FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 04-13-2012, 03:25 AM
Allan McRae
 
Default pacman-key: allow verification of multiple sig files

On 13/04/12 00:54, Dave Reisner wrote:
> Loop through arguments passed to verify_sig and treat each as a
> signature to be verified against a source file. Output each file as its
> checked to avoid ambiguity.
>
> Signed-off-by: Dave Reisner <dreisner@archlinux.org>
> ---
> doc/pacman-key.8.txt | 2 +-
> scripts/pacman-key.sh.in | 15 ++++++++++-----
> 2 files changed, 11 insertions(+), 6 deletions(-)
>
> diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
> index 96ac31c..4a2122f 100644
> --- a/doc/pacman-key.8.txt
> +++ b/doc/pacman-key.8.txt
> @@ -96,7 +96,7 @@ Operations
> Displays the program version.
>
> *-v, --verify*::
> - Verify the given signature file.
> + Verify the given targets as signature files.

Not sure I like this wording... How about sticking with the wording in
--help "Verify the file(s) specified by the signature(s)".


>
> Options
> -------
> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> index b2c3da9..2083a60 100644
> --- a/scripts/pacman-key.sh.in
> +++ b/scripts/pacman-key.sh.in
> @@ -66,7 +66,7 @@ usage() {
> printf -- "$(gettext " -l, --list-keys List the specified or all keys")
"
> printf -- "$(gettext " -r, --recv-keys Fetch the specified keyids")
"
> printf -- "$(gettext " -u, --updatedb Update the trustdb of pacman")
"
> - printf -- "$(gettext " -v, --verify Verify the file specified by the signature")
"
> + printf -- "$(gettext " -v, --verify Verify the file(s) specified by the signature(s)")
"
> printf -- "$(gettext " --edit-key Present a menu for key management task on keyids")
"
> printf -- "$(gettext " --import Imports pubring.gpg from dir(s)")
"
> printf -- "$(gettext " --import-trustdb Imports ownertrust values from trustdb.gpg in dir(s)")
"
> @@ -455,10 +455,15 @@ refresh_keys() {
> }
>
> verify_sig() {
> - if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$1" | grep -qE 'TRUST_(FULLY|ULTIMATE)'; then
> - error "$(gettext "The signature identified by %s could not be verified.")" "$1"
> - exit 1
> - fi
> + local ret=0
> + for sig; do
> + msg "Checking %s ..." "$sig"
> + if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE 'TRUST_(FULLY|ULTIMATE)'; then
> + error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
> + ret=1
> + fi
> + done
> + exit $ret
> }
>
> updatedb() {
 
Old 04-13-2012, 12:27 PM
Dave Reisner
 
Default pacman-key: allow verification of multiple sig files

On Thu, Apr 12, 2012 at 11:25 PM, Allan McRae <allan@archlinux.org> wrote:

> On 13/04/12 00:54, Dave Reisner wrote:
> > Loop through arguments passed to verify_sig and treat each as a
> > signature to be verified against a source file. Output each file as its
> > checked to avoid ambiguity.
> >
> > Signed-off-by: Dave Reisner <dreisner@archlinux.org>
> > ---
> > doc/pacman-key.8.txt | 2 +-
> > scripts/pacman-key.sh.in | 15 ++++++++++-----
> > 2 files changed, 11 insertions(+), 6 deletions(-)
> >
> > diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
> > index 96ac31c..4a2122f 100644
> > --- a/doc/pacman-key.8.txt
> > +++ b/doc/pacman-key.8.txt
> > @@ -96,7 +96,7 @@ Operations
> > Displays the program version.
> >
> > *-v, --verify*::
> > - Verify the given signature file.
> > + Verify the given targets as signature files.
>
> Not sure I like this wording... How about sticking with the wording in
> --help "Verify the file(s) specified by the signature(s)".
>
>
Agreed.


>
> >
> > Options
> > -------
> > diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> > index b2c3da9..2083a60 100644
> > --- a/scripts/pacman-key.sh.in
> > +++ b/scripts/pacman-key.sh.in
> > @@ -66,7 +66,7 @@ usage() {
> > printf -- "$(gettext " -l, --list-keys List the
> specified or all keys")
"
> > printf -- "$(gettext " -r, --recv-keys Fetch the
> specified keyids")
"
> > printf -- "$(gettext " -u, --updatedb Update the
> trustdb of pacman")
"
> > - printf -- "$(gettext " -v, --verify Verify the file
> specified by the signature")
"
> > + printf -- "$(gettext " -v, --verify Verify the
> file(s) specified by the signature(s)")
"
> > printf -- "$(gettext " --edit-key Present a menu
> for key management task on keyids")
"
> > printf -- "$(gettext " --import Imports
> pubring.gpg from dir(s)")
"
> > printf -- "$(gettext " --import-trustdb Imports
> ownertrust values from trustdb.gpg in dir(s)")
"
> > @@ -455,10 +455,15 @@ refresh_keys() {
> > }
> >
> > verify_sig() {
> > - if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$1" | grep -qE
> 'TRUST_(FULLY|ULTIMATE)'; then
> > - error "$(gettext "The signature identified by %s could not
> be verified.")" "$1"
> > - exit 1
> > - fi
> > + local ret=0
> > + for sig; do
> > + msg "Checking %s ..." "$sig"
> > + if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" |
> grep -qE 'TRUST_(FULLY|ULTIMATE)'; then
> > + error "$(gettext "The signature identified by %s
> could not be verified.")" "$sig"
> > + ret=1
> > + fi
> > + done
> > + exit $ret
> > }
> >
> > updatedb() {
>
>
>
 

Thread Tools




All times are GMT. The time now is 09:58 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org