diff options
author | canyonknight <canyonknight@gmail.com> | 2012-01-16 19:12:41 -0500 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2012-01-18 22:01:12 -0600 |
commit | c231c9af9712e95e58f660d46bd8feaf6fd891e2 (patch) | |
tree | 78aee24bf33a856e5602dabd894cde54a9aa120e | |
parent | 24ca6ce1f969a6f5d3ef9277f6d20efcd76330ec (diff) | |
download | pacman-c231c9af9712e95e58f660d46bd8feaf6fd891e2.tar.xz |
Improve exit statuses and error messages in pacman-key
Return codes from gpg commands are currently lost. This adds the functionality
of taking non-zero exit statuses from gpg. This includes error reporting for all
gpg commands that are run individually, run in a loop, and run through a pipe.
Includes the check_keyids_exist function which verifies a key exists locally
prior to attempted local manipulation of the key.
If a gpg command has a non-zero status, pacman-key will now exit with a non-zero
status. It will print a gettext error message of gpg's failure.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r-- | scripts/pacman-key.sh.in | 118 |
1 files changed, 95 insertions, 23 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 02df8c50..b7c77d82 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -144,6 +144,20 @@ add_gpg_conf_option() { fi } +check_keyids_exist() { + local ret=0 + for key in "${KEYIDS[@]}"; do + # Verify if the key exists in pacman's keyring + if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null ; then + error "$(gettext "The key identified by %s could not be found locally.")" "$key" + ret=1 + fi + done + if (( ret )); then + exit 1 + fi +} + initialize() { local conffile keyserv # Check for simple existence rather than for a directory as someone @@ -339,85 +353,143 @@ populate_keyring() { } add_keys() { - "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}" + if ! "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}" ; then + error "$(gettext "A specified keyfile could not be added to the gpg keychain.")" + exit 1 + fi } delete_keys() { - "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}" + check_keyids_exist + if ! "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}" ; then + error "$(gettext "A specified key could not be removed from the gpg keychain.")" + exit 1 + fi } edit_keys() { - local errors=0; + check_keyids_exist + local ret=0 for key in "${KEYIDS[@]}"; do - # Verify if the key exists in pacman's keyring - if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null; then - error "$(gettext "The key identified by %s does not exist.")" "$key" - errors=1; + if ! "${GPG_PACMAN[@]}" --edit-key "$key" ; then + error "$(gettext "The key identified by %s could not be edited.")" "$key" + ret=1 fi done - (( errors )) && exit 1; - - for key in "${KEYIDS[@]}"; do - "${GPG_PACMAN[@]}" --edit-key "$key" - done + if (( ret )); then + exit 1 + fi } export_keys() { - "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}" + check_keyids_exist + if ! "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}" ; then + error "$(gettext "A specified key could not be exported from the gpg keychain.")" + exit 1 + fi } finger_keys() { - "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}" + check_keyids_exist + if ! "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}" ; then + error "$(gettext "The fingerprint of a specified key could not be determined.")" + exit 1 + fi } import_trustdb() { local importdir - + local ret=0 for importdir in "${IMPORT_DIRS[@]}"; do if [[ -f "${importdir}/trustdb.gpg" ]]; then gpg --homedir "${importdir}" --export-ownertrust | \ "${GPG_PACMAN[@]}" --import-ownertrust - + if (( PIPESTATUS )); then + error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg" + ret=1 + fi + else + error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg" + ret=1 fi done + if (( ret )); then + exit 1 + fi } import() { local importdir - + local ret=0 for importdir in "${IMPORT_DIRS[@]}"; do if [[ -f "${importdir}/pubring.gpg" ]]; then - "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg" + if ! "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg" ; then + error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg" + ret=1 + fi + else + error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg" + ret=1 fi done + if (( ret )); then + exit 1 + fi } list_keys() { - "${GPG_PACMAN[@]}" --batch --list-keys "${KEYIDS[@]}" + check_keyids_exist + if ! "${GPG_PACMAN[@]}" --batch --list-keys "${KEYIDS[@]}" ; then + error "$(gettext "A specified key could not be listed.")" + exit 1 + fi } list_sigs() { - "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}" + check_keyids_exist + if ! "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}" ; then + error "$(gettext "A specified signature could not be listed.")" + exit 1 + fi } lsign_keys() { + check_keyids_exist printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${KEYIDS[@]}" 2>/dev/null + if (( PIPESTATUS[1] )); then + error "$(gettext "A specified key could not be locally signed.")" + exit 1 + fi } receive_keys() { - "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}" + if ! "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}" ; then + error "$(gettext "Remote key not fetched correctly from keyserver.")" + exit 1 + fi } refresh_keys() { - "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}" + check_keyids_exist + if ! "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}" ; then + error "$(gettext "A specified local key could not be updated from a keyserver.")" + exit 1 + fi } verify_sig() { - "${GPG_PACMAN[@]}" --verify $SIGNATURE + if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then + error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE" + exit 1 + fi } updatedb() { msg "$(gettext "Updating trust database...")" - "${GPG_PACMAN[@]}" --batch --check-trustdb + if ! "${GPG_PACMAN[@]}" --batch --check-trustdb ; then + error "$(gettext "Trust database could not be updated.")" + exit 1 + fi } # PROGRAM START |