pacman-key: call gpg fewer times for revocation keys
Instead of iterating over the revocation keyfile and calling gpg once for each key, map the file into an array and call gpg once, iterating over this output to mark each key as revoked. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dave Reisner
Dan McGee
parent
2a73f4e994
commit
9aa4d9a7b9
1 changed files with 5 additions and 6 deletions
|
|
@ -284,8 +284,7 @@ populate_keyring() {
|
||||||
verify_keyring_input || exit 1
|
verify_keyring_input || exit 1
|
||||||
|
|
||||||
# Variable used for iterating on keyrings
|
# Variable used for iterating on keyrings
|
||||||
local key
|
local keys key_id
|
||||||
local key_id
|
|
||||||
|
|
||||||
# Add keys from requested keyrings
|
# Add keys from requested keyrings
|
||||||
for keyring in "${KEYRINGIDS[@]}"; do
|
for keyring in "${KEYRINGIDS[@]}"; do
|
||||||
|
|
@ -331,13 +330,13 @@ populate_keyring() {
|
||||||
local -A revoked_ids
|
local -A revoked_ids
|
||||||
for keyring in "${KEYRINGIDS[@]}"; do
|
for keyring in "${KEYRINGIDS[@]}"; do
|
||||||
if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then
|
if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then
|
||||||
while read key; do
|
IFS=$'\n' read -r -d '' -a keys < "${KEYRING_IMPORT_DIR}/${keyring}-revoked"
|
||||||
key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
|
while IFS=: read _ _ _ _ key_id _; do
|
||||||
if [[ -n ${key_id} ]]; then
|
if [[ -n $key_id ]]; then
|
||||||
# Mark this key to be disabled
|
# Mark this key to be disabled
|
||||||
revoked_ids[$key_id]="${keyring}"
|
revoked_ids[$key_id]="${keyring}"
|
||||||
fi
|
fi
|
||||||
done < "${KEYRING_IMPORT_DIR}/${keyring}-revoked"
|
done < <("${GPG_PACMAN[@]}" --quiet --with-colons --list-keys "${keys[@]}" 2>/dev/null)
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue