[pacman-dev] [PATCH 2/2] pacman-key: add --refresh-keys operation

Dan McGee dan at archlinux.org
Thu Sep 1 16:36:50 EDT 2011


This allows new signatures to be pulled, revocations to be found, etc.

Signed-off-by: Dan McGee <dan at archlinux.org>
---
 doc/pacman-key.8.txt     |    3 +++
 scripts/pacman-key.sh.in |   11 ++++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 824f0b3..5f94728 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -90,6 +90,9 @@ Options
 *-r, \--recv-keys* <keyid(s)>::
 	Equivalent to '\--recv-keys' in GnuPG.
 
+*\--refresh-keys* [keyid(s)]::
+	Equivalent to '\--refresh-keys' in GnuPG.
+
 *\--populate* [keyring(s)]::
 	Reload the default keys from the (optionally provided) keyrings in
 	+{pkgdatadir}/keyrings+. For more information, see
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index ce95f5d..91a2559 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -41,6 +41,7 @@ LISTSIGS=0
 LSIGNKEY=0
 POPULATE=0
 RECEIVE=0
+REFRESH=0
 UPDATEDB=0
 VERIFY=0
 
@@ -81,6 +82,7 @@ usage() {
 	echo "$(gettext "  --lsign-key <keyid>       Locally sign the specified keyid")"
 	printf "$(gettext "  --populate [keyring(s)] Reload the default keys from the (given) keyrings\n\
                             in '%s'")\n" "@pkgdatadir@/keyrings"
+	echo "$(gettext "  --refresh-keys [keyid(s)] Update specified or all keys from a keyserver")"
 }
 
 version() {
@@ -363,7 +365,8 @@ fi
 OPT_SHORT="a::d:e:f::hl::r:uv:V"
 OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:"
 OPT_LONG+=",help,import:,import-trustdb:,init,list-keys::,list-sigs::"
-OPT_LONG+=",lsign-key:,populate::,recv-keys:,updatedb,verify:,version"
+OPT_LONG+=",lsign-key:,populate::,recv-keys:,refresh-keys::,updatedb"
+OPT_LONG+=",verify:,version"
 if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
 	echo; usage; exit 1 # E_INVALID_OPTION;
 fi
@@ -393,6 +396,7 @@ while true; do
 		--lsign-key)      LSIGNKEY=1; shift; KEYIDS=($1); UPDATEDB=1 ;;
 		--populate)       POPULATE=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYRINGIDS=($1); UPDATEDB=1 ;;
 		-r|--recv-keys)   RECEIVE=1; shift; KEYIDS=($1); UPDATEDB=1 ;;
+		--refresh-keys)   REFRESH=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
 		-u|--updatedb)    UPDATEDB=1 ;;
 		-v|--verify)      VERIFY=1; shift; SIGNATURE=$1 ;;
 
@@ -411,7 +415,7 @@ if ! type -p gpg >/dev/null; then
 	exit 1
 fi
 
-if (( (ADD || DELETE || EDITKEY || IMPORT || IMPORT_TRUSTDB || INIT || LSIGNKEY || POPULATE || RECEIVE || UPDATEDB) && EUID != 0 )); then
+if (( (ADD || DELETE || EDITKEY || IMPORT || IMPORT_TRUSTDB || INIT || LSIGNKEY || POPULATE || RECEIVE || REFRESH || UPDATEDB) && EUID != 0 )); then
 	error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key"
 	exit 1
 fi
@@ -434,7 +438,7 @@ fi
 # check only a single operation has been given
 # don't include UPDATEDB in here as other opts can induce it
 numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + IMPORT + IMPORT_TRUSTDB +
-		INIT + LISTKEYS + LISTSIGS + LSIGNKEY + POPULATE + RECEIVE + VERIFY ))
+		INIT + LISTKEYS + LISTSIGS + LSIGNKEY + POPULATE + RECEIVE + REFRESH + VERIFY ))
 
 case $numopt in
 	0)
@@ -466,6 +470,7 @@ esac
 (( LSIGNKEY )) && "${GPG_PACMAN[@]}" --lsign-key "${KEYIDS[@]}"
 (( POPULATE )) && populate_keyring
 (( RECEIVE )) && "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}"
+(( REFRESH )) && "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}"
 (( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE
 
 if (( UPDATEDB )); then
-- 
1.7.6



More information about the pacman-dev mailing list