pacman-key: add --refresh-keys operation

This allows new signatures to be pulled, revocations to be found, etc.

Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dan McGee 2011-09-01 15:29:25 -05:00
parent d9545103b9
commit 16fd66f879
2 changed files with 11 additions and 3 deletions

View file

@ -90,6 +90,9 @@ Options
*-r, \--recv-keys* <keyid(s)>::
Equivalent to '\--recv-keys' in GnuPG.
*\--refresh-keys* [keyid(s)]::
Equivalent to '\--refresh-keys' in GnuPG.
*\--populate* [keyring(s)]::
Reload the default keys from the (optionally provided) keyrings in
+{pkgdatadir}/keyrings+. For more information, see

View file

@ -41,6 +41,7 @@ LISTSIGS=0
LSIGNKEY=0
POPULATE=0
RECEIVE=0
REFRESH=0
UPDATEDB=0
VERIFY=0
@ -81,6 +82,7 @@ usage() {
echo "$(gettext " --lsign-key <keyid> Locally sign the specified keyid")"
printf "$(gettext " --populate [keyring(s)] Reload the default keys from the (given) keyrings\n\
in '%s'")\n" "@pkgdatadir@/keyrings"
echo "$(gettext " --refresh-keys [keyid(s)] Update specified or all keys from a keyserver")"
}
version() {
@ -363,7 +365,8 @@ fi
OPT_SHORT="a::d:e:f::hl::r:uv:V"
OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:"
OPT_LONG+=",help,import:,import-trustdb:,init,keyserver:,list-keys::,list-sigs::"
OPT_LONG+=",lsign-key:,populate::,recv-keys:,updatedb,verify:,version"
OPT_LONG+=",lsign-key:,populate::,recv-keys:,refresh-keys::,updatedb"
OPT_LONG+=",verify:,version"
if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
echo; usage; exit 1 # E_INVALID_OPTION;
fi
@ -393,6 +396,7 @@ while true; do
--lsign-key) LSIGNKEY=1; shift; KEYIDS=($1); UPDATEDB=1 ;;
--populate) POPULATE=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYRINGIDS=($1); UPDATEDB=1 ;;
-r|--recv-keys) RECEIVE=1; shift; KEYIDS=($1); UPDATEDB=1 ;;
--refresh-keys) REFRESH=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
-u|--updatedb) UPDATEDB=1 ;;
-v|--verify) VERIFY=1; shift; SIGNATURE=$1 ;;
@ -411,7 +415,7 @@ if ! type -p gpg >/dev/null; then
exit 1
fi
if (( (ADD || DELETE || EDITKEY || IMPORT || IMPORT_TRUSTDB || INIT || LSIGNKEY || POPULATE || RECEIVE || UPDATEDB) && EUID != 0 )); then
if (( (ADD || DELETE || EDITKEY || IMPORT || IMPORT_TRUSTDB || INIT || LSIGNKEY || POPULATE || RECEIVE || REFRESH || UPDATEDB) && EUID != 0 )); then
error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key"
exit 1
fi
@ -434,7 +438,7 @@ fi
# check only a single operation has been given
# don't include UPDATEDB in here as other opts can induce it
numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + IMPORT + IMPORT_TRUSTDB +
INIT + LISTKEYS + LISTSIGS + LSIGNKEY + POPULATE + RECEIVE + VERIFY ))
INIT + LISTKEYS + LISTSIGS + LSIGNKEY + POPULATE + RECEIVE + REFRESH + VERIFY ))
case $numopt in
0)
@ -466,6 +470,7 @@ esac
(( LSIGNKEY )) && "${GPG_PACMAN[@]}" --lsign-key "${KEYIDS[@]}"
(( POPULATE )) && populate_keyring
(( RECEIVE )) && "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}"
(( REFRESH )) && "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}"
(( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE
if (( UPDATEDB )); then