pacman-key: Add --import and --import-trustdb
Currently, pacman-key allows the user to import their keys using the --add option. However, no similar functionality exists for importing ownertrust values. The --import-trustdb option takes a list of directories and imports ownertrust values if the directories have a trustdb.gpg database. The --import option takes a list of directories and imports keys from pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination of --add and --import-trustdb Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Pang Yan Han
Dan McGee
parent
c5d4c92ad4
commit
804e2505cf
2 changed files with 47 additions and 3 deletions
|
|
@ -60,6 +60,13 @@ Options
|
||||||
*-h, \--help*::
|
*-h, \--help*::
|
||||||
Output syntax and command line options.
|
Output syntax and command line options.
|
||||||
|
|
||||||
|
*--import* <dir(s)>::
|
||||||
|
Adds keys from pubring.gpg into pacman's keyring and imports ownertrust
|
||||||
|
values from trustdb.gpg in the specified directories.
|
||||||
|
|
||||||
|
*--import-dirs* <dir(s)> ::
|
||||||
|
Imports ownertrust values from trustdb.gpg in the specified directories.
|
||||||
|
|
||||||
*--init*::
|
*--init*::
|
||||||
Ensure the keyring is properly initialized and has the required access
|
Ensure the keyring is properly initialized and has the required access
|
||||||
permissions.
|
permissions.
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,8 @@ DELETE=0
|
||||||
EDITKEY=0
|
EDITKEY=0
|
||||||
EXPORT=0
|
EXPORT=0
|
||||||
FINGER=0
|
FINGER=0
|
||||||
|
IMPORT=0
|
||||||
|
IMPORT_TRUSTDB=0
|
||||||
INIT=0
|
INIT=0
|
||||||
LIST=0
|
LIST=0
|
||||||
RECEIVE=0
|
RECEIVE=0
|
||||||
|
|
@ -66,6 +68,8 @@ usage() {
|
||||||
echo "$(gettext " --edit-key <keyid(s)> Present a menu for key management task on keyids")"
|
echo "$(gettext " --edit-key <keyid(s)> Present a menu for key management task on keyids")"
|
||||||
echo "$(gettext " --gpgdir <dir> Set an alternate directory for gnupg")"
|
echo "$(gettext " --gpgdir <dir> Set an alternate directory for gnupg")"
|
||||||
printf "$(gettext " (instead of '%s')")\n" "@sysconfdir@/pacman.d/gnupg"
|
printf "$(gettext " (instead of '%s')")\n" "@sysconfdir@/pacman.d/gnupg"
|
||||||
|
echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")"
|
||||||
|
echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")"
|
||||||
echo "$(gettext " --init Ensure the keyring is properly initialized")"
|
echo "$(gettext " --init Ensure the keyring is properly initialized")"
|
||||||
echo "$(gettext " --reload Reload the default keys")"
|
echo "$(gettext " --reload Reload the default keys")"
|
||||||
}
|
}
|
||||||
|
|
@ -278,6 +282,34 @@ edit_keys() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
import_trustdb() {
|
||||||
|
local importdir
|
||||||
|
local trustdb=$(mktemp)
|
||||||
|
"${GPG_PACMAN[@]}" --export-ownertrust > ${trustdb}
|
||||||
|
|
||||||
|
for importdir in "${IMPORT_DIRS[@]}"; do
|
||||||
|
if [[ -f "${importdir}/trustdb.gpg" ]]; then
|
||||||
|
gpg --homedir "${importdir}" --export-ownertrust >> ${trustdb}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
"${GPG_PACMAN[@]}" --import-ownertrust ${trustdb}
|
||||||
|
rm -f ${trustdb}
|
||||||
|
}
|
||||||
|
|
||||||
|
import() {
|
||||||
|
local importdir
|
||||||
|
|
||||||
|
# Imports public keys, then import trustdbs
|
||||||
|
for importdir in "${IMPORT_DIRS[@]}"; do
|
||||||
|
if [[ -f "${importdir}/pubring.gpg" ]]; then
|
||||||
|
"${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
import_trustdb
|
||||||
|
}
|
||||||
|
|
||||||
# PROGRAM START
|
# PROGRAM START
|
||||||
if ! type gettext &>/dev/null; then
