summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDJ Mills <danielmills1@gmail.com>2011-07-20 06:28:39 +0200
committerDan McGee <dan@archlinux.org>2011-07-27 19:47:46 +0200
commitc5d4c92ad411998b9d47d7bf89d84af547117be4 (patch)
treefbedb229f6ed56ec1160e7c256dda0de4018ac12
parentd9875c5e6cbc0b59a4ba7c56e974da3d138f235d (diff)
downloadpacman-c5d4c92ad411998b9d47d7bf89d84af547117be4.tar.gz
pacman-c5d4c92ad411998b9d47d7bf89d84af547117be4.tar.xz
pacman-key: change GPG_PACMAN and GPG_NOKEYRING to arrays
Allows the commands to safely handle any possible arguments Signed-off-by: DJ Mills <danielmills1@gmail.com> Allan: rebase patch Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--scripts/pacman-key.sh.in48
1 files changed, 24 insertions, 24 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 61b846b1..ab0318e6 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -101,7 +101,7 @@ initialize() {
# keyring files
[[ -f ${PACMAN_KEYRING_DIR}/pubring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/pubring.gpg
[[ -f ${PACMAN_KEYRING_DIR}/secring.gpg ]] || touch ${PACMAN_KEYRING_DIR}/secring.gpg
- [[ -f ${PACMAN_KEYRING_DIR}/trustdb.gpg ]] || ${GPG_PACMAN} --update-trustdb
+ [[ -f ${PACMAN_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACMAN[@]}" --update-trustdb
chmod 644 ${PACMAN_KEYRING_DIR}/{{pub,sec}ring,trustdb}.gpg
# gpg.conf
@@ -137,7 +137,7 @@ verify_keyring_input() {
# Verify signatures of related files, if they exist
if [[ -r "${ADDED_KEYS}" ]]; then
msg "$(gettext "Verifying official keys file signature...")"
- if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then
+ if ! "${GPG_PACMAN[@]}" --verify "${ADDED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
ret=1
fi
@@ -145,7 +145,7 @@ verify_keyring_input() {
if [[ -r "${DEPRECATED_KEYS}" ]]; then
msg "$(gettext "Verifying deprecated keys file signature...")"
- if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
+ if ! "${GPG_PACMAN[@]}" --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
ret=1
fi
@@ -153,7 +153,7 @@ verify_keyring_input() {
if [[ -r "${REMOVED_KEYS}" ]]; then
msg "$(gettext "Verifying deleted keys file signature...")"
- if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
+ if ! "${GPG_PACMAN[@]}" --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
ret=1
fi
@@ -164,7 +164,7 @@ verify_keyring_input() {
reload_keyring() {
local PACMAN_SHARE_DIR='@prefix@/share/pacman'
- local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
+ local GPG_NOKEYRING=(gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR})
# Variable used for iterating on keyrings
local key
@@ -189,7 +189,7 @@ reload_keyring() {
if [[ -r "${REMOVED_KEYS}" ]]; then
while read key; do
local key_values name
- key_values="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')"
+ key_values="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')"
if [[ -n $key_values ]]; then
# The first word is the key_id
key_id="${key_values%% *}"
@@ -209,7 +209,7 @@ reload_keyring() {
# Remove the keys that must be kept from the set of keys that should be removed
if [[ -n ${HOLD_KEYS} ]]; then
for key in ${HOLD_KEYS}; do
- key_id="$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)"
+ key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)"
if [[ -n "${removed_ids[$key_id]}" ]]; then
unset removed_ids[$key_id]
fi
@@ -220,22 +220,22 @@ reload_keyring() {
# be updated automatically.
if [[ -r "${ADDED_KEYS}" ]]; then
msg "$(gettext "Appending official keys...")"
