summaryrefslogtreecommitdiffstats
path: root/scripts/pacman-key.sh.in
AgeCommit message (Collapse)AuthorFilesLines
2018-05-12remove unneeded break argument from option parsingRafael Ascensão1-1/+1
Some scripts are using `break 2` to break out of the option parsing loop. Since a single `break` is sufficient in these cases, remove the extra argument. Signed-off-by: Rafael Ascensão <rafa.almas@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-14Added gpg-agent.conf to disable the gnupg scdaemonEric Renfro via pacman-dev1-0/+6
This fixes an issue where smartcards, such a Yubikey, would cause the keyring to fail locally signing, thus also failing to verify signed packages. Signed-off-by: Eric Renfro <psi-jack@linux-help.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-14Update coyrights for 2018Allan McRae1-2/+2
make update-copyright OLD=2017 NEW=201 Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-19pacman-key: do not set a default keyserverEli Schwartz1-4/+0
Recent versions of GnuPG are perfectly capable of using sane defaults, and the default SKS keyserver over hkps:// is better than hardcoding the same keyserver over hkp:// anyway. Fixes FS#55278 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-19use pacman-conf in scriptsAndrew Gregory1-1/+1
Because parsing pacman.conf is so difficult that even we can't do it right. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae1-2/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22makepkg: Move parseopts from library to libmakepkgAlad Wenter1-2/+5
parseopts is used in makepkg and other scripts such as pacman-key as a getopt replacement. Instead of including it in those scripts via a macro, move it to libmakepkg/util/parseopts.sh and have scripts source this file where appropriate. To keep the parseopts test, a new variable was introduced: PM_LIBMAKEPKG_DIR Signed-off-by: Alad Wenter <alad@archlinux.info> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30pacman-key: reject armored signaturesAllan McRae1-0/+4
pacman expects an unarmored signature. makepkg forces the generation of unarmored signatures, and repo-add will reject any armored signature. For consistency pacman-key should also reject armored signatures. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18Use a more generic regexp when parsing output of gpg(1) in signature ↵Leonid Isaev1-1/+1
verification. The current way of extracting key trust from output of gpg --verify is not very robust against changes in the format of said output. As a result, pacman-key can return an error even if the signature is actuall good. This change relaxes the regexp when parsing output of gpg. Signed-off-by: Leonid Isaev <leonid.isaev@jila.colorado.edu> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-01-04Update copyright years for 2016Allan McRae1-2/+2
make update-copyright OLD=2015 NEW=2016 Signed-off-by: Allan McRae <allan@archlinux.org>
2015-10-19Remove space before ellipsesAllan McRae1-1/+1
Makes all use of ellipses consistent... Signed-off-by: Allan McRae <allan@archlinux.org>
2015-02-01Update copyright notices for 2015Allan McRae1-2/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-21pacman-key: compatibility with gnupg-2.1Tobias Powalowski1-0/+1
GnuPG 2.1 no longer allow empty passphrases by default. Signed-off-by: Allan McRae <allan@archlinux.org>
2014-08-09pacman-key: stricter parsing for -verifyAllan McRae1-1/+1
Prevents trust being spoofed by using TRUST_FULLY in the signatory's name or in an added notation. Fixes FS#41147. Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-28Remove ts and sw from vim modeline when noet is setFlorian Pritz1-1/+1
Forcing vim users to view files with a tabstop of 2 seems really unnecessary when noet is set. I find it much easier to read code with ts=4 and I dislike having to override the modeline by hand. Command run: find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} + Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-06Update copyright years for 2014Allan McRae1-2/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-04pacman-key: Do not reinterpret keys from revoked keyringsDave Reisner1-11/+4
Given a revoked keyring containing only: BC1FBE4D2826A0B51E47ED62E2539214C6C11350 We should only disable this specific keyid. This change enforces that the contents of the -revoked keyring file are full fingerprints which can uniquely identify a key. Before: # pacman-key --populate archlinux ==> Appending keys from archlinux.gpg... ==> Locally signing trusted keys in keyring... -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2... -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8... -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887... -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0... -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7... ==> Importing owner trust values... ==> Disabling revoked keys in keyring... -> Disabling key 1390420191... -> Disabling key E2539214C6C11350... -> Disabling key 8544EA82113502DE... ==> Updating trust database... gpg: next trustdb check due at 2014-01-22 After: # pacman-key --populate archlinux ==> Appending keys from archlinux.gpg... ==> Locally signing trusted keys in keyring... -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2... -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8... -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887... -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0... -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7... ==> Importing owner trust values... ==> Disabling revoked keys in keyring... -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350... ==> Updating trust database... gpg: next trustdb check due at 2014-01-22 Partially addresses FS#35478. This does nothing to confirm whether or not the key was successfully disabled -- a ridiculously simple request which appears to be far too difficult for gpg to manage. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-08scripts: Add color to pacman-keyWilliam Giokas1-1/+4
Use --nocolor to suppress colored output from pacman-key, otherwise output will be in color. Signed-off-by: William Giokas <1007380@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04pacman-key: reduce verbosity of --populatePierre Schmitz1-1/+1
Do not bother the user with gpg's verbose output. Signed-off-by: Pierre Schmitz <pierre@archlinux.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04pacman-key: handle local signing of multiple keysAllan McRae1-8/+14
gpg --lsign-key does not like being given multiple keys to sign. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-03Update copyright year for 2013Allan McRae1-2/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2012-08-02pacman-key: Use lsign_keys function in --populatePierre Schmitz1-1/+2
This reduces code duplication and also makes --populate a non-interactive function. Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2012-05-21Merge branch 'maint'Dan McGee1-8/+8
Conflicts: scripts/pacman-key.sh.in
2012-05-21pacman-key: use mapfile over readDave Reisner1-1/+1
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-05-21pacman-key: test for content in keyring filesDave Reisner1-3/+3
Test for file content (-s) rather than just existance (-f). This fixes a bug that manifests itself in the case of an empty -revoked file. A zero element 'keys' array would be passed to gpg, forcing it to list and, subsequently, revoke all known keys. Bug introduced in d1240f67eab6. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-05-04pacman-key: clarify messages, s/keychain/keyring/Dan McGee1-5/+5
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-24pacman-key: lookup keys before receivingDave Reisner1-1/+40
Perform a search for keys that clearly aren't key IDs. This allows receiving keys by name or email address, but only if the key resolves unambiguously. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-04-24pacman-key: allow verification of multiple sig filesDave Reisner1-5/+10
Loop through arguments passed to verify_sig and treat each as a signature to be verified against a source file. Output each file as its checked to avoid ambiguity. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-04-24scripts: avoid dumping usage on parser failDave Reisner1-1/+1
Avoid letting the error message from parseopts get lost in the usage output from pacman-key and makepkg (which is already verbose).
2012-04-24pacman-key: adopt parseopts for option parsingDave Reisner1-85/+94
This requires an ugly amount of reworking of how pacman-key handles options. The change simply to avoid passing keys, files, and directories as arguments to options, but to leave them as arguments to the overall program. This is reasonable since pacman-key limits the user to essentially one operation per invocation (like pacman). Since we now pass around the positional parameters to the various operations, we can add some better sanity checking. Each operation is responsible for testing input and making sure it can operate properly, otherwise it throws an error and exits. The doc is updated to reflect this, and uses similar verbiage as pacman, describing the non-option arguments now passed to pacman-key as targets. Similar to the doc, --help is reorganized to separate operations and options and remove argument tokens from operations. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-04-09Merge branch 'maint'Dan McGee1-5/+1
2012-04-09pacman-key: avoid use of tempfile in verify_sigDave Reisner1-5/+1
Use --status-fd rather than --status-file to keep this contained in a pipeline. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-04-09pacman-key: verify TRUST_ULTIMATE keys as goodDave Reisner1-1/+1
Extend our grep pattern to match TRUST_ULTIMATE, not just TRUST_FULLY, as these keys are to be trusted as well. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-07Merge branch 'maint'Dan McGee1-6/+10
Conflicts: lib/libalpm/signing.c lib/libalpm/sync.c
2012-04-07Revert "parseopts: normalize options into an array"Dave Reisner1-3/+3
This was really only half a fix for FS#28445, as it still doesn't correctly handle the case of filenames with spaces. In the short term, there is no obvious fix for this. In the long term, I believe the correct decision is to rewrite the options parser to be more in line with GNU getopt_long. This reverts commits: ca4142714137b16feabac09c4cda86b0a75036f8. 969dcddbdf9d5dbd91aa414cdd193f3fb26b644b.
