From ae20f8820278d285400afb7c3b7f2ba3c789c61a Mon Sep 17 00:00:00 2001 From: "Denis A. Altoé Falqueto" Date: Thu, 16 Sep 2010 00:40:35 -0300 Subject: pacman-key: keyring management tool MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The script pacman-key will manage pacman's keyring. It imports, exports, fetches from keyservers, helps in the process of trusting and updates the trust database. Signed-off-by: Denis A. Altoé Falqueto Signed-off-by: Allan McRae --- scripts/.gitignore | 1 + scripts/Makefile.am | 3 + scripts/pacman-key.sh.in | 274 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 278 insertions(+) create mode 100644 scripts/pacman-key.sh.in diff --git a/scripts/.gitignore b/scripts/.gitignore index fe4616f2..927b14c8 100644 --- a/scripts/.gitignore +++ b/scripts/.gitignore @@ -5,3 +5,4 @@ rankmirrors repo-add repo-remove pkgdelta +pacman-key diff --git a/scripts/Makefile.am b/scripts/Makefile.am index ae6ce366..7c64e81c 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -8,6 +8,7 @@ bin_SCRIPTS = \ OURSCRIPTS = \ makepkg \ pacman-db-upgrade \ + pacman-key \ pacman-optimize \ pkgdelta \ rankmirrors \ @@ -16,6 +17,7 @@ OURSCRIPTS = \ EXTRA_DIST = \ makepkg.sh.in \ pacman-db-upgrade.sh.in \ + pacman-key.sh.in \ pacman-optimize.sh.in \ pkgdelta.sh.in \ rankmirrors.sh.in \ @@ -64,6 +66,7 @@ $(OURSCRIPTS): Makefile makepkg: $(srcdir)/makepkg.sh.in pacman-db-upgrade: $(srcdir)/pacman-db-upgrade.sh.in +pacman-key: ${srcdir}/pacman-key.sh.in pacman-optimize: $(srcdir)/pacman-optimize.sh.in pkgdelta: $(srcdir)/pkgdelta.sh.in rankmirrors: $(srcdir)/rankmirrors.sh.in diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in new file mode 100644 index 00000000..3efcb177 --- /dev/null +++ b/scripts/pacman-key.sh.in @@ -0,0 +1,274 @@ +#!@BASH_SHELL@ -e +# +# pacman-key - manages pacman's keyring +# Based on apt-key, from Debian +# @configure_input@ +# +# Copyright (c) 2010 - Pacman Development Team +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# gettext initialization +export TEXTDOMAIN='pacman' +export TEXTDOMAINDIR='@localedir@' + +myver="@PACKAGE_VERSION@" + +msg() { + local mesg=$1; shift + printf "==> ${mesg}\n" "$@" >&1 +} + +msg2() { + (( QUIET )) && return + local mesg=$1; shift + printf " -> ${mesg}\n" "$@" >&1 +} + +warning() { + local mesg=$1; shift + printf "==> $(gettext "WARNING:") ${mesg}\n" "$@" >&2 +} + +error() { + local mesg=$1; shift + printf "==> $(gettext "ERROR:") ${mesg}\n" "$@" >&2 +} + +usage() { + printf "pacman-key (pacman) %s\n" ${myver} + echo + printf "$(gettext "Usage: %s [options] command [arguments]")\n" $(basename $0) + echo + echo "$(gettext "Manage pacman's list of trusted keys")" + echo + echo "$(gettext "Options must be placed before commands. The available options are:")" + echo "$(gettext " --config - set an alternative configuration file to use. ")" + printf "$(gettext " Default is %s")\n" "@sysconfdir@/pacman.conf" + echo "$(gettext " --gpgdir - set an alternative home directory for gnupg. ")" + printf "$(gettext " Default is set in %s")\n" "@sysconfdir@/pacman.conf" + echo + echo "$(gettext "The available commands are:")" + echo "$(gettext " pacman-key -a | --add [] ... - add the key contained ")" + echo "$(gettext " in (empty for stdin)")" + echo "$(gettext " pacman-key -d | --del ... - remove the key ")" + echo "$(gettext " pacman-key -e | --export ... - output the key ")" + echo "$(gettext " pacman-key -r | --receive ... - fetch the keyids from")" + echo "$(gettext " the specified keyserver URL")" + echo "$(gettext " pacman-key -t | --trust ... - set the trust level of the given key")" + echo "$(gettext " pacman-key -u | --updatedb - update the trustdb of pacman")" + echo "$(gettext " pacman-key --reload - reloads the keys from the keyring package")" + echo "$(gettext " pacman-key -l | --list - list keys")" + echo "$(gettext " pacman-key -f | --finger [ ... - list fingerprint for specified keyids (or for all, if none is specified)")" + echo "$(gettext " pacman-key --adv - use pacman's keyring as target for advanced commands")" + echo "$(gettext " pacman-key -h | --help - displays this message")" + echo "$(gettext " pacman-key -v | --version - displays the current version")" +} + +version() { + printf "pacman-key (pacman) %s\n" "${myver}" + printf "$(gettext "\ +Copyright (c) 2010 Pacman Development Team .\n\ +This is free software; see the source for copying conditions.\n\ +There is NO WARRANTY, to the extent permitted by law.\n")" +} + +reload_keyring() { + local PACMAN_SHARE_DIR='@prefix@/share/pacman' + local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}" + + # Read-only keyring with keys to be added to the keyring + local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg" + + # Read-only list of keys removed from the keyring. + local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys" + + # Add keys from the current set of keys from pacman-keyring package. The web of trust will + # be updated automatically. + if [[ -r "${ADDED_KEYS}" ]]; then + msg "$(gettext "Verifying official keys file signature...")" + if ! ${GPG_PACMAN} --quiet --verify "${ADDED_KEYS}.sig" 1>/dev/null; then + error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}" + exit 1 + fi + + msg "$(gettext "Appending official keys...")" + local add_keys=$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + for key in ${add_keys}; do + msg "$(gettext " key id: %s")" "$key" + ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key}" | ${GPG_PACMAN} --import + done + fi + + # Remove the keys from REMOVED_KEYS keyring + if [[ -r "${REMOVED_KEYS}" ]]; then + msg "$(gettext "Verifying deleted keys file signature...")" + if ! ${GPG_PACMAN} --quiet --verify "${REMOVED_KEYS}.sig"; then + error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}" + exit 1 + fi + + msg "$(gettext "Removing deleted keys from keyring...")" + cat "${REMOVED_KEYS}" | while read key; do + msg "$(gettext " key id: %s")" "$key" + ${GPG_PACMAN} --quiet --batch --yes --delete-key "${key}" + done + fi + + # Update trustdb, just to be sure + msg "$(gettext "Updating trust database...")" + ${GPG_PACMAN} --batch --check-trustdb +} + +# PROGRAM START +if ! type gettext &>/dev/null; then + gettext() { + echo "$@" + } +fi + +if [[ $1 != "--version" && $1 != "-v" && $1 != "--help" && $1 != "-h" ]]; then + if type -p gpg >/dev/null 2>&1 = 1; then + error "$(gettext "gnupg does not seem to be installed.")" + msg2 "$(gettext "pacman-key requires gnupg for most operations.")" + exit 1 + elif (( EUID != 0 )); then + error "$(gettext "pacman-key needs to be run as root.")" + exit 1 + fi +fi + +# Parse global options +CONFIG="@sysconfdir@/pacman.conf" +PACMAN_KEYRING_DIR="@sysconfdir@/pacman.d/gnupg" +while [[ $1 =~ ^--(config|gpgdir)$ ]]; do + case "$1" in + --config) shift; CONFIG="$1" ;; + --gpgdir) shift; PACMAN_KEYRING_DIR="$1" ;; + esac + shift +done + +if [[ ! -r "${CONFIG}" ]]; then + error "$(gettext "It is not possible to read %s")" "${CONFIG}" + exit 1 +fi + +# Read GPGDIR from $CONFIG. +# The pattern is: any spaces or tabs, GPGDir, any spaces or tabs, equal sign +# and the rest of the line. The string is splitted after the first occurrence of = +if [[ GPGDIR=$(grep -e '^[[:blank:]]*GPGDir[[:blank:]]*=.*' "$CONFIG") == 0 ]]; then + GPGDIR=${GPGDIR#*=} + PACMAN_KEYRING_DIR="${GPGDIR}" +fi +GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR}" + +# Parse and execute command +command="$1" +if [[ -z "${command}" ]]; then + usage + exit 1 +fi +shift + +case "${command}" in + -a|--add) + if (( $# == 0 )); then + error "$(gettext "You need to specify at least one key identifier")" + usage + exit 1 + fi + while (( $# > 0 )); do + ${GPG_PACMAN} --quiet --batch --import "$1" + shift + done + ;; + -d|--del) + if (( $# == 0 )); then + error "$(gettext "You need to specify at least one key identifier")" + usage + exit 1 + fi + while (( $# > 0 )); do + ${GPG_PACMAN} --quiet --batch --delete-key --yes "$1" + shift + done + ;; + -u|--updatedb) + ${GPG_PACMAN} --batch --check-trustdb + ;; + --reload) + reload_keyring + ;; + -l|--list) + ${GPG_PACMAN} --batch --list-sigs + ;; + -f|--finger) + ${GPG_PACMAN} --batch --fingerprint $* + ;; + -e|--export) + if (( $# == 0 )); then + ${GPG_PACMAN} --armor --export + else + while (( $# > 0 )); do + ${GPG_PACMAN} --armor --export "$1" + shift + done + fi + ;; + -r|--receive) + if (( $# < 2 )); then + error "$(gettext "You need to specify the keyserver and at least one key identifier")" + usage + exit 1 + fi + keyserver="$1" + shift + ${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys $* + ;; + -t|--trust) + if (( $# == 0 )); then + error "$(gettext "You need to specify at least one key identifier")" + usage + exit 1 + fi + while (( $# > 0 )); do + # Verify if the key exists in pacman's keyring + if ${GPG_PACMAN} --list-keys "$1" > /dev/null 2>&1; then + ${GPG_PACMAN} --edit-key "$1" + else + error "$(gettext "The key identified by %s doesn't exist")" "$1" + exit 1 + fi + shift + done + ;; + --adv) + msg "$(gettext "Executing: %s ")$*" "${GPG_PACMAN}" + ${GPG_PACMAN} $* || ret=$? + exit $ret + ;; + --help) + usage + ;; + --version) + version + exit 0 + ;; + *) + usage + exit 1 + ;; +esac -- cgit v1.2.3-70-g09d2 From 422925a65efb2abcc6a3cac34f09de2dbf8664be Mon Sep 17 00:00:00 2001 From: "Denis A. Altoé Falqueto" Date: Thu, 7 Oct 2010 21:13:13 -0300 Subject: pacman-key: remake of --reload command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The --reload command was refactored to allow a more flexible management. There are two sets of keys that will be added, one that will be removed and one that will be kept. The set of keys to be kept are configured in pacman.conf, with the option HoldKeys, with the same meaning of HoldPkgs. It can be repeated and several values can be put in the same entry. The new behavior allows a key to be marked for removal, but the user can decide if that key must be kept. For example, if a developer has a public repository, signed with his own key, that key must be added to the HoldKeys option. If the key is marked for removal from pacman's keyring, it will not be removed for the users that have configured HoldKeys correctly. There are other minor fixes, mainly in the handling of --add command when there is no aditional parameter. In that case, pacman-key will behave just like gpg, adding the contents of stdin into pacman's keyring. Signed-off-by: Denis A. Altoé Falqueto --- scripts/pacman-key.sh.in | 141 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 99 insertions(+), 42 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 3efcb177..0f558a9c 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -85,45 +85,120 @@ This is free software; see the source for copying conditions.\n\ There is NO WARRANTY, to the extent permitted by law.