- local add_keys="$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)"
+ local add_keys="$("${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)"
for key_id in ${add_keys}; do
# There is no point in adding a key that will be deleted right after
if [[ -z "${removed_ids[$key_id]}" ]]; then
- ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import
+ "${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import
fi
done
fi
if [[ -r "${DEPRECATED_KEYS}" ]]; then
msg "$(gettext "Appending deprecated keys...")"
- local add_keys="$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)"
+ local add_keys="$("${GPG_NOKEYRING[@]}" --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)"
for key_id in ${add_keys}; do
# There is no point in adding a key that will be deleted right after
if [[ -z "${removed_ids[$key_id]}" ]]; then
- ${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import
+ "${GPG_NOKEYRING[@]}" --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import
fi
done
fi
@@ -245,13 +245,13 @@ reload_keyring() {
msg "$(gettext "Removing deleted keys from keyring...")"
for key_id in "${!removed_ids[@]}"; do
echo " removing key $key_id - ${removed_ids[$key_id]}"
- ${GPG_PACMAN} --quiet --batch --yes --delete-key "${key_id}"
+ "${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}"
done
fi
# Update trustdb, just to be sure
msg "$(gettext "Updating trust database...")"
- ${GPG_PACMAN} --batch --check-trustdb
+ "${GPG_PACMAN[@]}" --batch --check-trustdb
}
receive_keys() {
@@ -259,14 +259,14 @@ receive_keys() {
error "$(gettext "You need to specify the keyserver and at least one key identifier")"
exit 1
fi
- ${GPG_PACMAN} --keyserver "$KEYSERVER" --recv-keys "${KEYIDS[@]}"
+ "${GPG_PACMAN[@]}" --keyserver "$KEYSERVER" --recv-keys "${KEYIDS[@]}"
}
edit_keys() {
local errors=0;
for key in ${KEYIDS[@]}; do
# Verify if the key exists in pacman's keyring
- if ! ${GPG_PACMAN} --list-keys "$key" &>/dev/null; then
+ if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null; then
error "$(gettext "The key identified by %s does not exist")" "$key"
errors=1;
fi
@@ -274,7 +274,7 @@ edit_keys() {
(( errors )) && exit 1;
for key in ${KEYIDS[@]}; do
- ${GPG_PACMAN} --edit-key "$key"
+ "${GPG_PACMAN[@]}" --edit-key "$key"
done
}
@@ -345,7 +345,7 @@ fi
# file, falling back on a hard default
PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "@sysconfdir@/pacman.d/gnupg")}
-GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning"
+GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning)
# check only a single operation has been given
numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + INIT + LIST + RECEIVE + RELOAD + UPDATEDB + VERIFY ))
@@ -364,16 +364,16 @@ esac
(( ! INIT )) && check_keyring
-(( ADD )) && ${GPG_PACMAN} --quiet --batch --import "${KEYFILES[@]}"
-(( DELETE )) && ${GPG_PACMAN} --quiet --batch --delete-key --yes "${KEYIDS[@]}"
+(( ADD )) && "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}"
+(( DELETE )) && "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}"
(( EDITKEY )) && edit_keys
-(( EXPORT )) && ${GPG_PACMAN} --armor --export "${KEYIDS[@]}"
-(( FINGER )) && ${GPG_PACMAN} --batch --fingerprint "${KEYIDS[@]}"
+(( EXPORT )) && "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}"
+(( FINGER )) && "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}"
(( INIT )) && initialize
-(( LIST )) && ${GPG_PACMAN} --batch --list-sigs "${KEYIDS[@]}"
+(( LIST )) && "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}"
(( RECEIVE )) && receive_keys
(( RELOAD )) && reload_keyring
-(( UPDATEDB )) && ${GPG_PACMAN} --batch --check-trustdb
-(( VERIFY )) && ${GPG_PACMAN} --verify $SIGNATURE
+(( UPDATEDB )) && "${GPG_PACMAN[@]}" --batch --check-trustdb
+(( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE
# vim: set ts=2 sw=2 noet: