summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDave Reisner <dreisner@archlinux.org>2012-04-14 19:56:03 -0400
committerDan McGee <dan@archlinux.org>2012-04-24 08:46:13 -0500
commitb2a2a982979ecd9b9bcdbf5f1c60d005ed238b60 (patch)
tree6f3f0e954f0bfa6fe53142629dfc4387ccdd4bcc
parentca4f8687f7816c283ee2b4a438b28deff3a276d4 (diff)
downloadpacman-b2a2a982979ecd9b9bcdbf5f1c60d005ed238b60.tar.xz
pacman-key: lookup keys before receiving
Perform a search for keys that clearly aren't key IDs. This allows receiving keys by name or email address, but only if the key resolves unambiguously. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
-rw-r--r--scripts/pacman-key.sh.in41
1 files changed, 40 insertions, 1 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index bd2c7397..e2e89803 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -116,6 +116,30 @@ get_from() {
return 1
}
+key_lookup_from_name() {
+ local ids
+
+ mapfile -t ids < \
+ <("${GPG_PACMAN[@]}" --search-keys --batch --with-colons "$1" 2>/dev/null |
+ awk -F: '$1 == "pub" { print $2 }')
+
+ # only return success on non-ambiguous lookup
+ case ${#ids[*]} in
+ 0)
+ error "$(gettext "Failed to lookup key by name:") %s" "$name"
+ return 1
+ ;;
+ 1)
+ printf '%s' "${ids[0]}"
+ return 0
+ ;;
+ *)
+ error "$(gettext "Key name is ambiguous:") %s" "$name"
+ return 1
+ ;;
+ esac
+}
+
generate_master_key() {
# Generate the master key, which will be in both pubring and secring
"${GPG_PACMAN[@]}" --gen-key --batch <<EOF
@@ -424,7 +448,22 @@ lsign_keys() {
}
receive_keys() {
- if ! "${GPG_PACMAN[@]}" --recv-keys "$@" ; then
+ local name id keyids
+
+ # if the key is not a hex ID, do a lookup
+ for name; do
+ if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then
+ keyids+=("$name")
+ else
+ if id=$(key_lookup_from_name "$name"); then
+ keyids+=("$id")
+ fi
+ fi
+ done
+
+ (( ${#keyids[*]} > 0 )) || exit 1
+
+ if ! "${GPG_PACMAN[@]}" --recv-keys "${keyids[@]}" ; then
error "$(gettext "Remote key not fetched correctly from keyserver.")"
exit 1
fi