diff options
-rw-r--r-- | scripts/pacman-key.sh.in | 34 |
1 files changed, 13 insertions, 21 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 39da83da..72614c6e 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -275,22 +275,14 @@ populate_keyring() { # Read the revoked key IDs to an array. The conversion from whatever is inside the file # to key ids is important, because key ids are the only guarantee of identification # for the keys. - local -A removed_ids + local -A revoked_ids for keyring in "${KEYRINGIDS[@]}"; do if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then while read key; do - local key_values name - # extract key ID (field 5) and the name of owner (field 10) - key_values="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')" - if [[ -n $key_values ]]; then - # The first word is the key_id - key_id="${key_values%% *}" - # the rest is the name of the owner - name="${key_values#* }" - if [[ -n ${key_id} ]]; then - # Mark this key to be deleted - removed_ids[$key_id]="$name" - fi + key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)" + if [[ -n ${key_id} ]]; then + # Mark this key to be disabled + revoked_ids[$key_id]="${keyring}" fi done < "${KEYRING_IMPORT_DIR}/${keyring}-revoked" fi @@ -300,19 +292,19 @@ populate_keyring() { # of keys to be removed if [[ -f "${PACMAN_KEYRING_DIR}/holdkeys" ]]; then while read key; do - key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)" - if [[ -n "${removed_ids[$key_id]}" ]]; then - unset removed_ids[$key_id] + key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)" + if [[ -n "${revoked_ids[$key_id]}" ]]; then + unset revoked_ids[$key_id] fi done < "${PACMAN_KEYRING_DIR}/holdkeys" fi # Remove the keys not marked to keep - if (( ${#removed_ids[@]} > 0 )); then - msg "$(gettext "Removing revoked keys from keyring...")" - for key_id in "${!removed_ids[@]}"; do - echo " removing key $key_id - ${removed_ids[$key_id]}" - "${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}" + if (( ${#revoked_ids[@]} > 0 )); then + msg "$(gettext "Disabling revoked keys in keyring...")" + for key_id in "${!revoked_ids[@]}"; do + msg2 "$(gettext "Disabling key %s...")" "${key_id}" + printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null done fi } |