summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--scripts/pacman-key.sh.in34
1 files changed, 13 insertions, 21 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 39da83da..72614c6e 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -275,22 +275,14 @@ populate_keyring() {
# Read the revoked key IDs to an array. The conversion from whatever is inside the file
# to key ids is important, because key ids are the only guarantee of identification
# for the keys.
- local -A removed_ids
+ local -A revoked_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then
while read key; do
- local key_values name
- # extract key ID (field 5) and the name of owner (field 10)
- key_values="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')"
- if [[ -n $key_values ]]; then
- # The first word is the key_id
- key_id="${key_values%% *}"
- # the rest is the name of the owner
- name="${key_values#* }"
- if [[ -n ${key_id} ]]; then
- # Mark this key to be deleted
- removed_ids[$key_id]="$name"
- fi
+ key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
+ if [[ -n ${key_id} ]]; then
+ # Mark this key to be disabled
+ revoked_ids[$key_id]="${keyring}"
fi
done < "${KEYRING_IMPORT_DIR}/${keyring}-revoked"
fi
@@ -300,19 +292,19 @@ populate_keyring() {
# of keys to be removed
if [[ -f "${PACMAN_KEYRING_DIR}/holdkeys" ]]; then
while read key; do
- key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)"
- if [[ -n "${removed_ids[$key_id]}" ]]; then
- unset removed_ids[$key_id]
+ key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
+ if [[ -n "${revoked_ids[$key_id]}" ]]; then
+ unset revoked_ids[$key_id]
fi
done < "${PACMAN_KEYRING_DIR}/holdkeys"
fi
# Remove the keys not marked to keep
- if (( ${#removed_ids[@]} > 0 )); then
- msg "$(gettext "Removing revoked keys from keyring...")"
- for key_id in "${!removed_ids[@]}"; do
- echo " removing key $key_id - ${removed_ids[$key_id]}"
- "${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}"
+ if (( ${#revoked_ids[@]} > 0 )); then
+ msg "$(gettext "Disabling revoked keys in keyring...")"
+ for key_id in "${!revoked_ids[@]}"; do
+ msg2 "$(gettext "Disabling key %s...")" "${key_id}"
+ printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
done
fi
}