[pacman-dev] [PATCH 6/8] pacman-key: allow verification of multiple sig files

[Dave Reisner]

On Thu, Apr 12, 2012 at 11:25 PM, Allan McRae <allan at archlinux.org> wrote:

> On 13/04/12 00:54, Dave Reisner wrote:
> > Loop through arguments passed to verify_sig and treat each as a
> > signature to be verified against a source file. Output each file as its
> > checked to avoid ambiguity.
> >
> > Signed-off-by: Dave Reisner <dreisner at archlinux.org>
> > ---
> >  doc/pacman-key.8.txt     |    2 +-
> >  scripts/pacman-key.sh.in |   15 ++++++++++-----
> >  2 files changed, 11 insertions(+), 6 deletions(-)
> >
> > diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
> > index 96ac31c..4a2122f 100644
> > --- a/doc/pacman-key.8.txt
> > +++ b/doc/pacman-key.8.txt
> > @@ -96,7 +96,7 @@ Operations
> >       Displays the program version.
> >
> >  *-v, \--verify*::
> > -     Verify the given signature file.
> > +     Verify the given targets as signature files.
>
> Not sure I like this wording...  How about sticking with the wording in
> --help  "Verify the file(s) specified by the signature(s)".
>
>
Agreed.


>
> >
> >  Options
> >  -------
> > diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> > index b2c3da9..2083a60 100644
> > --- a/scripts/pacman-key.sh.in
> > +++ b/scripts/pacman-key.sh.in
> > @@ -66,7 +66,7 @@ usage() {
> >       printf -- "$(gettext "  -l, --list-keys           List the
> specified or all keys")\n"
> >       printf -- "$(gettext "  -r, --recv-keys           Fetch the
> specified keyids")\n"
> >       printf -- "$(gettext "  -u, --updatedb            Update the
> trustdb of pacman")\n"
> > -     printf -- "$(gettext "  -v, --verify              Verify the file
> specified by the signature")\n"
> > +     printf -- "$(gettext "  -v, --verify              Verify the
> file(s) specified by the signature(s)")\n"
> >       printf -- "$(gettext "  --edit-key                Present a menu
> for key management task on keyids")\n"
> >       printf -- "$(gettext "  --import                  Imports
> pubring.gpg from dir(s)")\n"
> >       printf -- "$(gettext "  --import-trustdb          Imports
> ownertrust values from trustdb.gpg in dir(s)")\n"
> > @@ -455,10 +455,15 @@ refresh_keys() {
> >  }
> >
> >  verify_sig() {
> > -     if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$1" | grep -qE
> 'TRUST_(FULLY|ULTIMATE)'; then
> > -             error "$(gettext "The signature identified by %s could not
> be verified.")" "$1"
> > -             exit 1
> > -     fi
> > +     local ret=0
> > +     for sig; do
> > +             msg "Checking %s ..." "$sig"
> > +             if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" |
> grep -qE 'TRUST_(FULLY|ULTIMATE)'; then
> > +                     error "$(gettext "The signature identified by %s
> could not be verified.")" "$sig"
> > +                     ret=1
> > +             fi
> > +     done
> > +     exit $ret
> >  }
> >
> >  updatedb() {
>
>
>