diff options
author | Allan McRae <allan@archlinux.org> | 2012-06-19 06:55:35 +0200 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2013-01-04 12:49:38 +0100 |
commit | 09295f7e40a990971b81c3ebfea474bae873c223 (patch) | |
tree | cabf67e07a2e3c8eecbd17dd5d139584c300d596 /scripts/pacman-key.sh.in | |
parent | 86eefc1a3a3419bb41b2acab521a476db0d2a7ce (diff) | |
download | pacman-09295f7e40a990971b81c3ebfea474bae873c223.tar.gz pacman-09295f7e40a990971b81c3ebfea474bae873c223.tar.xz |
pacman-key: handle local signing of multiple keys
gpg --lsign-key does not like being given multiple keys to sign.
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/pacman-key.sh.in')
-rw-r--r-- | scripts/pacman-key.sh.in | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index ef4ab306..9561c7f2 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -300,10 +300,7 @@ populate_keyring() { if (( ${#trusted_ids[@]} > 0 )); then msg "$(gettext "Locally signing trusted keys in keyring...")" - for key_id in "${!trusted_ids[@]}"; do - msg2 "$(gettext "Locally signing key %s...")" "${key_id}" - lsign_keys "${key_id}" - done + lsign_keys "${!trusted_ids[@]}" msg "$(gettext "Importing owner trust values...")" for keyring in "${KEYRINGIDS[@]}"; do if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then @@ -440,10 +437,19 @@ list_sigs() { lsign_keys() { check_keyids_exist - # we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid - printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "$@" 2>/dev/null - if (( PIPESTATUS[1] )); then - error "$(gettext "A specified key could not be locally signed.")" + + local ret=0 + for key_id in "$@"; do + msg2 "$(gettext "Locally signing key %s...")" "${key_id}" + # we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid + printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null + if (( PIPESTATUS[1] )); then + error "$(gettext "%s could not be locally signed.")" "${key_id}" + ret=1 + fi + done + + if (( ret )); then exit 1 fi } |