diff options
author | Allan McRae <allan@archlinux.org> | 2011-07-09 11:16:12 +1000 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2011-07-19 10:27:53 +1000 |
commit | 74f6d717a3e25957ca5f3cf80897b218b990eea8 (patch) | |
tree | e78c0f1b6f3f1e91f48ef2264aadf0e69089c3f6 | |
parent | 74e5a494b0cfea7a987fd2b253b765ca4362b456 (diff) | |
download | pacman-74f6d717a3e25957ca5f3cf80897b218b990eea8.tar.xz |
pacman-key: move verifying keyring files to own function
Also check all files before bailing on errors.
Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r-- | scripts/pacman-key.sh.in | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index fd52359b..4366ca45 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -87,30 +87,15 @@ get_from() { done < "$1" } -reload_keyring() { - local PACMAN_SHARE_DIR='@prefix@/share/pacman' - local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}" - - # Variable used for iterating on keyrings - local key - local key_id - - # Keyring with keys to be added to the keyring - local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg" - - # Keyring with keys that were deprecated and will eventually be deleted - local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg" - - # List of keys removed from the keyring. This file is not a keyring, unlike the others. - # It is a textual list of values that gpg recogniezes as identifiers for keys. - local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys" +verify_keyring_input() { + local ret=0; # Verify signatures of related files, if they exist if [[ -r "${ADDED_KEYS}" ]]; then msg "$(gettext "Verifying official keys file signature...")" if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}" - exit 1 + ret=1 fi fi @@ -118,7 +103,7 @@ reload_keyring() { msg "$(gettext "Verifying deprecated keys file signature...")" if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}" - exit 1 + ret=1 fi fi @@ -126,10 +111,33 @@ reload_keyring() { msg "$(gettext "Verifying deleted keys file signature...")" if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}" - exit 1 + ret=1 fi fi + return errors +} + +reload_keyring() { + local PACMAN_SHARE_DIR='@prefix@/share/pacman' + local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}" + + # Variable used for iterating on keyrings + local key + local key_id + + # Keyring with keys to be added to the keyring + local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg" + + # Keyring with keys that were deprecated and will eventually be deleted + local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg" + + # List of keys removed from the keyring. This file is not a keyring, unlike the others. + # It is a textual list of values that gpg recogniezes as identifiers for keys. + local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys" + + verify_keyring_input || exit 1 + # Read the key ids to an array. The conversion from whatever is inside the file # to key ids is important, because key ids are the only guarantee of identification # for the keys. |