Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   ArchLinux Pacman Development (http://www.linux-archive.org/archlinux-pacman-development/)
-   -   pacman-key: move verifying keyring files to own function (http://www.linux-archive.org/archlinux-pacman-development/550149-pacman-key-move-verifying-keyring-files-own-function.html)

Allan McRae 07-09-2011 01:59 AM

pacman-key: move verifying keyring files to own function
 
Also check all files before bailing on errors.

Signed-off-by: Allan McRae <allan@archlinux.org>
---
scripts/pacman-key.sh.in | 48 ++++++++++++++++++++++++++-------------------
1 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index c8f5111..5be627f 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -87,30 +87,15 @@ get_from() {
done < "$1"
}

-reload_keyring() {
- local PACMAN_SHARE_DIR='@prefix@/share/pacman'
- local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
-
- # Variable used for iterating on keyrings
- local key
- local key_id
-
- # Keyring with keys to be added to the keyring
- local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg"
-
- # Keyring with keys that were deprecated and will eventually be deleted
- local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg"
-
- # List of keys removed from the keyring. This file is not a keyring, unlike the others.
- # It is a textual list of values that gpg recogniezes as identifiers for keys.
- local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
+verify_keyring_input() {
+ local ret=0;

# Verify signatures of related files, if they exist
if [[ -r "${ADDED_KEYS}" ]]; then
msg "$(gettext "Verifying official keys file signature...")"
if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
- exit 1
+ ret=1
fi
fi

@@ -118,7 +103,7 @@ reload_keyring() {
msg "$(gettext "Verifying deprecated keys file signature...")"
if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
- exit 1
+ ret=1
fi
fi

@@ -126,10 +111,33 @@ reload_keyring() {
msg "$(gettext "Verifying deleted keys file signature...")"
if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
- exit 1
+ ret=1
fi
fi

+ return errors
+}
+
+reload_keyring() {
+ local PACMAN_SHARE_DIR='@prefix@/share/pacman'
+ local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
+
+ # Variable used for iterating on keyrings
+ local key
+ local key_id
+
+ # Keyring with keys to be added to the keyring
+ local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg"
+
+ # Keyring with keys that were deprecated and will eventually be deleted
+ local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg"
+
+ # List of keys removed from the keyring. This file is not a keyring, unlike the others.
+ # It is a textual list of values that gpg recogniezes as identifiers for keys.
+ local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
+
+ verify_keyring_input || exit 1
+
# Read the key ids to an array. The conversion from whatever is inside the file
# to key ids is important, because key ids are the only guarantee of identification
# for the keys.
--
1.7.6


All times are GMT. The time now is 10:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.