diff options
| author | Dan McGee <dan@archlinux.org> | 2011-09-21 23:19:12 +0200 |
|---|---|---|
| committer | Dan McGee <dan@archlinux.org> | 2011-09-22 18:15:39 +0200 |
| commit | 7d961c849bf4dab481e261bdb91304f6a4744d8c (patch) | |
| tree | 9ca528ab4bee432ca0aedf8289fe7cc3f4f4f973 | |
| parent | 6767de5380d97f6544ca3968b83b74120dfcbeca (diff) | |
| download | pacman-7d961c849bf4dab481e261bdb91304f6a4744d8c.tar.gz pacman-7d961c849bf4dab481e261bdb91304f6a4744d8c.tar.xz | |
pacman-key: disable, don't remove, revoked keys
Unlike our protégé apt-key, removing a key from our keyring is not
sufficient to prevent it from being trusted or used for verification. We
are better off flagging it as disabled and leaving it in the keyring so
it cannot be reimported or fetched at a later date from a keyserver and
continue to be used.
Implement the logic to disable the key instead of delete it, figuring
out --command-fd in the process.
Note that the surefire way to disable a key involves including said key
in the keyring package, such that it is both in foobar.gpg and
foobar-revoked.
Signed-off-by: Dan McGee <dan@archlinux.org>
| -rw-r--r-- | scripts/pacman-key.sh.in | 34 |
1 files changed, 13 insertions, 21 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 39da83da..72614c6e 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -275,22 +275,14 @@ populate_keyring() { # Read the revoked key IDs to an array. The conversion from whatever is inside the file # to key ids is important, because key ids are the only guarantee of identification # for the keys. - local -A removed_ids + local -A revoked_ids for keyring in "${KEYRINGIDS[@]}"; do if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then while read key; do - local key_values name - # extract key ID (field 5) and the name of owner (field 10) - key_values="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')" - if [[ -n $key_values ]]; then - # The first word is the key_id - key_id="${key_values%% *}" - # the rest is the name of the owner - name="${key_values#* }" - if [[ -n ${key_id} ]]; then - # Mark this key to be deleted - removed_ids[$key_id]="$name" - fi + key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)" + if [[ -n ${key_id} ]]; then + # Mark this key to be disabled + revoked_ids[$key_id]="${keyring}" fi done < "${KEYRING_IMPORT_DIR}/${keyring}-revoked" fi @@ -300,19 +292,19 @@ populate_keyring() { # of keys to be removed if [[ -f "${PACMAN_KEYRING_DIR}/holdkeys" ]]; then while read key; do - key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)" - if [[ -n "${removed_ids[$key_id]}" ]]; then - unset removed_ids[$key_id] + key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)" + if [[ -n "${revoked_ids[$key_id]}" ]]; then + unset revoked_ids[$key_id] fi done < "${PACMAN_KEYRING_DIR}/holdkeys" fi # Remove the keys not marked to keep - if (( ${#removed_ids[@]} > 0 )); then - msg "$(gettext "Removing revoked keys from keyring...")" - for key_id in "${!removed_ids[@]}"; do - echo " removing key $key_id - ${removed_ids[$key_id]}" - "${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}" + if (( ${#revoked_ids[@]} > 0 )); then + msg "$(gettext "Disabling revoked keys in keyring...")" + for key_id in "${!revoked_ids[@]}"; do + msg2 "$(gettext "Disabling key %s...")" "${key_id}" + printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null done fi } |