\n")" } +find_config() { + # Prints on stdin the values of all the options from the configuration file that + # are associated with the first parameter of this function. + # The option names are stripped + grep -e "^[[:blank:]]*$1[[:blank:]]*=.*" "$CONFIG" | cut -d= -f 2- +} + reload_keyring() { local PACMAN_SHARE_DIR='@prefix@/share/pacman' local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict --no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}" - # Read-only keyring with keys to be added to the keyring + # Variable used for iterating on keyrings + local key + local key_id + + # Keyring with keys to be added to the keyring local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg" - # Read-only list of keys removed from the keyring. + # Keyring with keys that were deprecated and will eventually be deleted + local DEPRECATED_KEYS="${PACMAN_SHARE_DIR}/deprecatedkeys.gpg" + + # List of keys removed from the keyring. This file is not a keyring, unlike the others. + # It is a textual list of values that gpg recogniezes as identifiers for keys. local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys" - # Add keys from the current set of keys from pacman-keyring package. The web of trust will - # be updated automatically. + # Verify signatures of related files, if they exist if [[ -r "${ADDED_KEYS}" ]]; then msg "$(gettext "Verifying official keys file signature...")" - if ! ${GPG_PACMAN} --quiet --verify "${ADDED_KEYS}.sig" 1>/dev/null; then + if ! ${GPG_PACMAN} --quiet --batch --verify "${ADDED_KEYS}.sig" 1>/dev/null; then error "$(gettext "The signature of file %s is not valid.")" "${ADDED_KEYS}" exit 1 fi + fi - msg "$(gettext "Appending official keys...")" - local add_keys=$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) - for key in ${add_keys}; do - msg "$(gettext " key id: %s")" "$key" - ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key}" | ${GPG_PACMAN} --import - done + if [[ -r "${DEPRECATED_KEYS}" ]]; then + msg "$(gettext "Verifying deprecated keys file signature...")" + if ! ${GPG_PACMAN} --quiet --batch --verify "${DEPRECATED_KEYS}.sig" 1>/dev/null; then + error "$(gettext "The signature of file %s is not valid.")" "${DEPRECATED_KEYS}" + exit 1 + fi fi - # Remove the keys from REMOVED_KEYS keyring if [[ -r "${REMOVED_KEYS}" ]]; then msg "$(gettext "Verifying deleted keys file signature...")" - if ! ${GPG_PACMAN} --quiet --verify "${REMOVED_KEYS}.sig"; then + if ! ${GPG_PACMAN} --quiet --batch --verify "${REMOVED_KEYS}.sig"; then error "$(gettext "The signature of file %s is not valid.")" "${REMOVED_KEYS}" exit 1 fi + fi + + # Read the key ids to an array. The conversion from whatever is inside the file + # to key ids is important, because key ids are the only guarantee of identification + # for the keys. + local -A removed_ids + if [[ -r "${REMOVED_KEYS}" ]]; then + while read key; do + local key_values name + key_values=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ') + if [[ -n $key_values ]]; then + # The first word is the key_id + key_id=${key_values%% *} + # the rest if the name of the owner + name=${key_values#* } + if [[ -n ${key_id} ]]; then + # Mark this key to be deleted + removed_ids[$key_id]="$name" + fi + fi + done < "${REMOVED_KEYS}" + fi + + # List of keys that must be kept installed, even if in the list of keys to be removed + local HOLD_KEYS=$(find_config "HoldKeys") + + # Remove the keys that must be kept from the set of keys that should be removed + if [[ -n ${HOLD_KEYS} ]]; then + for key in ${HOLD_KEYS}; do + key_id=$(${GPG_PACMAN} --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5) + if [[ -n "${removed_ids[$key_id]}" ]]; then + unset removed_ids[$key_id] + fi + done + fi + + # Add keys from the current set of keys from pacman-keyring package. The web of trust will + # be updated automatically. + if [[ -r "${ADDED_KEYS}" ]]; then + msg "$(gettext "Appending official keys...")" + local add_keys=$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + for key_id in ${add_keys}; do + # There is no point in adding a key that will be deleted right after + if [[ -z "${removed_ids[$key_id]}" ]]; then + ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import + fi + done + fi + + if [[ -r "${DEPRECATED_KEYS}" ]]; then + msg "$(gettext "Appending deprecated keys...")" + local add_keys=$(${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5) + for key_id in ${add_keys}; do + # There is no point in adding a key that will be deleted right after + if [[ -z "${removed_ids[$key_id]}" ]]; then + ${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}" --export "${key_id}" | ${GPG_PACMAN} --import + fi + done + fi + # Remove the keys not marked to keep + if (( ${#removed_ids[@]} > 0 )); then msg "$(gettext "Removing deleted keys from keyring...")" - cat "${REMOVED_KEYS}" | while read key; do - msg "$(gettext " key id: %s")" "$key" - ${GPG_PACMAN} --quiet --batch --yes --delete-key "${key}" + for key_id in "${!removed_ids[@]}"; do + echo " removing key $key_id - ${removed_ids[$key_id]}" + ${GPG_PACMAN} --quiet --batch --yes --delete-key "${key_id}" done fi @@ -169,8 +244,7 @@ fi # Read GPGDIR from $CONFIG. # The pattern is: any spaces or tabs, GPGDir, any spaces or tabs, equal sign # and the rest of the line. The string is splitted after the first occurrence of = -if [[ GPGDIR=$(grep -e '^[[:blank:]]*GPGDir[[:blank:]]*=.*' "$CONFIG") == 0 ]]; then - GPGDIR=${GPGDIR#*=} +if [[ GPGDIR=$(find_config "GPGDir") == 0 ]]; then PACMAN_KEYRING_DIR="${GPGDIR}" fi GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR}" @@ -185,15 +259,8 @@ shift case "${command}" in -a|--add) - if (( $# == 0 )); then - error "$(gettext "You need to specify at least one key identifier")" - usage - exit 1 - fi - while (( $# > 0 )); do - ${GPG_PACMAN} --quiet --batch --import "$1" - shift - done + # If there is no extra parameter, gpg will read stdin + ${GPG_PACMAN} --quiet --batch --import "$@" ;; -d|--del) if (( $# == 0 )); then @@ -201,10 +268,7 @@ case "${command}" in usage exit 1 fi - while (( $# > 0 )); do - ${GPG_PACMAN} --quiet --batch --delete-key --yes "$1" - shift - done + ${GPG_PACMAN} --quiet --batch --delete-key --yes "$@" ;; -u|--updatedb) ${GPG_PACMAN} --batch --check-trustdb @@ -213,20 +277,13 @@ case "${command}" in reload_keyring ;; -l|--list) - ${GPG_PACMAN} --batch --list-sigs + ${GPG_PACMAN} --batch --list-sigs "$@" ;; -f|--finger) ${GPG_PACMAN} --batch --fingerprint $* ;; -e|--export) - if (( $# == 0 )); then - ${GPG_PACMAN} --armor --export - else - while (( $# > 0 )); do - ${GPG_PACMAN} --armor --export "$1" - shift - done - fi + ${GPG_PACMAN} --armor --export "$@" ;; -r|--receive) if (( $# < 2 )); then @@ -236,7 +293,7 @@ case "${command}" in fi keyserver="$1" shift - ${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys $* + ${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@" ;; -t|--trust) if (( $# == 0 )); then @@ -257,7 +314,7 @@ case "${command}" in ;; --adv) msg "$(gettext "Executing: %s ")$*" "${GPG_PACMAN}" - ${GPG_PACMAN} $* || ret=$? + ${GPG_PACMAN} "$@" || ret=$? exit $ret ;; --help) -- cgit v1.2.3-70-g09d2 From 5a89a12aa012ceb3ee03ad4ced8d8bde44176e6f Mon Sep 17 00:00:00 2001 From: Allan McRae Date: Thu, 25 Nov 2010 13:20:06 +1000 Subject: pacman-key: improve usage