From ed353d91b7fe5ab397cc6c649ceca2f0ea507023 Mon Sep 17 00:00:00 2001 From: Allan McRae Date: Tue, 27 Mar 2012 00:20:05 +1000 Subject: pacman-key: make the -e option work as advertised Using -e without arguments failed to export all keys. Using --export worked as expected. Signed-off-by: Allan McRae Signed-off-by: Dan McGee --- scripts/pacman-key.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts/pacman-key.sh.in') diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 3ea8947f..695b46b9 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -460,7 +460,7 @@ if ! type gettext &>/dev/null; then } fi -OPT_SHORT="a::d:e:f::hl::r:uv:V" +OPT_SHORT="a::d:e::f::hl::r:uv:V" OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:" OPT_LONG+=",help,import:,import-trustdb:,init,keyserver:,list-keys::,list-sigs::" OPT_LONG+=",lsign-key:,populate::,recv-keys:,refresh-keys::,updatedb" -- cgit v1.2.3-54-g00ecf From d7f4e8fbccb1506697d2c9f70c32326c01c05cb3 Mon Sep 17 00:00:00 2001 From: Allan McRae Date: Wed, 28 Mar 2012 11:55:39 +1000 Subject: pacman-key: change to more reliable default keyserver User reports indicate that the SKS keyservers are more reliable than both the gnupg.net and mit.edu ones. Signed-off-by: Allan McRae Signed-off-by: Dan McGee --- scripts/pacman-key.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts/pacman-key.sh.in') diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 695b46b9..ccc387b2 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -45,7 +45,7 @@ REFRESH=0 UPDATEDB=0 VERIFY=0 -DEFAULT_KEYSERVER='hkp://keys.gnupg.net' +DEFAULT_KEYSERVER='hkp://pool.sks-keyservers.net' m4_include(library/output_format.sh) -- cgit v1.2.3-54-g00ecf From a8f03d07c7eaae02a55065a4a2f098ef6d8b5bff Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Sat, 31 Mar 2012 15:55:14 +0200 Subject: pacman-key: Actually verify signatures and exit with correct codes We cannot rely on gpg's exit code. Instead we have to check the status-fd to figure out whether a signature is valid or not. In addition to this pacman-key --verify can now be used in scripts as it will return an exit code of 1 if the signature is invalid. Signed-off-by: Pierre Schmitz Signed-off-by: Dan McGee --- scripts/pacman-key.sh.in | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'scripts/pacman-key.sh.in') diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index ccc387b2..278e3d6e 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -439,10 +439,14 @@ refresh_keys() { } verify_sig() { - if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then + local fd="$(mktemp)" + "${GPG_PACMAN[@]}" --status-file "${fd}" --verify $SIGNATURE + if ! grep -q TRUST_FULLY "${fd}"; then + rm -f "${fd}" error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE" exit 1 fi + rm -f "${fd}" } updatedb() { -- cgit v1.2.3-54-g00ecf From 3c5d5a19b36c5ea3638de263cb7cd1be6289cb44 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sat, 7 Apr 2012 11:54:02 -0400 Subject: Revert "parseopts: normalize options into an array" This was really only half a fix for FS#28445, as it still doesn't correctly handle the case of filenames with spaces. In the short term, there is no obvious fix for this. In the long term, I believe the correct decision is to rewrite the options parser to be more in line with GNU getopt_long. This reverts commits: ca4142714137b16feabac09c4cda86b0a75036f8. 