[pacman-dev] [PATCH 2/2] pacman-key: hid lsign and revoke spam behind --verbose

Allan McRae allan at archlinux.org
Sun Nov 3 23:35:32 UTC 2019 

On 4/11/19 3:14 am, Matthew Sexton wrote:
> To cut down on spam during --populate, both locally signing and
> revoking keys now hide the specific keys being signed or revoked,
> but can be shown with --verbose. A count was added, to show the
> number of keys signed/revoked during the process.

Typo in commit subject - hid -> hide.  Also change "spam" to output.


> This commit closes:
> FS#64142 - pacman-key: make populate less noisy

There is an addition comment in the bug:
"Additionally, we should consider only counting keys to be disabled that
are not currently disabled. Same with lsign key."

So, partially implements FS#64142.


Minor comment below.

> Signed-off-by: Matthew Sexton <wsdmatty at gmail.com>
> ---
>  scripts/pacman-key.sh.in | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> index a59dba52..4eea248b 100644
> --- a/scripts/pacman-key.sh.in
> +++ b/scripts/pacman-key.sh.in
> @@ -334,11 +334,16 @@ populate_keyring() {
>  	done
>  
>  	if (( ${#revoked_ids[@]} > 0 )); then
> +		local key_count=0
>  		msg "$(gettext "Disabling revoked keys in keyring...")"
>  		for key_id in "${!revoked_ids[@]}"; do
> -			msg2 "$(gettext "Disabling key %s...")" "${key_id}"
> +			key_count=$((key_count+1))

Putting the key counting at the end would be useful if in the future we
detect those keys already disabled and don't re-disable them.

> +			if (( VERBOSE )); then
> +				msg2 "$(gettext "Disabling key %s...")" "${key_id}"
> +			fi
>  			printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
>  		done
> +		msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
>  	fi
>  }
>  
> @@ -447,19 +452,24 @@ lsign_keys() {
>  	check_keyids_exist
>  
>  	local ret=0
> +	local key_count=0
>  	for key_id in "$@"; do
> -		msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
> +		if (( VERBOSE )); then
> +			msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
> +		fi
>  		# we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid
>  		printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null
>  		if (( PIPESTATUS[1] )); then
>  			error "$(gettext "%s could not be locally signed.")" "${key_id}"
>  			ret=1
>  		fi
> +		key_count=$((key_count+1))
>  	done
>  
>  	if (( ret )); then
>  		exit 1
>  	fi
> +	msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
>  }
>  
>  receive_keys() {
>

More information about the pacman-dev mailing list