FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 07-08-2011, 11:59 AM
Allan McRae
 
Default pacman-key: remove the --adv option

The conversion to using parse_options causes this option to break.
It is preferable to remove the option rather than fix it as it is
simply a wrapper for "gpg --homedir @sysconfdir@/pacman.d/gnupg".
Any user using more advanced keyring management than provided by
pacman-key can manage to point gpg at the right place themselves...

How to manually edit the keyring with gpg will instead be documented
in the man page in a later commit.

Signed-off-by: Allan McRae <allan@archlinux.org>
---
scripts/pacman-key.sh.in | 11 +----------
1 files changed, 1 insertions(+), 10 deletions(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 8e797f8..e49811c 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -28,7 +28,6 @@ myver="@PACKAGE_VERSION@"

# Options
ADD=0
-ADVANCED=0
DELETE=0
EXPORT=0
FINGER=0
@@ -60,7 +59,6 @@ usage() {
echo "$(gettext " -t, --trust <keyid(s)> Set the trust level of the given keyids")"
echo "$(gettext " -u, --updatedb Update the trustdb of pacman")"
echo "$(gettext " -V, --version Show program version")"
- echo "$(gettext " --adv <params> Use pacman's keyring with advanced gpg commands")"
echo "$(gettext " --config <file> Use an alternate config file")"
printf "$(gettext " (instead of '%s')")
" "@sysconfdir@/pacman.conf"
echo "$(gettext " --gpgdir <dir> Set an alternate directory for gnupg")"
@@ -228,7 +226,6 @@ fi
while true; do
case "$1" in
-a|--add) ADD=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYFILES=($1) ;;
- --adv) ADVANCED=1; shift; ARGUMENTS=($1) ;;
--config) shift; CONFIG=$1 ;;
-d|--del) DELETE=1; shift; KEYIDS=($1) ;;
-e|--export) EXPORT=1; shift; KEYIDS=($1) ;;
@@ -255,7 +252,7 @@ if ! type -p gpg >/dev/null; then
exit 1
fi

-if (( (ADD || ADVANCED || DELETE || RECEIVE || RELOAD || TRUST || UPDATEDB) && EUID != 0 )); then
+if (( (ADD || DELETE || RECEIVE || RELOAD || TRUST || UPDATEDB) && EUID != 0 )); then
error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key"
exit 1
fi
@@ -288,12 +285,6 @@ GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning"
(( RELOAD )) && reload_keyring
(( UPDATEDB )) && ${GPG_PACMAN} --batch --check-trustdb

-if (( ADVANCED )); then
- msg "$(gettext "Executing: %s %s")" "${GPG_PACMAN}" "${ARGUMENTS[@]}"
- ${GPG_PACMAN} "${ARGUMENTS[@]}" || ret=$?
- exit $ret
-fi
-
if (( RECEIVE )); then
if [[ -z ${KEYIDS[@]} ]]; then
error "$(gettext "You need to specify the keyserver and at least one key identifier")"
--
1.7.6
 
Old 07-08-2011, 11:59 AM
Allan McRae
 
Default pacman-key: remove the --adv option

The conversion to using parse_options causes this option to break.
It is preferable to remove the option rather than fix it as it is
simply a wrapper for "gpg --homedir @sysconfdir@/pacman.d/gnupg".
Any user using more advanced keyring management than provided by
pacman-key can manage to point gpg at the right place themselves...

How to manually edit the keyring with gpg will instead be documented
in the man page in a later commit.

Signed-off-by: Allan McRae <allan@archlinux.org>
---
scripts/pacman-key.sh.in | 11 +----------
1 files changed, 1 insertions(+), 10 deletions(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 8e797f8..e49811c 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -28,7 +28,6 @@ myver="@PACKAGE_VERSION@"

# Options
ADD=0
-ADVANCED=0
DELETE=0
EXPORT=0
FINGER=0
@@ -60,7 +59,6 @@ usage() {
echo "$(gettext " -t, --trust <keyid(s)> Set the trust level of the given keyids")"
echo "$(gettext " -u, --updatedb Update the trustdb of pacman")"
echo "$(gettext " -V, --version Show program version")"
- echo "$(gettext " --adv <params> Use pacman's keyring with advanced gpg commands")"
echo "$(gettext " --config <file> Use an alternate config file")"
printf "$(gettext " (instead of '%s')")
" "@sysconfdir@/pacman.conf"
echo "$(gettext " --gpgdir <dir> Set an alternate directory for gnupg")"
@@ -228,7 +226,6 @@ fi
while true; do
case "$1" in
-a|--add) ADD=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYFILES=($1) ;;
- --adv) ADVANCED=1; shift; ARGUMENTS=($1) ;;
--config) shift; CONFIG=$1 ;;
-d|--del) DELETE=1; shift; KEYIDS=($1) ;;
-e|--export) EXPORT=1; shift; KEYIDS=($1) ;;
@@ -255,7 +252,7 @@ if ! type -p gpg >/dev/null; then
exit 1
fi

