summaryrefslogtreecommitdiffstats
path: root/scripts/pacman-key.sh.in
AgeCommit message (Collapse)AuthorFilesLines
2012-05-04pacman-key: clarify messages, s/keychain/keyring/Dan McGee1-5/+5
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-09pacman-key: avoid use of tempfile in verify_sigDave Reisner1-5/+1
Use --status-fd rather than --status-file to keep this contained in a pipeline. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-04-09pacman-key: verify TRUST_ULTIMATE keys as goodDave Reisner1-1/+1
Extend our grep pattern to match TRUST_ULTIMATE, not just TRUST_FULLY, as these keys are to be trusted as well. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-07Revert "parseopts: normalize options into an array"Dave Reisner1-3/+3
This was really only half a fix for FS#28445, as it still doesn't correctly handle the case of filenames with spaces. In the short term, there is no obvious fix for this. In the long term, I believe the correct decision is to rewrite the options parser to be more in line with GNU getopt_long. This reverts commits: ca4142714137b16feabac09c4cda86b0a75036f8. 969dcddbdf9d5dbd91aa414cdd193f3fb26b644b.
2012-04-07pacman-key: Actually verify signatures and exit with correct codesPierre Schmitz1-1/+5
We cannot rely on gpg's exit code. Instead we have to check the status-fd to figure out whether a signature is valid or not. In addition to this pacman-key --verify can now be used in scripts as it will return an exit code of 1 if the signature is invalid. Signed-off-by: Pierre Schmitz <pierre@archlinux.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-29pacman-key: change to more reliable default keyserverAllan McRae1-1/+1
User reports indicate that the SKS keyservers are more reliable than both the gnupg.net and mit.edu ones. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-29pacman-key: make the -e option work as advertisedAllan McRae1-1/+1
Using -e without arguments failed to export all keys. Using --export worked as expected. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-05pacman-key: Remove useless signature verification in --populate commandPierre Schmitz1-39/+0
Verifing the keyring at this point is useless as a malicious package is already installed and as such has several options to bypass this check anyway. Signed-off-by: Pierre Schmitz <pierre@archlinux.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-17parseopts: normalize options into an arrayDave Reisner1-3/+3
Modify parse_options logic to fill an array instead of printing parsed options. Avoid eval like the plague. Because it is the plague. Fixes bugs such as FS#28445. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-31scripts: always use printf with embedded gettextDave Reisner1-25/+25
This addresses two problems: 1) echo's behavior is inconsistent when dealing with flags, and can potentially be problematic. $ echo -n $ echo -- -n -- -n 2) Always using the end of options markers prevents translated strings from throwing errors, as shown in FS#28069. The remaining "inconsistencies" are because printf is being used in a guaranteed safe manner, e.g. printf '%s\n' "$(gettext "--this can never break")" Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-19Update copyright on changed files since beginning of yearDan McGee1-2/+2
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-19Improve exit statuses and error messages in pacman-keycanyonknight1-23/+95
Return codes from gpg commands are currently lost. This adds the functionality of taking non-zero exit statuses from gpg. This includes error reporting for all gpg commands that are run individually, run in a loop, and run through a pipe. Includes the check_keyids_exist function which verifies a key exists locally prior to attempted local manipulation of the key. If a gpg command has a non-zero status, pacman-key will now exit with a non-zero status. It will print a gettext error message of gpg's failure. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-19Turn gpg commands into functions in pacman-keycanyonknight1-16/+58
Adds functions for every gpg command. By pulling out the gpg commands from the "program start" section, additional commands can be run before or after a specific gpg command without adding additional clutter to the function call section. Adds an explicit exit status of 0 to prevent arithmetic expansions from returning non-zero, thereby falsely causing pacman-key to have a non-zero exit status. This change creates the framework for additional error messages and better exit statuses being added to every pacman-key gpg call. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-23pacman-key: Add missing quotesTimothy Redaelli1-3/+3
Signed-off-by: Timothy Redaelli <timothy.redaelli@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-17pacman-key: add a default keyserver timeout value on --initDan McGee1-0/+1
The default is supposidely 30 seconds from the gpg manpage, but that sure wasn't what I was seeing- it was somewhere closer to two minutes of silence. Add a more reasonable 10 second timeout value which should be good enough for any keyserver that doesn't totally stink at it's job. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-11pacman-key: don't escape single quote in usage messageDan McGee1-1/+1
This screws up gettext and causes the message to display always untranslated. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-06pacman-key: treat foo-trusted as an ownertrust export fileDan McGee1-6/+18
