summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2012-01-16 19:12:41 -0500
committerDan McGee <dan@archlinux.org>2012-01-18 22:01:12 -0600
commitc231c9af9712e95e58f660d46bd8feaf6fd891e2 (patch)
tree78aee24bf33a856e5602dabd894cde54a9aa120e
parent24ca6ce1f969a6f5d3ef9277f6d20efcd76330ec (diff)
downloadpacman-c231c9af9712e95e58f660d46bd8feaf6fd891e2.tar.xz
Improve exit statuses and error messages in pacman-key
Return codes from gpg commands are currently lost. This adds the functionality of taking non-zero exit statuses from gpg. This includes error reporting for all gpg commands that are run individually, run in a loop, and run through a pipe. Includes the check_keyids_exist function which verifies a key exists locally prior to attempted local manipulation of the key. If a gpg command has a non-zero status, pacman-key will now exit with a non-zero status. It will print a gettext error message of gpg's failure. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--scripts/pacman-key.sh.in118
1 files changed, 95 insertions, 23 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 02df8c50..b7c77d82 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -144,6 +144,20 @@ add_gpg_conf_option() {
fi
}
+check_keyids_exist() {
+ local ret=0
+ for key in "${KEYIDS[@]}"; do
+ # Verify if the key exists in pacman's keyring
+ if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null ; then
+ error "$(gettext "The key identified by %s could not be found locally.")" "$key"
+ ret=1
+ fi
+ done
+ if (( ret )); then
+ exit 1
+ fi
+}
+
initialize() {
local conffile keyserv
# Check for simple existence rather than for a directory as someone
@@ -339,85 +353,143 @@ populate_keyring() {
}
add_keys() {
- "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}"
+ if ! "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}" ; then
+ error "$(gettext "A specified keyfile could not be added to the gpg keychain.")"
+ exit 1
+ fi
}
delete_keys() {
- "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}"
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}" ; then
+ error "$(gettext "A specified key could not be removed from the gpg keychain.")"
+ exit 1
+ fi
}
edit_keys() {
- local errors=0;
+ check_keyids_exist
+ local ret=0
for key in "${KEYIDS[@]}"; do
- # Verify if the key exists in pacman's keyring
- if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null; then
- error "$(gettext "The key identified by %s does not exist.")" "$key"
- errors=1;
+ if ! "${GPG_PACMAN[@]}" --edit-key "$key" ; then
+ error "$(gettext "The key identified by %s could not be edited.")" "$key"
+ ret=1
fi
done
- (( errors )) && exit 1;
-
- for key in "${KEYIDS[@]}"; do
- "${GPG_PACMAN[@]}" --edit-key "$key"
- done
+ if (( ret )); then
+ exit 1
+ fi
}
export_keys() {
- "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}"
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}" ; then
+ error "$(gettext "A specified key could not be exported from the gpg keychain.")"
+ exit 1
+ fi
}
finger_keys() {
- "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}"
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}" ; then
+ error "$(gettext "The fingerprint of a specified key could not be determined.")"
+ exit 1
+ fi
}
import_trustdb() {
local importdir
-
+ local ret=0
for importdir in "${IMPORT_DIRS[@]}"; do
if [[ -f "${importdir}/trustdb.gpg" ]]; then
gpg --homedir "${importdir}" --export-ownertrust | \
"${GPG_PACMAN[@]}" --import-ownertrust -
+ if (( PIPESTATUS )); then
+ error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg"
+ ret=1
+ fi
+ else
+ error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg"
+ ret=1
fi
done
+ if (( ret )); then
+ exit 1
+ fi
}
import() {
local importdir
-
+ local ret=0
for importdir in "${IMPORT_DIRS[@]}"; do
if [[ -f "${importdir}/pubring.gpg" ]]; then
- "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg"
+ if ! "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg" ; then
+ error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg"
+ ret=1
+ fi
+ else
+ error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg"
+ ret=1
fi
done
+ if (( ret )); then
+ exit 1
+ fi
}
list_keys() {
- "${GPG_PACMAN[@]}" --batch --list-keys "${KEYIDS[@]}"
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --batch --list-keys "${KEYIDS[@]}" ; then
+ error "$(gettext "A specified key could not be listed.")"
+ exit 1
+ fi
}
list_sigs() {
- "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}"
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}" ; then
+ error "$(gettext "A specified signature could not be listed.")"
+ exit 1
+ fi
}
lsign_keys() {
+ check_keyids_exist
printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${KEYIDS[@]}" 2>/dev/null
+ if (( PIPESTATUS[1] )); then
+ error "$(gettext "A specified key could not be locally signed.")"
+ exit 1
+ fi
}
receive_keys() {
- "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}"
+ if ! "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}" ; then
+ error "$(gettext "Remote key not fetched correctly from keyserver.")"
+ exit 1
+ fi
}
refresh_keys() {
- "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}"
+ check_keyids_exist
+ if ! "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}" ; then
+ error "$(gettext "A specified local key could not be updated from a keyserver.")"
+ exit 1
+ fi
}
verify_sig() {
- "${GPG_PACMAN[@]}" --verify $SIGNATURE
+ if ! "${GPG_PACMAN[@]}" --verify $SIGNATURE ; then
+ error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE"
+ exit 1
+ fi
}
updatedb() {
msg "$(gettext "Updating trust database...")"
- "${GPG_PACMAN[@]}" --batch --check-trustdb
+ if ! "${GPG_PACMAN[@]}" --batch --check-trustdb ; then
+ error "$(gettext "Trust database could not be updated.")"
+ exit 1
+ fi
}
# PROGRAM START