969dcddbdf9d5dbd91aa414cdd193f3fb26b644b. --- scripts/library/parse_options.sh | 32 +++++++++++++++++++++----------- scripts/makepkg.sh.in | 6 +++--- scripts/pacman-key.sh.in | 6 +++--- 3 files changed, 27 insertions(+), 17 deletions(-) (limited to 'scripts/pacman-key.sh.in') diff --git a/scripts/library/parse_options.sh b/scripts/library/parse_options.sh index d57443b0..039eef92 100644 --- a/scripts/library/parse_options.sh +++ b/scripts/library/parse_options.sh @@ -3,7 +3,7 @@ parse_options() { local short_options=$1; shift; local long_options=$1; shift; local ret=0; - local unused_options=() + local unused_options="" local i while [[ -n $1 ]]; do @@ -23,15 +23,17 @@ parse_options() { [[ ${match} = ${1:2}:: && -n $2 && ${2:0:1} != "-" ]] && needsargument=1 if (( ! needsargument )); then - OPTRET+=("$1") + printf ' %s' "$1" else if [[ -n $2 ]]; then - OPTRET+=("$1" "$2") + printf ' %s ' "$1" shift + printf "'%q" "$1" while [[ -n $2 && ${2:0:1} != "-" ]]; do shift - OPTRET+=("$1") + printf " %q" "$1" done + printf "'" else printf "@SCRIPTNAME@: $(gettext "option %s requires an argument\n")" "'$1'" >&2 ret=1 @@ -55,22 +57,26 @@ parse_options() { ( -n ${1:$i+1} || ( -n $2 && ${2:0:1} != "-" ) ) ]] && needsargument=1 if (( ! needsargument )); then - OPTRET+=("-${1:i:1}") + printf ' -%s' "${1:i:1}" else if [[ -n ${1:$i+1} ]]; then - OPTRET+=("-${1:i:1}" "${1:i+1}") + printf ' -%s ' "${1:i:1}" + printf "'%q" "${1:$i+1}" while [[ -n $2 && ${2:0:1} != "-" ]]; do shift - OPTRET+=("$1") + printf " %q" "$1" done + printf "'" else if [[ -n $2 ]]; then - OPTRET+=("-${1:i:1}" "$2") + printf ' -%s ' "${1:i:1}" shift + printf "'%q" "$1" while [[ -n $2 && ${2:0:1} != "-" ]]; do shift - OPTRET+=("$1") + printf " %q" "$1" done + printf "'" else printf "@SCRIPTNAME@: $(gettext "option %s requires an argument\n")" "'-${1:i:1}'" >&2 @@ -85,11 +91,15 @@ parse_options() { fi done else - unused_options+=("$1") + unused_options="${unused_options} '$1'" fi shift done - OPTRET+=('--' "${unused_options[@]}") + printf " --" + [[ $unused_options ]] && printf ' %s' "${unused_options[@]}" + [[ $1 ]] && printf " '%s'" "$@" + printf "\n" + return $ret } diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 1faf591f..eeb7ede1 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1918,11 +1918,11 @@ OPT_LONG+=",version,config:" # Pacman Options OPT_LONG+=",noconfirm,noprogressbar" -if ! parse_options $OPT_SHORT $OPT_LONG "$@"; then +if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then echo; usage; exit 1 # E_INVALID_OPTION; fi -set -- "${OPTRET[@]}" -unset OPT_SHORT OPT_LONG OPTRET +eval set -- "$OPT_TEMP" +unset OPT_SHORT OPT_LONG OPT_TEMP while true; do case "$1" in diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 278e3d6e..9a77a19f 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -469,11 +469,11 @@ OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:" OPT_LONG+=",help,import:,import-trustdb:,init,keyserver:,list-keys::,list-sigs::" OPT_LONG+=",lsign-key:,populate::,recv-keys:,refresh-keys::,updatedb" OPT_LONG+=",verify:,version" -if ! parse_options $OPT_SHORT $OPT_LONG "$@"; then +if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then echo; usage; exit 1 # E_INVALID_OPTION; fi -set -- "${OPTRET[@]}" -unset OPT_SHORT OPT_LONG OPTRET +eval set -- "$OPT_TEMP" +unset OPT_SHORT OPT_LONG OPT_TEMP if [[ $1 == "--" ]]; then usage; -- cgit v1.2.3-54-g00ecf