summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2011-07-09 11:16:12 +1000
committerAllan McRae <allan@archlinux.org>2011-07-19 10:27:53 +1000
commit74f6d717a3e25957ca5f3cf80897b218b990eea8 (patch)
treee78c0f1b6f3f1e91f48ef2264aadf0e69089c3f6
parent74e5a494b0cfea7a987fd2b253b765ca4362b456 (diff)
downloadpacman-74f6d717a3e25957ca5f3cf80897b218b990eea8.tar.xz
pacman-key: move verifying keyring files to own function
Also check all files before bailing on errors. Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r--scripts/pacman-key.sh.in48
1 files changed, 28 insertions, 20 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index fd52359b..4366ca45 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -87,30 +87,15 @@ get_from() {
done < "$1"
}
-reload_keyring() {
- local PACMAN_SHARE_DIR='@prefix@/share/pacman'
- local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
-
- # Variable used for iterating on keyrings
- local key
- local key_id
-
- # Keyring with keys to be added to the keyring
- local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg"
-
- # Keyring with keys that were deprecated and will eventually be deleted
- local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg"
-
- # List of keys removed from the keyring. This file is not a keyring, unlike the others.
- # It is a textual list of values that gpg recogniezes as identifiers for keys.
- local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
+verify_keyring_input() {
+ local ret=0;
# Verify signatures of related files, if they exist
if [[ -r "${ADDED_KEYS}" ]]; then
msg "$(gettext "Verifying official keys file signature...")"
if ! ${GPG_PACMAN} --verify "${ADDED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}"
- exit 1
+ ret=1
fi
fi
@@ -118,7 +103,7 @@ reload_keyring() {
msg "$(gettext "Verifying deprecated keys file signature...")"
if ! ${GPG_PACMAN} --verify "${DEPRECATED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}"
- exit 1
+ ret=1
fi
fi
@@ -126,10 +111,33 @@ reload_keyring() {
msg "$(gettext "Verifying deleted keys file signature...")"
if ! ${GPG_PACMAN} --verify "${REMOVED_KEYS}.sig" &>/dev/null; then
error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}"
- exit 1
+ ret=1
fi
fi
+ return errors
+}
+
+reload_keyring() {
+ local PACMAN_SHARE_DIR='@prefix@/share/pacman'
+ local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
+
+ # Variable used for iterating on keyrings
+ local key
+ local key_id
+
+ # Keyring with keys to be added to the keyring
+ local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg"
+
+ # Keyring with keys that were deprecated and will eventually be deleted
+ local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg"
+
+ # List of keys removed from the keyring. This file is not a keyring, unlike the others.
+ # It is a textual list of values that gpg recogniezes as identifiers for keys.
+ local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
+
+ verify_keyring_input || exit 1
+
# Read the key ids to an array. The conversion from whatever is inside the file
# to key ids is important, because key ids are the only guarantee of identification
# for the keys.