2012-04-07pacman-key: Actually verify signatures and exit with correct codesPierre Schmitz1-1/+5
We cannot rely on gpg's exit code. Instead we have to check the status-fd to figure out whether a signature is valid or not. In addition to this pacman-key --verify can now be used in scripts as it will return an exit code of 1 if the signature is invalid. Signed-off-by: Pierre Schmitz <pierre@archlinux.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-29pacman-key: change to more reliable default keyserverAllan McRae1-1/+1
User reports indicate that the SKS keyservers are more reliable than both the gnupg.net and mit.edu ones. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-29pacman-key: make the -e option work as advertisedAllan McRae1-1/+1
Using -e without arguments failed to export all keys. Using --export worked as expected. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-09Merge branch 'maint'Dan McGee1-39/+0
Conflicts: lib/libalpm/be_package.c
2012-03-05pacman-key: Remove useless signature verification in --populate commandPierre Schmitz1-39/+0
Verifing the keyring at this point is useless as a malicious package is already installed and as such has several options to bypass this check anyway. Signed-off-by: Pierre Schmitz <pierre@archlinux.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-21Merge branch 'maint'Dan McGee1-3/+3
Conflicts: contrib/pacsysclean.in src/pacman/conf.h
2012-02-17parseopts: normalize options into an arrayDave Reisner1-3/+3
Modify parse_options logic to fill an array instead of printing parsed options. Avoid eval like the plague. Because it is the plague. Fixes bugs such as FS#28445. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-31Merge branch 'maint'Dan McGee1-25/+25
Conflicts: scripts/makepkg.sh.in
2012-01-31pacman-key: call gpg fewer times for revocation keysDave Reisner1-6/+5
Instead of iterating over the revocation keyfile and calling gpg once for each key, map the file into an array and call gpg once, iterating over this output to mark each key as revoked. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-31pacman-key: simplify trusted keyring iterationDave Reisner1-8/+6
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-31scripts: always use printf with embedded gettextDave Reisner1-25/+25
This addresses two problems: 1) echo's behavior is inconsistent when dealing with flags, and can potentially be problematic. $ echo -n $ echo -- -n -- -n 2) Always using the end of options markers prevents translated strings from throwing errors, as shown in FS#28069. The remaining "inconsistencies" are because printf is being used in a guaranteed safe manner, e.g. printf '%s\n' "$(gettext "--this can never break")" Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-23Merge branch 'maint'Dan McGee1-30/+144
Conflicts: lib/libalpm/diskspace.c src/pacman/util.h
2012-01-19Update copyright on changed files since beginning of yearDan McGee1-2/+2
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-19Improve exit statuses and error messages in pacman-keycanyonknight1-23/+95
Return codes from gpg commands are currently lost. This adds the functionality of taking non-zero exit statuses from gpg. This includes error reporting for all gpg commands that are run individually, run in a loop, and run through a pipe. Includes the check_keyids_exist function which verifies a key exists locally prior to attempted local manipulation of the key. If a gpg command has a non-zero status, pacman-key will now exit with a non-zero status. It will print a gettext error message of gpg's failure. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-19Turn gpg commands into functions in pacman-keycanyonknight1-16/+58
Adds functions for every gpg command. By pulling out the gpg commands from the "program start" section, additional commands can be run before or after a specific gpg command without adding additional clutter to the function call section. Adds an explicit exit status of 0 to prevent arithmetic expansions from returning non-zero, thereby falsely causing pacman-key to have a non-zero exit status. This change creates the framework for additional error messages and better exit statuses being added to every pacman-key gpg call. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>