|
if ! type gettext &>/dev/null; then
|
||||||
gettext() {
|
gettext() {
|
||||||
|
|
@ -287,7 +319,8 @@ fi
|
||||||
|
|
||||||
OPT_SHORT="a::d:e:f::hlr:uv:V"
|
OPT_SHORT="a::d:e:f::hlr:uv:V"
|
||||||
OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:"
|
OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:"
|
||||||
OPT_LONG+=",help,init,list,receive:,reload,updatedb,verify:,version"
|
OPT_LONG+=",help,import:,import-trustdb:,init,list,receive:,reload,updatedb"
|
||||||
|
OPT_LONG+=",verify:,version"
|
||||||
if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
|
if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
|
||||||
echo; usage; exit 1 # E_INVALID_OPTION;
|
echo; usage; exit 1 # E_INVALID_OPTION;
|
||||||
fi
|
fi
|
||||||
|
|
@ -308,6 +341,8 @@ while true; do
|
||||||
-e|--export) EXPORT=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
|
-e|--export) EXPORT=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
|
||||||
-f|--finger) FINGER=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
|
-f|--finger) FINGER=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
|
||||||
--gpgdir) shift; PACMAN_KEYRING_DIR=$1 ;;
|
--gpgdir) shift; PACMAN_KEYRING_DIR=$1 ;;
|
||||||
|
--import) IMPORT=1; shift; IMPORT_DIRS=($1) ;;
|
||||||
|
--import-trustdb) IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1) ;;
|
||||||
--init) INIT=1 ;;
|
--init) INIT=1 ;;
|
||||||
-l|--list) LIST=1 ;;
|
-l|--list) LIST=1 ;;
|
||||||
-r|--receive) RECEIVE=1; shift; TMP=($1); KEYSERVER=${TMP[0]}; KEYIDS=(${TMP[@]:1}); unset TMP;;
|
-r|--receive) RECEIVE=1; shift; TMP=($1); KEYSERVER=${TMP[0]}; KEYIDS=(${TMP[@]:1}); unset TMP;;
|
||||||
|
|
@ -330,7 +365,7 @@ if ! type -p gpg >/dev/null; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if (( (ADD || DELETE || EDITKEY || INIT || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then
|
if (( (ADD || DELETE || EDITKEY || IMPORT || IMPORT_TRUSTDB || INIT || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then
|
||||||
error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key"
|
error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
@ -348,7 +383,7 @@ PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "
|
||||||
GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning)
|
GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning)
|
||||||
|
|
||||||
# check only a single operation has been given
|
# check only a single operation has been given
|
||||||
numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + INIT + LIST + RECEIVE + RELOAD + UPDATEDB + VERIFY ))
|
numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + IMPORT + IMPORT_TRUSTDB + INIT + LIST + RECEIVE + RELOAD + UPDATEDB + VERIFY ))
|
||||||
|
|
||||||
case $numopt in
|
case $numopt in
|
||||||
0)
|
0)
|
||||||
|
|
@ -369,6 +404,8 @@ esac
|
||||||
(( EDITKEY )) && edit_keys
|
(( EDITKEY )) && edit_keys
|
||||||
(( EXPORT )) && "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}"
|
(( EXPORT )) && "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}"
|
||||||
(( FINGER )) && "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}"
|
(( FINGER )) && "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}"
|
||||||
|
(( IMPORT )) && import
|
||||||
|
(( IMPORT_TRUSTDB)) && import_trustdb
|
||||||
(( INIT )) && initialize
|
(( INIT )) && initialize
|
||||||
(( LIST )) && "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}"
|
(( LIST )) && "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}"
|
||||||
(( RECEIVE )) && receive_keys
|
(( RECEIVE )) && receive_keys
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue