pacman-key: ignore already lsigned/deleted keys
Added two new functions, key_is_lsigned() and key_is_revoked() that check whether a key has been locally signed or revoked respectively during --populate. If the key is already signed or revoked, it is quietly ignored. Suggested-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Matthew Sexton <wsdmatty@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Matthew Sexton
Allan McRae
parent
e1f5f21983
commit
091b244d0f
1 changed files with 38 additions and 3 deletions
|
|
@ -190,6 +190,31 @@ check_keyids_exist() {
|
|||
fi
|
||||
}
|
||||
|
||||
key_is_lsigned() {
|
||||
secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | awk -F : 'NR==1 {print $5}')
|
||||
while IFS=: read -r type valid _ _ sign_key _; do
|
||||
if [[ $type != "sig" || $valid != "!" ]]; then
|
||||
continue
|
||||
fi
|
||||
if [[ "$sign_key" == "$secret_key" ]]; then
|
||||
return 0
|
||||
fi
|
||||
done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
|
||||
return 1
|
||||
}
|
||||
|
||||
key_is_revoked() {
|
||||
while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
|
||||
if [[ $type != "pub" ]]; then
|
||||
continue
|
||||
fi
|
||||
if [[ $flags == *"D"* ]]; then
|
||||
return 0
|
||||
fi
|
||||
done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
|
||||
return 1
|
||||
}
|
||||
|
||||
initialize() {
|
||||
local conffile keyserv
|
||||
# Check for simple existence rather than for a directory as someone
|
||||
|
|
@ -247,7 +272,7 @@ check_keyring() {
|
|||
fi
|
||||
fi
|
||||
|
||||
if (( LSIGNKEY )); then
|
||||
if (( LSIGNKEY || POPULATE )); then
|
||||
if [[ $(secret_keys_available) -lt 1 ]]; then
|
||||
error "$(gettext "There is no secret key available to sign with.")"
|
||||
msg "$(gettext "Use '%s' to generate a default secret key.")" "pacman-key --init"
|
||||
|
|
@ -337,13 +362,18 @@ populate_keyring() {
|
|||
local key_count=0
|
||||
msg "$(gettext "Disabling revoked keys in keyring...")"
|
||||
for key_id in "${!revoked_ids[@]}"; do
|
||||
if key_is_revoked "$key_id" ; then
|
||||
continue
|
||||
fi
|
||||
if (( VERBOSE )); then
|
||||
msg2 "$(gettext "Disabling key %s...")" "${key_id}"
|
||||
fi
|
||||
printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
|
||||
key_count=$((key_count+1))
|
||||
done
|
||||
msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
|
||||
if (( key_count )); then
|
||||
msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -454,6 +484,9 @@ lsign_keys() {
|
|||
local ret=0
|
||||
local key_count=0
|
||||
for key_id in "$@"; do
|
||||
if key_is_lsigned "$key_id" ; then
|
||||
continue
|
||||
fi
|
||||
if (( VERBOSE )); then
|
||||
msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
|
||||
fi
|
||||
|
|
@ -469,7 +502,9 @@ lsign_keys() {
|
|||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
|
||||
if (( key_count )); then
|
||||
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
|
||||
fi
|
||||
}
|
||||
|
||||
receive_keys() {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue