bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pacman-key: refine and clarify import/import-trustdb behavior

Browse source 
* --import now only imports keys from pubkey.gpg and does not import
  owner trust; if you want to have both simply run the operations in
  sequence.
* --import-trustdb has been simplified; it will overwrite existing
  values in the trust database as before, but there is no need to export
  it first as those values are safe if left untouched.
* Fix the manpage referring to a non-existent option.

Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dan McGee 2011-09-26 12:41:27 -05:00
parent cf0edb92ba
commit ab7d2890a4
2 changed files with 8 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
doc/pacman-key.8.txt
View file

@ -61,11 +61,12 @@ Options
Output syntax and command line options. Output syntax and command line options.
*\--import* <dir(s)>:: *\--import* <dir(s)>::
Adds keys from pubring.gpg into pacman's keyring and imports ownertrust Imports keys from `pubring.gpg` into the public keyring from the specified
values from trustdb.gpg in the specified directories. directories.
*\--import-dirs* <dir(s)> :: *\--import-trustdb* <dir(s)> ::
Imports ownertrust values from trustdb.gpg in the specified directories. Imports ownertrust values from `trustdb.gpg` into the shared trust database
from the specified directories.
*\--init*:: *\--init*::
Ensure the keyring is properly initialized and has the required access Ensure the keyring is properly initialized and has the required access

13
scripts/pacman-key.sh.in
View file

@ -74,7 +74,7 @@ usage() {
echo "$(gettext " --edit-key <keyid(s)> Present a menu for key management task on keyids")" echo "$(gettext " --edit-key <keyid(s)> Present a menu for key management task on keyids")"
printf "$(gettext " --gpgdir <dir> Set an alternate directory for GnuPG (instead\n\ printf "$(gettext " --gpgdir <dir> Set an alternate directory for GnuPG (instead\n\
of '%s')")\n" "@sysconfdir@/pacman.d/gnupg" of '%s')")\n" "@sysconfdir@/pacman.d/gnupg"
echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")" echo "$(gettext " --import <dir(s)> Imports pubring.gpg from dir(s)")"
echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")" echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")"
echo "$(gettext " --init Ensure the keyring is properly initialized")" echo "$(gettext " --init Ensure the keyring is properly initialized")"
echo "$(gettext " --keyserver Specify a keyserver to use if necessary")" echo "$(gettext " --keyserver Specify a keyserver to use if necessary")"
@ -343,30 +343,23 @@ edit_keys() {
import_trustdb() { import_trustdb() {
local importdir local importdir
local trustdb=$(mktemp)
"${GPG_PACMAN[@]}" --export-ownertrust > ${trustdb}
for importdir in "${IMPORT_DIRS[@]}"; do for importdir in "${IMPORT_DIRS[@]}"; do
if [[ -f "${importdir}/trustdb.gpg" ]]; then if [[ -f "${importdir}/trustdb.gpg" ]]; then
gpg --homedir "${importdir}" --export-ownertrust >> ${trustdb} gpg --homedir "${importdir}" --export-ownertrust | \
"${GPG_PACMAN[@]}" --import-ownertrust -
fi fi
done done
"${GPG_PACMAN[@]}" --import-ownertrust ${trustdb}
rm -f ${trustdb}
} }
import() { import() {
local importdir local importdir
# Imports public keys, then import trustdbs
for importdir in "${IMPORT_DIRS[@]}"; do for importdir in "${IMPORT_DIRS[@]}"; do
if [[ -f "${importdir}/pubring.gpg" ]]; then if [[ -f "${importdir}/pubring.gpg" ]]; then
"${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg" "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg"
fi fi
done done
import_trustdb
} }
# PROGRAM START # PROGRAM START