpg database.
The --import is a combination of --add and --import-trustdb. It takes in a list
of directories and imports keys from pubring.gpg, ownertrust values from
trustdb.gpg if any of these files exist.
Signed-off-by: Pang Yan Han <pangyanhan at gmail.com>
---
NOTE: There is this very strange bug such that when new keys are added,
previously imported keys will fail for signature verification. This happens with
both --add and --import.
Eg. Say you want to import trustdb.gpg and pubring.gpg from directories "first",
"second" and "third", you'd have to:
# pacman-key --import first second third
# pacman-key --import first second third
doc/pacman-key.8.txt | 7 +++++++
scripts/pacman-key.sh.in | 37 +++++++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 0 deletions(-)
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 892f14d..6071474 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -59,6 +59,13 @@ Commands
*-h, \--help*::
Output syntax and command line options.
+*\--import* dir ...::
+ Adds keys from pubring.gpg into pacman's keyring and imports ownertrust
+ values from trustdb.gpg in the specified directories.
+
+*\--import-trustdb* dir ...::
+ Imports ownertrust values from trustdb.gpg in the specified directories.
+
*-l, \--list*::
Equivalent to --list-sigs from GnuPG.
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 20ec20f..425f010 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -70,6 +70,8 @@ usage() {
echo "$(gettext " -u, --updatedb Update the trustdb of pacman")"
echo "$(gettext " -V, --version Show program version")"
echo "$(gettext " --adv <params> Use pacman's keyring with advanced gpg commands")"
+ echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")"
+ echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")"
printf "$(gettext " --reload Reload the default keys")"
echo
}
@@ -228,6 +230,27 @@ if [[ $1 != "--version" && $1 != "-V" && $1 != "--help" && $1 != "-h" && $1 != "
fi
fi
+import() {
+ local importdir
+ for importdir in "$@"; do
+ if [[ -f "${importdir}/trustdb.gpg" ]]; then
+ import_trustdb "${importdir}"
+ fi
+ if [[ -f "${importdir}/pubring.gpg" ]]; then
+ ${GPG_PACMAN} --quiet --batch --import "${importdir}/pubring.gpg"
+ fi
+ done
+}
+
+import_trustdb() {
+ local importdir
+ for importdir in "$@"; do
+ if [[ -f "${importdir}/trustdb.gpg" ]]; then
+ gpg --homedir "${importdir}" --export-ownertrust | ${GPG_PACMAN} --import-ownertrust
+ fi
+ done
+}
+
# Parse global options
CONFIG="@sysconfdir@/pacman.conf"
PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg"
@@ -322,6 +345,20 @@ case "${command}" in
;;
-h|--help)
usage; exit 0 ;;
+ --import-trustdb)
+ if (( $# == 0 )); then
+ error "$(gettext "You need to specify at least one trustdb")"
+ exit 1
+ fi
+ import_trustdb "$@"
+ ;;
+ --import)
+ if (( $# == 0 )); then
+ error "$(gettext "You need to specify at least one gpg directory")"
+ exit 1
+ fi
+ import "$@"
+ ;;
-V|--version)
version; exit 0 ;;
*)
--
1.7.6.rc0
More information about the pacman-dev
mailing list