From 31c9a521b47a84ae01f3f9c9e25980694e1c472d Mon Sep 17 00:00:00 2001
From: Allan McRae <allan@archlinux.org>
Date: Sat, 9 Jul 2011 21:51:01 +1000
Subject: pacman-key: check required permissions on keyring

Makes sure that the pacman keyring is readable and that the user
has permissions to create a lock file if lock-never is not specified
in the gpg.conf file.

Signed-off-by: Allan McRae <allan@archlinux.org>
---
 scripts/pacman-key.sh.in | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'scripts')

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index d7129e53..972749f2 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -112,6 +112,25 @@ initialize() {
 	fi
 }
 
+check_keyring() {
+	if [[ ! -r ${PACMAN_KEYRING_DIR}/pubring.gpg || \
+			! -r ${PACMAN_KEYRING_DIR}/secring.gpg || \
+			! -r ${PACMAN_KEYRING_DIR}/trustdb.gpg ]]; then
+		error "$(gettext "You do not have sufficient permissions to read the %s keyring...")" "pacman"
+		msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init"
+		exit 1
+	fi
+
+	if (( (EXPORT || FINGER || LIST || VERIFY) && EUID != 0 )); then
+		if ! grep -w -q "lock-never" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then
+			error "$(gettext "You do not have sufficient permissions to run this command...")"
+			msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init"
+			exit 1
+		fi
+	fi
+
+}
+
 verify_keyring_input() {
 	local ret=0;
 
@@ -344,6 +363,7 @@ if (( numopt != 1 )); then
 	exit 1
 fi
 
+(( ! INIT )) && check_keyring
 
 (( ADD )) && ${GPG_PACMAN} --quiet --batch --import "${KEYFILES[@]}"
 (( DELETE )) && ${GPG_PACMAN} --quiet --batch --delete-key --yes "${KEYIDS[@]}"
-- 
cgit v1.2.3-24-g4f1b