From ed353d91b7fe5ab397cc6c649ceca2f0ea507023 Mon Sep 17 00:00:00 2001 From: Allan McRae Date: Tue, 27 Mar 2012 00:20:05 +1000 Subject: pacman-key: make the -e option work as advertised Using -e without arguments failed to export all keys. Using --export worked as expected. Signed-off-by: Allan McRae Signed-off-by: Dan McGee --- scripts/pacman-key.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts/pacman-key.sh.in') diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 3ea8947f..695b46b9 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -460,7 +460,7 @@ if ! type gettext &>/dev/null; then } fi -OPT_SHORT="a::d:e:f::hl::r:uv:V" +OPT_SHORT="a::d:e::f::hl::r:uv:V" OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:" OPT_LONG+=",help,import:,import-trustdb:,init,keyserver:,list-keys::,list-sigs::" OPT_LONG+=",lsign-key:,populate::,recv-keys:,refresh-keys::,updatedb" -- cgit v1.2.3-24-g4f1b From d7f4e8fbccb1506697d2c9f70c32326c01c05cb3 Mon Sep 17 00:00:00 2001 From: Allan McRae Date: Wed, 28 Mar 2012 11:55:39 +1000 Subject: pacman-key: change to more reliable default keyserver User reports indicate that the SKS keyservers are more reliable than both the gnupg.net and mit.edu ones. Signed-off-by: Allan McRae Signed-off-by: Dan McGee --- scripts/pacman-key.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts/pacman-key.sh.in') diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 695b46b9..ccc387b2 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -45,7 +45,7 @@ REFRESH=0 UPDATEDB=0 VERIFY=0 -DEFAULT_KEYSERVER='hkp://keys.gnupg.net' +DEFAULT_KEYSERVER='hkp://pool.sks-keyservers.net' m4_include(library/output_format.sh) -- cgit v1.2.3-24-g4f1b From a8f03d07c7eaae02a55065a4a2f098ef6d8b5bff Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Sat, 31 Mar 2012 15:55:14 +0200 Subject: pacman-key: Actually verify signatures and exit with correct codes We cannot rely on gpg's exit code. Instead we have to check the status-fd to figure out whether a signature is valid or not. In addition to this pacman-key --verify can now be used in scripts as it will return an exit code of 1 if the signature is invalid. Signed-off-by: Pierre Schmitz Signed-off-by: Dan McGee --- scripts/pacman-key.sh.in | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'scripts/pacman-key.sh.in') diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index ccc387b2..278e3d6e 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -439,10 +439,14 @@ refresh_keys() { } verify_sig() { - if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then + local fd="$(mktemp)" + "${GPG_PACMAN[@]}" --status-file "${fd}" --verify $SIGNATURE + if ! grep -q TRUST_FULLY "${fd}"; then + rm -f "${fd}" error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE" exit 1 fi + rm -f "${fd}" } updatedb() { -- cgit v1.2.3-24-g4f1b From 3c5d5a19b36c5ea3638de263cb7cd1be6289cb44 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sat, 7 Apr 2012 11:54:02 -0400 Subject: Revert "parseopts: normalize options into an array" This was really only half a fix for FS#28445, as it still doesn't correctly handle the case of filenames with spaces. In the short term, there is no obvious fix for this. In the long term, I believe the correct decision is to rewrite the options parser to be more in line with GNU getopt_long. This reverts commits: ca4142714137b16feabac09c4cda86b0a75036f8. 969dcddbdf9d5dbd91aa414cdd193f3fb26b644b. --- scripts/pacman-key.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'scripts/pacman-key.sh.in') diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 278e3d6e..9a77a19f 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -469,11 +469,11 @@ OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:" OPT_LONG+=",help,import:,import-trustdb:,init,keyserver:,list-keys::,list-sigs::" OPT_LONG+=",lsign-key:,populate::,recv-keys:,refresh-keys::,updatedb" OPT_LONG+=",verify:,version" -if ! parse_options $OPT_SHORT $OPT_LONG "$@"; then +if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then echo; usage; exit 1 # E_INVALID_OPTION; fi -set -- "${OPTRET[@]}" -unset OPT_SHORT OPT_LONG OPTRET +eval set -- "$OPT_TEMP" +unset OPT_SHORT OPT_LONG OPT_TEMP if [[ $1 == "--" ]]; then usage; -- cgit v1.2.3-24-g4f1b