This allows it to serve double-duty. In order to allow users to base verification decisions off of both a valid signature and a trusted signature, we need to assign some level of owner trust to the keys we designate as trusted on import. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-06pacman-key: refine and clarify import/import-trustdb behaviorDan McGee1-10/+3
* --import now only imports keys from pubkey.gpg and does not import owner trust; if you want to have both simply run the operations in sequence. * --import-trustdb has been simplified; it will overwrite existing values in the trust database as before, but there is no need to export it first as those values are safe if left untouched. * Fix the manpage referring to a non-existent option. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-30pacman-key: remove errexit flag from shebangDave Reisner1-1/+1
We're ill equipped to be using this flag as we don't trap and respond to the ERR signal. The result is that if is ever tripped, pacman-key will instantly exit with no indication of why. At the same time, we're already fairly good about doing our own error checking and verbalizing it before dying. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-30pacman-key: return 0 from get_from if default value usedAllan McRae1-1/+4
This prevents the error trap being set off when GPGDir is commented in pacman.conf. Bug introduced in 507b01b9. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27pacman-key: use consistent punctuation in error messagesDan McGee1-5/+5
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26pacman-key: allow get_from to return a default valueDave Reisner1-2/+4
Keep the non-zero return val to let the caller know that the key wasn't found. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26pacman-key: simplify writing to config fileDave Reisner1-5/+3
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: add an additional plain text 'foo-trusted' fileDan McGee1-1/+28
This is similar to the 'foo-revoked' file we had. This will be used to inform the user what keys in the shipped keyring need to be explicitly trusted by the user. A distro such as Arch will likely have 3-4 master keys listed in this trusted file, but an additional 25 developer keys present in the keyring that the user shouldn't have to directly sign. We use this list to prompt the user to sign the keys locally. If the key is already signed locally gpg will print a bit of junk but will continue without pestering the user. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: factor out validate_with_gpg() methodDan McGee1-16/+14
This was copy-pasted code for the most part once the filename was factored out. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: remove holdkeys functionalityDan McGee1-12/+0
We're putting the cart ahead of the horse a bit here. Given that our keyring is not one where everything is implicitly trusted (ala gpgv), keeping or deleting a key has no bearing on its trusted status, only whether we can actually verify things signed by said key. If we need to address this down the road, we can find a solution that works for the problem at hand rather than trying to solve it now before signing is even widespread. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: implement promptless lsigningDan McGee1-2/+3
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: disable, don't remove, revoked keysDan McGee1-21/+13
Unlike our protégé apt-key, removing a key from our keyring is not sufficient to prevent it from being trusted or used for verification. We are better off flagging it as disabled and leaving it in the keyring so it cannot be reimported or fetched at a later date from a keyserver and continue to be used. Implement the logic to disable the key instead of delete it, figuring out --command-fd in the process. Note that the surefire way to disable a key involves including said key in the keyring package, such that it is both in foobar.gpg and foobar-revoked. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: simplify import in populateDan McGee1-5/+1
This finishes the cleanup started in 710e83999bbf. We can do a straight import from another keyring rather than all the funky parsing and piping business we were doing. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: don't hide --verify details in populateDan McGee1-2/+4
Otherwise we're hiding extremely relevant bits like this one: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: print message in populate if signature is missingDan McGee1-6/+14
Rather than saying it was invalid, tell the user no signature exists. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: clean up populate outputDan McGee1-3/+3
* Ensure usage message is indented correctly * Show short filenames for both the gpg keyring and revocation file Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: ensure array iterations are quotedDan McGee1-6/+6
When doing something like `pacman-key --edit-key 'Dan McGee'`, one would expect it to work, and not fail. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-03pacman-key: add --refresh-keys operationDan McGee1-3/+8
This allows new signatures to be pulled, revocations to be found, etc. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-03pacman-key: split keyserver to a separate optionDan McGee1-15/+16
This also renames '--receive' to '-recv-keys' to match the wrapped gpg option name, rather than invent a new one, now that the calling convention is the same. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-03pacman-key help and documentation cleanupDan McGee1-6/+6
We were using the mystical [<foobar>] options which is some sort of cross between a <required> argument and an [optional] one. Remove this madness and do some other general cleanup/consistency work in the manpage. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-03pacman-key: document --lsign-keyDan McGee1-0/+1
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-30pacman-key: add --lsign-key operationDan McGee1-3/+14
This allows local signing of a given key to help establish the web of trust rooted at the generated (or imported) master key. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-30pacman-key master key generationDan McGee1-0/+25
This enables pacman-key, during --init, to generate a single secret key for the pacman keyring if one is not present. This will be used as the root of the web of trust for those that do not wish to manage it with their own key, as will be the default. This does not preclude later adding other secret keys to the keyring, or removing this one- we simply ensure you have at least one secret key available. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-30pacman-key: fix broken logic around updating trust databaseDan McGee1-4/+10
Any option that flips UPDATEDB=1 doesn't work right now due to what we thought was a good idea in commit cab1379a1ab14. Fix this by not including the update operation in the option count and special casing it where necessary. Also, bring back the helpful "Updating trust database" message. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-29pacman-key: have --init add more options to default gpg.confDan McGee1-5/+22
This adds a add_gpg_conf_option() helper function which tries to be intelligent and only add not found options, and those which have not been explicitly commented out. The new options added are 'no-greeting', 'no-permission-warning', and a default 'keyserver'. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-29pacman-key: refine permission and locking checksDan McGee1-3/+3
* secring.gpg can be 600, readable by root user only * ensure grep for lock-never option in check_keyring doesn't catch comments Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-29pacman-key: rework and document holding keys in keyringAllan McRae1-7/+5
The HoldKey option was undocumented and was not suited for pacman.conf. Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list of keys not to be removed from the pacman keyring with the --populate option. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29pacman-key: update trust database for relevant operationsAllan McRae1-12/+9
After most operations that touch the keyring, it is a good idea to always run a check on the trustdb as this prevents gpg complaining on later operations. Inspiration-from: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29pacman-key: import everything then revoke on --populateAllan McRae1-13/+10
The optimization of only importing keys that were not to be later revoked was a not smart enough. For example, if a key was in both a repos keyring and its revoke list, alternate runs of pacman-key --populate would add then remove the key from the pacman keyring. This problem is made worse when considering the possibility of multiple keyrings being imported. Instead, import all keys followed by the revoking of all keys. This may result in a key being added then revoked, but that is not much of an issue given that is a very fast operation. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29pacman-key: rework importing distro/repo provided keyringsAllan McRae1-74/+76
The current --reload option, apart from being non-clear in its naming, is very limited in that only one keyring can be provided. A distribution may want to provide multiple keyrings for various subsets of its organisation or custom repo providers may also want to provide a keyring. This patch adds a --populate option that reads keyrings from (by default) /usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional foo-revoked file providing a list of revoked key ids. These files are required to be signed (detached) by a key trusted by pacman-key, in practice probably by the key that signed the package providing these files. The --populate flag either updates the pacman keyring using all keyrings in the directory or individual keyrings can be specified. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-09Update several translation stringsDan McGee1-5/+5
* Fix typos/capitalization * Make sure large blocks of text are translated in one unit Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02pacman-key: follow gpg options for listing keysAllan McRae1-8/+13
The current --list option outputed the keys and all their signatures which can be overly verbose. It also did not take a list of keys on the command line to limit its output (although the code suggests that was intended). That patch brings consistency with gpg, providing --list-keys and --list-sigs options that function equivalently to those provided by gpg. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27pacman-key: Add --import and --import-trustdbPang Yan Han1-3/+40
Currently, pacman-key allows the user to import their keys using the --add option. However, no similar functionality exists for importing ownertrust values. The --import-trustdb option takes a list of directories and imports ownertrust values if the directories have a trustdb.gpg database. The --import option takes a list of directories and imports keys from pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination of --add and --import-trustdb Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27pacman-key: change GPG_PACMAN and GPG_NOKEYRING to arraysDJ Mills1-24/+24
Allows the commands to safely handle any possible arguments Signed-off-by: DJ Mills <danielmills1@gmail.com> Allan: rebase patch Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>