summaryrefslogtreecommitdiffstats
path: root/scripts/pacman-key.sh.in
AgeCommit message (Collapse)AuthorFilesLines
2011-08-29pacman-key: refine permission and locking checksDan McGee1-3/+3
* secring.gpg can be 600, readable by root user only * ensure grep for lock-never option in check_keyring doesn't catch comments Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-29pacman-key: rework and document holding keys in keyringAllan McRae1-7/+5
The HoldKey option was undocumented and was not suited for pacman.conf. Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list of keys not to be removed from the pacman keyring with the --populate option. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29pacman-key: update trust database for relevant operationsAllan McRae1-12/+9
After most operations that touch the keyring, it is a good idea to always run a check on the trustdb as this prevents gpg complaining on later operations. Inspiration-from: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29pacman-key: import everything then revoke on --populateAllan McRae1-13/+10
The optimization of only importing keys that were not to be later revoked was a not smart enough. For example, if a key was in both a repos keyring and its revoke list, alternate runs of pacman-key --populate would add then remove the key from the pacman keyring. This problem is made worse when considering the possibility of multiple keyrings being imported. Instead, import all keys followed by the revoking of all keys. This may result in a key being added then revoked, but that is not much of an issue given that is a very fast operation. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29pacman-key: rework importing distro/repo provided keyringsAllan McRae1-74/+76
The current --reload option, apart from being non-clear in its naming, is very limited in that only one keyring can be provided. A distribution may want to provide multiple keyrings for various subsets of its organisation or custom repo providers may also want to provide a keyring. This patch adds a --populate option that reads keyrings from (by default) /usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional foo-revoked file providing a list of revoked key ids. These files are required to be signed (detached) by a key trusted by pacman-key, in practice probably by the key that signed the package providing these files. The --populate flag either updates the pacman keyring using all keyrings in the directory or individual keyrings can be specified. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-08Update several translation stringsDan McGee1-5/+5
* Fix typos/capitalization * Make sure large blocks of text are translated in one unit Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02pacman-key: follow gpg options for listing keysAllan McRae1-8/+13
The current --list option outputed the keys and all their signatures which can be overly verbose. It also did not take a list of keys on the command line to limit its output (although the code suggests that was intended). That patch brings consistency with gpg, providing --list-keys and --list-sigs options that function equivalently to those provided by gpg. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27pacman-key: Add --import and --import-trustdbPang Yan Han1-3/+40
Currently, pacman-key allows the user to import their keys using the --add option. However, no similar functionality exists for importing ownertrust values. The --import-trustdb option takes a list of directories and imports ownertrust values if the directories have a trustdb.gpg database. The --import option takes a list of directories and imports keys from pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination of --add and --import-trustdb Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27pacman-key: change GPG_PACMAN and GPG_NOKEYRING to arraysDJ Mills1-24/+24
Allows the commands to safely handle any possible arguments Signed-off-by: DJ Mills <danielmills1@gmail.com> Allan: rebase patch Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27pacman-key: fix syntax error in -r arg parsingAllan McRae1-1/+1
Previous fix did not work... Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21pacman-key: refactor post parse opt check into a caseDave Reisner1-12/+11
This is a cleaner expression of the same information. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21pacman-key: s/UPDATEBD/UPDATEDB/Dave Reisner1-1/+1
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21pacman-key: fix syntax error in -r arg parsingDave Reisner1-1/+1
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21pacman-key: return $ret, not errorsDave Reisner1-1/+1
fixes: /usr/bin/pacman-key: line 286: return: errors: numeric argument required Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-19pacman-key: --init: correct creation of gpg.confPang Yan Han1-1/+1
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: correct spelling mistakePang Yan Han1-1/+1
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: check required permissions on keyringAllan McRae1-0/+20
Makes sure that the pacman keyring is readable and that the user has permissions to create a lock file if lock-never is not specified in the gpg.conf file. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: add --init optionAllan McRae1-8/+26
Add an --init option that ensures that the pacman keyring has all the necessary files and they have the correct permissions for being read as a user. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: tidy up logic for finding pacman keyring directoryDave Reisner1-5/+3
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: refactor get_fromDave Reisner1-8/+10
This function had a variety of pitfalls, including the inability to successfully find a key=value pair where no whitespace surrounded the equals sign. Make it more robust by splitting the line on the equals itself, and performing whitespace trimming on the resulting key/value pair. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: add --verify optionAllan McRae1-3/+7
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: check only a single operation has been specifiedAllan McRae1-0/+16
Follow the example of gpg and only allow a single operation to be specified each time. Prevents having to deal with conflicting variable names and potential issues due to the order in which the operations are run. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: move verifying keyring files to own functionAllan McRae1-20/+28
Also check all files before bailing on errors. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: move --edit-key and --receive processing to functionsAllan McRae1-21/+26
This moves the processing of the --edit-key and --receive options to functions, keeping the final option processing to be all single line statements. Also rework the --edit-key option to validate all input before processing. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: hide output of executed commands on logic checksIvan Kanakarakis1-4/+4
This commit correctly redirects to /dev/null the output of several commands that get executed on logic checks. Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com> Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: rename --trust to --edit-keyAllan McRae1-8/+8