-if (( (ADD || ADVANCED || DELETE || RECEIVE || RELOAD || TRUST || UPDATEDB) && EUID != 0 )); then
+if (( (ADD || DELETE || RECEIVE || RELOAD || TRUST || UPDATEDB) && EUID != 0 )); then
error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key"
exit 1
fi
@@ -288,12 +285,6 @@ GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning"
(( RELOAD )) && reload_keyring
(( UPDATEDB )) && ${GPG_PACMAN} --batch --check-trustdb

-if (( ADVANCED )); then
- msg "$(gettext "Executing: %s %s")" "${GPG_PACMAN}" "${ARGUMENTS[@]}"
- ${GPG_PACMAN} "${ARGUMENTS[@]}" || ret=$?
- exit $ret
-fi
-
if (( RECEIVE )); then
if [[ -z ${KEYIDS[@]} ]]; then
error "$(gettext "You need to specify the keyserver and at least one key identifier")"
--
1.7.6
 
Old 07-08-2011, 01:55 PM
Dan McGee
 
Default pacman-key: remove the --adv option

On Fri, Jul 8, 2011 at 6:59 AM, Allan McRae <allan@archlinux.org> wrote:
> The conversion to using parse_options causes this option to break.
> It is preferable to remove the option rather than fix it as it is
> simply a wrapper for "gpg --homedir @sysconfdir@/pacman.d/gnupg".
> Any user using more advanced keyring management than provided by
> pacman-key can manage to point gpg at the right place themselves...
>
> How to manually edit the keyring with gpg will instead be documented
> in the man page in a later commit.

I won't lie here, I'm not a fan of this but maybe because I've become
accustomed to the option being available. It was way easier than
typing out the long-form gpg command line. "pacman-key --adv --verify
/tmp/cryptsetup-1.3.1-1-x86_64.pkg.tar.xz.sig" is something I just
pulled out of my command history.

What if we just enforced instead that the entire arg string was quoted:
pacman-key --adv "--verify /tmp/cryptsetup-1.3.1-1-x86_64.pkg.tar.xz.sig"
Or perhaps the "don't parse anymore" option:
pacman-key --adv -- --verify /tmp/cryptsetup-1.3.1-1-x86_64.pkg.tar.xz.sig

-Dan

> Signed-off-by: Allan McRae <allan@archlinux.org>
> ---
> *scripts/pacman-key.sh.in | * 11 +----------
> *1 files changed, 1 insertions(+), 10 deletions(-)
>
> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> index 8e797f8..e49811c 100644
> --- a/scripts/pacman-key.sh.in
> +++ b/scripts/pacman-key.sh.in
> @@ -28,7 +28,6 @@ myver="@PACKAGE_VERSION@"
>
> *# Options
> *ADD=0
> -ADVANCED=0
> *DELETE=0
> *EXPORT=0
> *FINGER=0
> @@ -60,7 +59,6 @@ usage() {
> * * * *echo "$(gettext " *-t, --trust <keyid(s)> * *Set the trust level of the given keyids")"
> * * * *echo "$(gettext " *-u, --updatedb * * * * * *Update the trustdb of pacman")"
> * * * *echo "$(gettext " *-V, --version * * * * * * Show program version")"
> - * * * echo "$(gettext " *--adv <params> * * * * * *Use pacman's keyring with advanced gpg commands")"
> * * * *echo "$(gettext " *--config <file> * * * * * Use an alternate config file")"
> * * * *printf "$(gettext " * * * * * * * * * * * * * * * * * *(instead of '%s')")
" "@sysconfdir@/pacman.conf"
> * * * *echo "$(gettext " *--gpgdir <dir> * * * * * *Set an alternate directory for gnupg")"
> @@ -228,7 +226,6 @@ fi
> *while true; do
> * * * *case "$1" in
> * * * * * * * *-a|--add) * * * * ADD=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYFILES=($1) ;;
> - * * * * * * * --adv) * * * * * *ADVANCED=1; shift; ARGUMENTS=($1) ;;
> * * * * * * * *--config) * * * * shift; CONFIG=$1 ;;
> * * * * * * * *-d|--del) * * * * DELETE=1; shift; KEYIDS=($1) ;;
> * * * * * * * *-e|--export) * * *EXPORT=1; shift; KEYIDS=($1) ;;
> @@ -255,7 +252,7 @@ if ! type -p gpg >/dev/null; then
> * * * *exit 1
> *fi
>
> -if (( (ADD || ADVANCED || DELETE || RECEIVE || RELOAD || TRUST || UPDATEDB) && EUID != 0 )); then
> +if (( (ADD || DELETE || RECEIVE || RELOAD || TRUST || UPDATEDB) && EUID != 0 )); then
> * * * *error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key"
> * * * *exit 1
> *fi
> @@ -288,12 +285,6 @@ GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning"
> *(( RELOAD )) && reload_keyring
> *(( UPDATEDB )) && ${GPG_PACMAN} --batch --check-trustdb
>
> -if (( ADVANCED )); then
> - * * * msg "$(gettext "Executing: %s %s")" "${GPG_PACMAN}" "${ARGUMENTS[@]}"
> - * * * ${GPG_PACMAN} "${ARGUMENTS[@]}" || ret=$?
> - * * * exit $ret
> -fi
> -
> *if (( RECEIVE )); then
> * * * *if [[ -z ${KEYIDS[@]} ]]; then
> * * * * * * * *error "$(gettext "You need to specify the keyserver and at least one key identifier")"
> --
> 1.7.6
>
>
>
 
