repo-add: add -v/--verify option

This is intended to verify an existing signature on a database before
making further changes to it and performing updates. Rarely would you
use this without immediately resigning it via the -s/--sign option.
Instead, it is intended as a "chain of trust" operation where the
previous signature is verified to give you some sense that what you sign
off on is also safe.

Still todo: don't make changes unless the signature is not only good,
but also in the accepted list of keys.

Signed-off-by: Dan McGee <dan@archlinux.org>

scripts/repo-add.sh.in

@@ -31,6 +31,7 @@ QUIET=0
 DELTA=0
 WITHFILES=0
 SIGN=0
+VERIFY=0
 REPO_DB_FILE=
 LOCKFILE=
 CLEAN_LOCK=0
@@ -203,6 +204,29 @@ create_signature() {
 	fi
 }
 
+# verify the existing package database signature
+verify_signature() {
+	(( ! VERIFY )) && return
+	local dbfile="$1"
+	local ret=0
+	msg "$(gettext "Verifying database signature...")"
+	if [ ! $(type -p "gpg") ]; then
+		error "$(gettext "Cannot find the gpg binary! Is gnupg installed?")"
+		exit 1 # $E_MISSING_PROGRAM
+	fi
+	if [[ ! -f $dbfile.sig ]]; then
+		warning "$(gettext "No existing signature found, skipping verification.")"
+		return
+	fi
+	gpg --verify "$dbfile.sig" || ret=$?
+	if (( ! ret )); then
+		msg2 "$(gettext "Database signature file verified.")"
+	else
+		error "$(gettext "Database signature was NOT valid!")"
+		exit 1
+	fi
+}
+
 # write an entry to the pacman database
 #   arg1 - path to package
 db_write_entry()
@@ -377,6 +401,7 @@ check_repo_db()
 				exit 1
 			fi
 		fi
+		verify_signature "$REPO_DB_FILE"
 		msg "$(gettext "Extracting database to a temporary location...")"
 		bsdtar -xf "$REPO_DB_FILE" -C "$tmpdir"
 	else
@@ -508,6 +533,7 @@ for arg in "$@"; do
 		-d|--delta) DELTA=1;;
 		-f|--files) WITHFILES=1;;
 		-s|--sign) SIGN=1;;
+		-v|--verify) VERIFY=1;;
 		*)
 			if [[ -z $REPO_DB_FILE ]]; then
 				REPO_DB_FILE="$arg"