From d9545103b9a9517cb8996562d990431094027663 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Thu, 1 Sep 2011 15:20:53 -0500 Subject: pacman-key: split keyserver to a separate option This also renames '--receive' to '-recv-keys' to match the wrapped gpg option name, rather than invent a new one, now that the calling convention is the same. Signed-off-by: Dan McGee --- doc/pacman-key.8.txt | 10 ++++++++-- scripts/pacman-key.sh.in | 31 ++++++++++++++++--------------- 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index 7481ce5b..824f0b3b 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -71,6 +71,12 @@ Options Ensure the keyring is properly initialized and has the required access permissions. +*\--keyserver* :: + Use the specified keyserver if the operation requires one. This will take + precedence over any keyserver option specified in a `gpg.conf` + configuration file. Running '\--init' with this option will set the default + keyserver if one was not already configured. + *-l, \--list-keys* [keyid(s)]:: Lists all or specified keys from the public keyring. @@ -81,8 +87,8 @@ Options Locally sign the given key. This is primarily used to root the web of trust in the local private key generated by '\--init'. -*-r, \--receive* :: - Fetch the specified keyid(s) from the specified key server URL. +*-r, \--recv-keys* :: + Equivalent to '\--recv-keys' in GnuPG. *\--populate* [keyring(s)]:: Reload the default keys from the (optionally provided) keyrings in diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 9bb8182a..a757b719 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -35,6 +35,7 @@ FINGER=0 IMPORT=0 IMPORT_TRUSTDB=0 INIT=0 +KEYSERVER='' LISTKEYS=0 LISTSIGS=0 LSIGNKEY=0 @@ -43,6 +44,8 @@ RECEIVE=0 UPDATEDB=0 VERIFY=0 +DEFAULT_KEYSERVER='hkp://keys.gnupg.net' + m4_include(library/output_format.sh) m4_include(library/parse_options.sh) @@ -61,7 +64,7 @@ usage() { echo "$(gettext " -f, --finger [keyid(s)] List fingerprint for specified or all keyids")" echo "$(gettext " -h, --help Show this help message and exit")" echo "$(gettext " -l, --list-keys [keyid(s)] List the specified or all keys")" - echo "$(gettext " -r, --receive Fetch the specified keyids")" + echo "$(gettext " -r, --recv-keys Fetch the specified keyids")" echo "$(gettext " -u, --updatedb Update the trustdb of pacman")" echo "$(gettext " -v, --verify Verify the file specified by the signature")" echo "$(gettext " -V, --version Show program version")" @@ -73,6 +76,7 @@ usage() { echo "$(gettext " --import Imports pubring.gpg and trustdb.gpg from dir(s)")" echo "$(gettext " --import-trustdb Imports ownertrust values from trustdb.gpg in dir(s)")" echo "$(gettext " --init Ensure the keyring is properly initialized")" + echo "$(gettext " --keyserver Specify a keyserver to use if necessary")" echo "$(gettext " --list-sigs [keyid(s)] List keys and their signatures")" echo "$(gettext " --lsign-key Locally sign the specified keyid")" printf "$(gettext " --populate [keyring(s)] Reload the default keys from the (given) keyrings\n\ @@ -136,7 +140,7 @@ add_gpg_conf_option() { } initialize() { - local conffile + local conffile keyserv # Check for simple existence rather than for a directory as someone # may want to use a symlink here [[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}" @@ -155,7 +159,8 @@ initialize() { add_gpg_conf_option "$conffile" 'no-greeting' add_gpg_conf_option "$conffile" 'no-permission-warning' add_gpg_conf_option "$conffile" 'lock-never' - add_gpg_conf_option "$conffile" 'keyserver' 'hkp://keys.gnupg.net' + keyserv=${KEYSERVER:-$DEFAULT_KEYSERVER} + add_gpg_conf_option "$conffile" 'keyserver' "$keyserv" # set up a private signing key (if none available) if [[ $(secret_keys_available) -lt 1 ]]; then @@ -304,14 +309,6 @@ populate_keyring() { fi } -receive_keys() { - if [[ -z ${KEYIDS[@]} ]]; then - error "$(gettext "You need to specify the keyserver and at least one key identifier")" - exit 1 - fi - "${GPG_PACMAN[@]}" --keyserver "$KEYSERVER" --recv-keys "${KEYIDS[@]}" -} - edit_keys() { local errors=0; for key in ${KEYIDS[@]}; do @@ -365,8 +362,8 @@ fi OPT_SHORT="a::d:e:f::hl::r:uv:V" OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:" -OPT_LONG+=",help,import:,import-trustdb:,init,list-keys::,list-sigs::" -OPT_LONG+=",lsign-key:,populate::,receive:,updatedb,verify:,version" +OPT_LONG+=",help,import:,import-trustdb:,init,keyserver:,list-keys::,list-sigs::" +OPT_LONG+=",lsign-key:,populate::,recv-keys:,updatedb,verify:,version" if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then echo; usage; exit 1 # E_INVALID_OPTION; fi @@ -390,11 +387,12 @@ while true; do --import) IMPORT=1; shift; IMPORT_DIRS=($1); UPDATEDB=1 ;; --import-trustdb) IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1); UPDATEDB=1 ;; --init) INIT=1 ;; + --keyserver) shift; KEYSERVER=$1 ;; -l|--list-keys) LISTKEYS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;; --list-sigs) LISTSIGS=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;; --lsign-key) LSIGNKEY=1; shift; KEYIDS=($1); UPDATEDB=1 ;; --populate) POPULATE=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYRINGIDS=($1); UPDATEDB=1 ;; - -r|--receive) RECEIVE=1; shift; TMP=($1); KEYSERVER=${TMP[0]}; KEYIDS=(${TMP[@]:1}); unset TMP; UPDATEDB=1 ;; + -r|--recv-keys) RECEIVE=1; shift; KEYIDS=($1); UPDATEDB=1 ;; -u|--updatedb) UPDATEDB=1 ;; -v|--verify) VERIFY=1; shift; SIGNATURE=$1 ;; @@ -429,6 +427,9 @@ fi PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo "@sysconfdir@/pacman.d/gnupg")} GPG_PACMAN=(gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning) +if [[ -n ${KEYSERVER} ]]; then + GPG_PACMAN+=(--keyserver ${KEYSERVER}) +fi # check only a single operation has been given # don't include UPDATEDB in here as other opts can induce it @@ -464,7 +465,7 @@ esac # TODO: we can't do --batch on lsign until we figure out --command-fd (( LSIGNKEY )) && "${GPG_PACMAN[@]}" --lsign-key "${KEYIDS[@]}" (( POPULATE )) && populate_keyring -(( RECEIVE )) && receive_keys +(( RECEIVE )) && "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}" (( VERIFY )) && "${GPG_PACMAN[@]}" --verify $SIGNATURE if (( UPDATEDB )); then -- cgit v1.2.3-70-g09d2