Old 07-08-2011, 08:40 PM
Allan McRae
 
Default pacman-key: remove the --adv option

On 08/07/11 23:55, Dan McGee wrote:

On Fri, Jul 8, 2011 at 6:59 AM, Allan McRae<allan@archlinux.org> wrote:

The conversion to using parse_options causes this option to break.
It is preferable to remove the option rather than fix it as it is
simply a wrapper for "gpg --homedir @sysconfdir@/pacman.d/gnupg".
Any user using more advanced keyring management than provided by
pacman-key can manage to point gpg at the right place themselves...

How to manually edit the keyring with gpg will instead be documented
in the man page in a later commit.


I won't lie here, I'm not a fan of this but maybe because I've become
accustomed to the option being available. It was way easier than
typing out the long-form gpg command line. "pacman-key --adv --verify
/tmp/cryptsetup-1.3.1-1-x86_64.pkg.tar.xz.sig" is something I just
pulled out of my command history.

What if we just enforced instead that the entire arg string was quoted:
pacman-key --adv "--verify /tmp/cryptsetup-1.3.1-1-x86_64.pkg.tar.xz.sig"
Or perhaps the "don't parse anymore" option:
pacman-key --adv -- --verify /tmp/cryptsetup-1.3.1-1-x86_64.pkg.tar.xz.sig



The latter would work, but I am still not entirely convinced about the
need for this...


I intend to add a --verify option to pacman-key because I think that
would be a fairly common command to use. Anything else with common
usage should also be added to pacman-key.


Is there anything else you used this for? I just have this nagging
feeling that hiding what gpg is doing (we already have
--no-permission-warning there by default) is not the way to go. Not
that my opinion is overly strong on this.


Allan
 
Old 07-08-2011, 08:44 PM
Dan McGee
 
Default pacman-key: remove the --adv option

On Friday, July 8, 2011, Allan McRae <allan@archlinux.org> wrote:
> On 08/07/11 23:55, Dan McGee wrote:
>
> On Fri, Jul 8, 2011 at 6:59 AM, Allan McRae<allan@archlinux.org> *wrote:
>
> The conversion to using parse_options causes this option to break.
> It is preferable to remove the option rather than fix it as it is
> simply a wrapper for "gpg --homedir @sysconfdir@/pacman.d/gnupg".
> Any user using more advanced keyring management than provided by
> pacman-key can manage to point gpg at the right place themselves...
>
> How to manually edit the keyring with gpg will instead be documented
> in the man page in a later commit.
>
>
> I won't lie here, I'm not a fan of this but maybe because I've become
> accustomed to the option being available. It was way easier than
> typing out the long-form gpg command line. "pacman-key --adv --verify
> /tmp/cryptsetup-1.3.1-1-x86_64.pkg.tar.xz.sig" is something I just
> pulled out of my command history.
>
> What if we just enforced instead that the entire arg string was quoted:
> * * pacman-key --adv "--verify /tmp/cryptsetup-1.3.1-1-x86_64.pkg.tar.xz.sig"
> Or perhaps the "don't parse anymore" option:
> * * pacman-key --adv -- --verify /tmp/cryptsetup-1.3.1-1-x86_64.pkg.tar.xz.sig
>
>
>
> The latter would work, but I am still not entirely convinced about the need for this...
>
> I intend to add a --verify option to pacman-key because I think that would be a fairly common command to use. *Anything else with common usage should also be added to pacman-key.
>
> Is there anything else you used this for? *I just have this nagging feeling that hiding what gpg is doing (we already have --no-permission-warning there by default) is not the way to go. *Not that my opinion is overly strong on this.

That works too- if we add a --verify then I'm fine with this patch.

The --no-perm-warn is likely something we can/should move to a default
gpg.conf file.

-Dan
 

Thread Tools




All times are GMT. The time now is 08:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org