diff options
author | Allan McRae <allan@archlinux.org> | 2011-07-09 13:51:01 +0200 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2011-07-19 02:27:54 +0200 |
commit | 31c9a521b47a84ae01f3f9c9e25980694e1c472d (patch) | |
tree | 4c8e46c757bd9b7d171291e3ecaef425257f059d /scripts/pacman-key.sh.in | |
parent | 0c9e86bab17691bf17c4251b2e16d65f517b88c8 (diff) | |
download | pacman-31c9a521b47a84ae01f3f9c9e25980694e1c472d.tar.gz pacman-31c9a521b47a84ae01f3f9c9e25980694e1c472d.tar.xz |
pacman-key: check required permissions on keyring
Makes sure that the pacman keyring is readable and that the user
has permissions to create a lock file if lock-never is not specified
in the gpg.conf file.
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/pacman-key.sh.in')
-rw-r--r-- | scripts/pacman-key.sh.in | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index d7129e53..972749f2 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -112,6 +112,25 @@ initialize() { fi } +check_keyring() { + if [[ ! -r ${PACMAN_KEYRING_DIR}/pubring.gpg || \ + ! -r ${PACMAN_KEYRING_DIR}/secring.gpg || \ + ! -r ${PACMAN_KEYRING_DIR}/trustdb.gpg ]]; then + error "$(gettext "You do not have sufficient permissions to read the %s keyring...")" "pacman" + msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init" + exit 1 + fi + + if (( (EXPORT || FINGER || LIST || VERIFY) && EUID != 0 )); then + if ! grep -w -q "lock-never" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then + error "$(gettext "You do not have sufficient permissions to run this command...")" + msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init" + exit 1 + fi + fi + +} + verify_keyring_input() { local ret=0; @@ -344,6 +363,7 @@ if (( numopt != 1 )); then exit 1 fi +(( ! INIT )) && check_keyring (( ADD )) && ${GPG_PACMAN} --quiet --batch --import "${KEYFILES[@]}" (( DELETE )) && ${GPG_PACMAN} --quiet --batch --delete-key --yes "${KEYIDS[@]}" |