[pacman-dev] [PATCH] pacman-key: Add --quiet to a few more gpg invocations

Daan De Meyer daan.j.demeyer at gmail.com
Wed Aug 25 20:42:22 UTC 2021 

Currently, when running pacman-key --populate, gpg prints the
trustdb check output once for each locally signed and revoked key.
When bootstrapping a new container image, about 50 keys get signed
and revoked which leads to a huge amount of output when running
pacman-key which is the following text repeated 50x

```
gpg: checking the trustdb
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   6  signed:  83  trust: 0-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2  valid:  78  signed:  25  trust: 78-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2021-12-01
```

To avoid overloading the user with gpg output, we add --quiet to the gpg
calls generating the trustdb checking output to silence those calls which
gets rid of the trustdb check output on the terminal.

Signed-off-by: Daan De Meyer <daan.j.demeyer at gmail.com>
---
 scripts/pacman-key.sh.in | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 50342649..0526532f 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -192,7 +192,7 @@ check_keyids_exist() {
 }
 
 key_is_lsigned() {
-	secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | awk -F : 'NR==1 {print $5}')
+	secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key --quiet | awk -F : 'NR==1 {print $5}')
 	while IFS=: read -r type valid _ _ sign_key _; do
 		if [[ $type != "sig" || $valid != "!" ]]; then
 			continue
@@ -200,7 +200,7 @@ key_is_lsigned() {
 		if [[ "$sign_key" == "$secret_key" ]]; then
 			return 0
 		fi
-	done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
+	done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures --quiet "$1")
 	return 1
 }
 
@@ -212,7 +212,7 @@ key_is_revoked() {
 		if [[ $flags == *"D"* ]]; then
 			return 0
 		fi
-	done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
+	done < <("${GPG_PACMAN[@]}" --with-colons --list-key --quiet "$1")
 	return 1
 }
 
-- 
2.33.0

More information about the pacman-dev mailing list