This keeps the naming of the option more consistent with what is actually being called by gpg. Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: fix quotation on several variable assignmentsIvan Kanakarakis1-8/+8
This commit adds quotes to several variable assignments. Unquoted values can cause problems on several occasions if the value is empty. It is safer to have every assignment quoted. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
2011-07-19pacman-key: allow the export of all key idsAllan McRae1-3/+3
The gpg --export will exprt all keys if none are specified. Replicate this behavior in pacman-key. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: rename --del to --deleteAllan McRae1-3/+3
There is already the short -d alias provided, so stay verbose with the longer option name. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: remove the --adv optionAllan McRae1-11/+2
The conversion to using parse_options causes this option to break. It is preferable to remove the option rather than fix it as it is simply a wrapper for "gpg --homedir @sysconfdir@/pacman.d/gnupg". Any user using more advanced keyring management than provided by pacman-key can manage to point gpg at the right place themselves... How to manually edit the keyring with gpg will instead be documented in the man page in a later commit. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19pacman-key: use our option parserAllan McRae1-93/+98
The pacman-key script is complicated enough to warrent usage of the parse_options script. This is especially helpful in dealing with all the configuration file override flags as the no longer need to be specified first. It also allows us to do the right thing early with --help/--version and no option cases cleanly. This change also makde the check for root privileges only occur on operations where they are needed. This patch is inspired by and supercedes some patches submitted by Denis A. Altoé Falqueto and Ivan Kanakarakis who were altering the previous option handling in an attempt to deal with the above issues. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-05pacman-key: fix syntax highlightingAllan McRae1-1/+1
The lone quotation mark in "pacman's" causes issues for some syntax highlighting. Change the printing of the nessage from echo to printf so we can invisibly escape it. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-30fix vim syntax highlighting of .sh filesFlorian Pritz1-1/+1
vim recognises what type of shell script it's dealing with by looking at the shebang. If detection fails it falls back to sh which doesn't support some bash features. Adding a normal, possibly broken, shebang which gets fixed by the Makefile allows vim to detect bash syntax. Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-23po/: split into scripts/po/ and src/pacman/po/Dan McGee1-1/+1
This is the first step at separating the pacman message catalog and the scripts message catalog. Makefiles, configure.ac, and other such files are adjusted accordingly, as well as renaming files. The TEXTDOMAIN of scripts is also adjusted. Note that no actual pot or po files get changed here; these will get pruned in a future commit so each catalog contains only the necessary messages. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-15scripts: refactor output formatting functionsAllan McRae1-20/+1
Move the common output formatting functions into a separate library file and import that into each script. makepkg is excluded due to its additional color formatting. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-08pacman-key: add vim modeline and fix whitespace issuesAllan McRae1-6/+8
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-07pacman-key: update copyrightAllan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-01pacman-key: print default gpgdir in usagePang Yan Han1-1/+1
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21pacman-key: improved reading of the configuration fileIvan Kanakarakis1-9/+13
This commit replaces the find_config() function with the get_from() function. get_from expects two arguments, the first is the file to read and the second is the key to look for in the given file. get_from returns the first matching value for the given key. The file is expected to be in the format: key = value Each of 'key' 'equal sign' 'value' can be surrounded be random whitespace. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21pacman-key: display the unsupported command to the userIvan Kanakarakis1-0/+1
If the user provides an unsupported command, inform the user that this switch is unknown, display usage and exit. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21makepkg, pacman-key: unify help message with other scriptsIvan Kanakarakis1-1/+1
The help message changed to match the one rankmirrors script has. It's clearer as to what the --help switch does. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27Create pacman keyring directory if missingRay Kohler1-1/+6
Use mode 755, so non-root users can see inside. Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that otherwise comes of not using mode 700 - this is not private data. GPGme turns out not to issue this warning itself, so no problem there. TODO: should non-root users be allowed to use the read-only operations (--list, --export, --finger)? Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23pacman-key help, round threeDan McGee1-39/+24
Make it actually like all our other tools rather than some homegrown format. Also make it translator friendly by not wrapping messages across lines in different strings. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23pacman-key: improve usage outputAllan McRae1-17/+21
Make the usage output display nicely on 80 character width terminals. Also fix parsing of "-h" and "-v" options and avoid root check when run with no commands. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23pacman-key: remake of --reload commandDenis A. Altoé Falqueto1-42/+99
The --reload command was refactored to allow a more flexible management. There are two sets of keys that will be added, one that will be removed and one that will be kept. The set of keys to be kept are configured in pacman.conf, with the option HoldKeys, with the same meaning of HoldPkgs. It can be repeated and several values can be put in the same entry. The new behavior allows a key to be marked for removal, but the user can decide if that key must be kept. For example, if a developer has a public repository, signed with his own key, that key must be added to the HoldKeys option. If the key is marked for removal from pacman's keyring, it will not be removed for the users that have configured HoldKeys correctly. There are other minor fixes, mainly in the handling of --add command when there is no aditional parameter. In that case, pacman-key will behave just like gpg, adding the contents of stdin into pacman's keyring. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
2011-03-23pacman-key: keyring management toolDenis A. Altoé Falqueto1-0/+274
The script pacman-key will manage pacman's keyring. It imports, exports, fetches from keyservers, helps in the process of trusting and updates the trust database. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>