summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/pacman-key.8.txt7
-rw-r--r--scripts/pacman-key.sh.in43
2 files changed, 47 insertions, 3 deletions
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index cf72b83c..14f3cb9e 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -60,6 +60,13 @@ Options
*-h, \--help*::
Output syntax and command line options.
+*--import* <dir(s)>::
+ Adds keys from pubring.gpg into pacman's keyring and imports ownertrust
+ values from trustdb.gpg in the specified directories.
+
+*--import-dirs* <dir(s)> ::
+ Imports ownertrust values from trustdb.gpg in the specified directories.
+
*--init*::
Ensure the keyring is properly initialized and has the required access
permissions.
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index ab0318e6..e6a4691b 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -32,6 +32,8 @@ DELETE=0
EDITKEY=0
EXPORT=0
FINGER=0
+IMPORT=0
+IMPORT_TRUSTDB=0
INIT=0
LIST=0
RECEIVE=0
@@ -66,6 +68,8 @@ usage() {
echo "$(gettext " --edit-key <keyid(s)> Present a menu for key management task on keyids")"
echo "$(gettext " --gpgdir <dir> Set an alternate directory for gnupg")"
printf "$(gettext " (instead of '%s')")\n" "@sysconfdir@/pacman.d/gnupg"
+ echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")"
+ echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")"
echo "$(gettext " --init Ensure the keyring is properly initialized")"
echo "$(gettext " --reload Reload the default keys")"
}
@@ -278,6 +282,34 @@ edit_keys() {
done
}
+import_trustdb() {
+ local importdir
+ local trustdb=$(mktemp)
+ "${GPG_PACMAN[@]}" --export-ownertrust > ${trustdb}
+
+ for importdir in "${IMPORT_DIRS[@]}"; do
+ if [[ -f "${importdir}/trustdb.gpg" ]]; then
+ gpg --homedir "${importdir}" --export-ownertrust >> ${trustdb}
+ fi
+ done
+
+ "${GPG_PACMAN[@]}" --import-ownertrust ${trustdb}
+ rm -f ${trustdb}
+}
+
+import() {
+ local importdir
+
+ # Imports public keys, then import trustdbs
+ for importdir in "${IMPORT_DIRS[@]}"; do
+ if [[ -f "${importdir}/pubring.gpg" ]]; then
+ "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg"
+ fi
+ done
+
+ import_trustdb
+}
+
# PROGRAM START
if ! type gettext &>/dev/null; then
gettext() {
@@ -287,7 +319,8 @@ fi
OPT_SHORT="a::d:e:f::hlr:uv:V"
OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:"
-OPT_LONG+=",help,init,list,receive:,reload,updatedb,verify:,version"
+OPT_LONG+=",help,import:,import-trustdb:,init,list,receive:,reload,updatedb"
+OPT_LONG+=",verify:,version"
if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
echo; usage; exit 1 # E_INVALID_OPTION;
fi
@@ -308,6 +341,8 @@ while true; do
-e|--export) EXPORT=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
-f|--finger) FINGER=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;;
--gpgdir) shift; PACMAN_KEYRING_DIR=$1 ;;
+ --import) IMPORT=1; shift; IMPORT_DIRS=($1) ;;
+ --import-trustdb) IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1) ;;
--init) INIT=1 ;;
-l|--list) LIST=1 ;;
-r|--receive) RECEIVE=1; shift; TMP=($1); KEYSERVER=${TMP[0]}; KEYIDS=(${TMP[@]:1}); unset TMP;;
@@ -330,7 +365,7 @@ if ! type -p gpg >/dev/null; then
exit 1
fi
-if (( (ADD || DELETE || EDITKEY || INIT || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then
+if (( (ADD || DELETE || EDITKEY || IMPORT || IMPORT_TRUSTDB || INIT || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then
error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key"
exit 1
fi
@@ -348,7 +383,7 @@ PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "
GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning)
# check only a single operation has been given
-numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + INIT + LIST + RECEIVE + RELOAD + UPDATEDB + VERIFY ))
+numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + IMPORT + IMPORT_TRUSTDB + INIT + LIST + RECEIVE + RELOAD + UPDATEDB + VERIFY ))
case $numopt in
0)
@@ -369,6 +404,8 @@ esac
(( EDITKEY )) && edit_keys
(( EXPORT )) && "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}"
(( FINGER )) && "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}"
+(( IMPORT )) && import
+(( IMPORT_TRUSTDB)) && import_trustdb
(( INIT )) && initialize
(( LIST )) && "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}"
(( RECEIVE )) && receive_keys