bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pacman-key: hide lsign and revoke output behind --verbose

Browse source 
To cut down on spam during --populate, both locally signing and
revoking keys now hide the specific keys being signed or revoked,
but can be shown with --verbose. A count was added, to show the
number of keys signed/revoked during the process.

Partially Implements:
FS#64142 - pacman-key: make populate less noisy

Signed-off-by: Matthew Sexton <wsdmatty@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Matthew Sexton 2019-11-03 23:43:00 -05:00 committed by Allan McRae
parent 7be7552329
commit e1f5f21983
1 changed files with 16 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
scripts/pacman-key.sh.in
View file

@ -51,6 +51,7 @@ REFRESH=0
UPDATEDB=0 UPDATEDB=0
USE_COLOR='y' USE_COLOR='y'
VERIFY=0 VERIFY=0
VERBOSE=0
usage() { usage() {
printf "pacman-key (pacman) %s\n" ${myver} printf "pacman-key (pacman) %s\n" ${myver}
@ -77,6 +78,7 @@ usage() {
printf -- "$(gettext " --populate Reload the default keys from the (given) keyrings\n\ printf -- "$(gettext " --populate Reload the default keys from the (given) keyrings\n\
in '%s'")\n" "@pkgdatadir@/keyrings" in '%s'")\n" "@pkgdatadir@/keyrings"
printf -- "$(gettext " --refresh-keys Update specified or all keys from a keyserver")\n" printf -- "$(gettext " --refresh-keys Update specified or all keys from a keyserver")\n"
printf -- "$(gettext " --verbose Show extra information")\n"
echo echo
printf -- "$(gettext "Options:")\n" printf -- "$(gettext "Options:")\n"
printf -- "$(gettext " --config <file> Use an alternate config file (instead of\n\ printf -- "$(gettext " --config <file> Use an alternate config file (instead of\n\
@ -332,11 +334,16 @@ populate_keyring() {
done done
if (( ${#revoked_ids[@]} > 0 )); then if (( ${#revoked_ids[@]} > 0 )); then
local key_count=0
msg "$(gettext "Disabling revoked keys in keyring...")" msg "$(gettext "Disabling revoked keys in keyring...")"
for key_id in "${!revoked_ids[@]}"; do for key_id in "${!revoked_ids[@]}"; do
if (( VERBOSE )); then
msg2 "$(gettext "Disabling key %s...")" "${key_id}" msg2 "$(gettext "Disabling key %s...")" "${key_id}"
fi
printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
key_count=$((key_count+1))
done done
msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
fi fi
} }
@ -445,19 +452,24 @@ lsign_keys() {
check_keyids_exist check_keyids_exist
local ret=0 local ret=0
local key_count=0
for key_id in "$@"; do for key_id in "$@"; do
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")" "${key_id}" msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
fi
# we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid # we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid
printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null
if (( PIPESTATUS[1] )); then if (( PIPESTATUS[1] )); then
error "$(gettext "%s could not be locally signed.")" "${key_id}" error "$(gettext "%s could not be locally signed.")" "${key_id}"
ret=1 ret=1
fi fi
key_count=$((key_count+1))
done done
if (( ret )); then if (( ret )); then
exit 1 exit 1
fi fi
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
} }
receive_keys() { receive_keys() {
@ -541,7 +553,7 @@ OPT_SHORT="adefhlruvV"
OPT_LONG=('add' 'config:' 'delete' 'edit-key' 'export' 'finger' 'gpgdir:' OPT_LONG=('add' 'config:' 'delete' 'edit-key' 'export' 'finger' 'gpgdir:'
'help' 'import' 'import-trustdb' 'init' 'keyserver:' 'list-keys' 'list-sigs' 'help' 'import' 'import-trustdb' 'init' 'keyserver:' 'list-keys' 'list-sigs'
'lsign-key' 'nocolor' 'populate' 'recv-keys' 'refresh-keys' 'updatedb' 'lsign-key' 'nocolor' 'populate' 'recv-keys' 'refresh-keys' 'updatedb'
'verify' 'version') 'verbose' 'verify' 'version')
if ! parseopts "$OPT_SHORT" "${OPT_LONG[@]}" -- "$@"; then if ! parseopts "$OPT_SHORT" "${OPT_LONG[@]}" -- "$@"; then
exit 1 # E_INVALID_OPTION exit 1 # E_INVALID_OPTION
fi fi
@ -574,6 +586,7 @@ while (( $# )); do
-r|--recv-keys) RECEIVE=1 UPDATEDB=1 ;; -r|--recv-keys) RECEIVE=1 UPDATEDB=1 ;;
--refresh-keys) REFRESH=1 ;; --refresh-keys) REFRESH=1 ;;
-u|--updatedb) UPDATEDB=1 ;; -u|--updatedb) UPDATEDB=1 ;;
--verbose) VERBOSE=1 ;;
-v|--verify) VERIFY=1 ;; -v|--verify) VERIFY=1 ;;
-h|--help) usage; exit 0 ;; -h|--help) usage; exit 0 ;;