output Make the usage output display nicely on 80 character width terminals. Also fix parsing of "-h" and "-v" options and avoid root check when run with no commands. Signed-off-by: Allan McRae --- scripts/pacman-key.sh.in | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 0f558a9c..ccaf4b2a 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -61,20 +61,24 @@ usage() { printf "$(gettext " Default is set in %s")\n" "@sysconfdir@/pacman.conf" echo echo "$(gettext "The available commands are:")" - echo "$(gettext " pacman-key -a | --add [] ... - add the key contained ")" - echo "$(gettext " in (empty for stdin)")" - echo "$(gettext " pacman-key -d | --del ... - remove the key ")" - echo "$(gettext " pacman-key -e | --export ... - output the key ")" - echo "$(gettext " pacman-key -r | --receive ... - fetch the keyids from")" - echo "$(gettext " the specified keyserver URL")" - echo "$(gettext " pacman-key -t | --trust ... - set the trust level of the given key")" - echo "$(gettext " pacman-key -u | --updatedb - update the trustdb of pacman")" - echo "$(gettext " pacman-key --reload - reloads the keys from the keyring package")" - echo "$(gettext " pacman-key -l | --list - list keys")" - echo "$(gettext " pacman-key -f | --finger [ ... - list fingerprint for specified keyids (or for all, if none is specified)")" - echo "$(gettext " pacman-key --adv - use pacman's keyring as target for advanced commands")" - echo "$(gettext " pacman-key -h | --help - displays this message")" - echo "$(gettext " pacman-key -v | --version - displays the current version")" + echo "$(gettext " -a | --add [] ... - add the key contained in ")" + echo "$(gettext " (empty for stdin)")" + echo "$(gettext " -d | --del ... - remove the key ")" + echo "$(gettext " -e | --export ... - output the key ")" + echo "$(gettext " -f | --finger [] ... - list fingerprint for specified keyids")" + echo "$(gettext " (or for all, if no key is specified)")" + echo "$(gettext " -h | --help - displays this message")" + echo "$(gettext " -l | --list - list keys")" + echo "$(gettext " -r | --receive ... - fetch the keyids from the specified")" + echo "$(gettext " keyserver URL")" + echo "$(gettext " -t | --trust ... - set the trust level of the given key")" + echo "$(gettext " -u | --updatedb - update the trustdb of pacman")" + echo "$(gettext " -v | --version - displays the current version")" + echo "$(gettext " --adv - use pacman's keyring as target for")" + echo "$(gettext " advanced gpg commands")" + echo "$(gettext " --reload - reloads the keys supplied by your")" + printf "$(gettext " distribution in %s")"'@prefix@/share/pacman' + echo } version() { @@ -214,7 +218,7 @@ if ! type gettext &>/dev/null; then } fi -if [[ $1 != "--version" && $1 != "-v" && $1 != "--help" && $1 != "-h" ]]; then +if [[ $1 != "--version" && $1 != "-v" && $1 != "--help" && $1 != "-h" && $1 != "" ]]; then if type -p gpg >/dev/null 2>&1 = 1; then error "$(gettext "gnupg does not seem to be installed.")" msg2 "$(gettext "pacman-key requires gnupg for most operations.")" @@ -317,10 +321,10 @@ case "${command}" in ${GPG_PACMAN} "$@" || ret=$? exit $ret ;; - --help) + -h | --help) usage ;; - --version) + -v | --version) version exit 0 ;; -- cgit v1.2.3-70-g09d2 From 482da2ecebaccd520a2934f853ed632d8a648b94 Mon Sep 17 00:00:00 2001 From: Guillaume Alaux Date: Sat, 20 Nov 2010 23:15:05 +1000 Subject: Add man-page for pacman-key Signed-off-by: Allan McRae --- doc/.gitignore | 1 + doc/Makefile.am | 4 +++ doc/pacman-key.8.txt | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 doc/pacman-key.8.txt diff --git a/doc/.gitignore b/doc/.gitignore index a6f4df7f..4c4e158d 100644 --- a/doc/.gitignore +++ b/doc/.gitignore @@ -3,6 +3,7 @@ libalpm.3 makepkg.8 makepkg.conf.5 pacman.8 +pacman-key.8 pacman.conf.5 repo-add.8 repo-remove.8 diff --git a/doc/Makefile.am b/doc/Makefile.am index 00a0e88d..ed9bb000 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -8,6 +8,7 @@ ASCIIDOC_MANS = \ makepkg.8 \ repo-add.8 \ vercmp.8 \ + pacman-key.8 \ PKGBUILD.5 \ makepkg.conf.5 \ pacman.conf.5 \ @@ -20,6 +21,7 @@ HTML_MANPAGES = \ makepkg.8.html \ repo-add.8.html \ vercmp.8.html \ + pacman-key.8.html \ PKGBUILD.5.html \ makepkg.conf.5.html \ pacman.conf.5.html \ @@ -41,6 +43,7 @@ EXTRA_DIST = \ makepkg.8.txt \ repo-add.8.txt \ vercmp.8.txt \ + pacman-key.8.txt \ PKGBUILD.5.txt \ PKGBUILD-example.txt \ makepkg.conf.5.txt \ @@ -133,6 +136,7 @@ pacman.8 pacman.8.html: pacman.8.txt makepkg.8 makepkg.8.html: makepkg.8.txt repo-add.8 repo-add.8.html: repo-add.8.txt vercmp.8 vercmp.8.html: vercmp.8.txt +pacman-key.8 pacman-key.8.html: pacman-key.8.txt PKGBUILD.5 PKGBUILD.5.html: PKGBUILD.5.txt PKGBUILD-example.txt makepkg.conf.5 makepkg.conf.5.html: makepkg.conf.5.txt pacman.conf.5 pacman.conf.5.html: pacman.conf.5.txt diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt new file mode 100644 index 00000000..5ebbd0a2 --- /dev/null +++ b/doc/pacman-key.8.txt @@ -0,0 +1,76 @@ +///// +vim:set ts=4 sw=4 syntax=asciidoc noet: +///// +pacman-key(8) +============= + + +Name +---- +pacman-key - manage pacman's list of trusted keys + + +Synopsis +-------- +*pacman-key* [options] *command* ['arguments'] + + +Description +----------- +The script *pacman-key* manage *pacman*'s keyring, which is the collection of GnuPG keys used to check signed packages. +It provides the ability to import and export keys, fetch keys from keyservers and update the key trust database. + + +Options +------- +*\--config* 'file':: + Set an alternative configuration file to use (default is {sysconfdir}/pacman.conf) + +*\--gpgdir* 'directory':: + Set an alternative home directory for GnuPG (default is set in {sysconfdir}/pacman.conf) + + +Commands +------- +*-a*, *\--add* 'file ...':: + Add the key(s) contained in 'file'(s) to pacman's keyring. If a key already exists, update it. + +*\--adv* 'param ...':: + Use this option to issue particular GnuPG actions to pacman's keyring. This option should be used with care as it can modify pacman's trust in packages' signatures. + +*-d*, *\--del* 'keyid ...':: + Remove the key(s) identified by 'keyid'(s) from pacman's keyring + +*-e*, *\--export* ['keyid ...']:: + Export key(s) identified by 'keyid'(s) to STDOUT or all keys if no 'keyid' is specified + +*-f*, *\--finger* ['keyid ...']:: + List fingerprint(s) for specified 'keyid'(s) or for all if none is specified + +*\--help*:: + Display short usage instructions + +*-l*, *\--list*:: + Equivalent to --list-sigs from GnuPG + +*-r*, *\--receive* 'keyserver' 'keyid ...':: + Fetch the 'keyid'(s) from the specified 'keyserver' URL + +*\--reload*:: + Reloads the keys from the keyring package + +*-t*, *\--trust* 'keyid':: + Set the trust level of the given key + +*-u*, *\--updatedb*:: + Equivalent to \--check-trustdb in GnuPG + +*-v*, *\--version*:: + Displays the current version + + +See Also +-------- +linkman:pacman.conf[5] + +include::footer.txt[] -- cgit v1.2.3-70-g09d2 From 964e8c5bf231fb42a0de97108c0134d0079099ba Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Wed, 23 Mar 2011 01:24:28 -0500 Subject: pacman-key help, round three Make it actually like all our other tools rather than some homegrown format. Also make it translator friendly by not wrapping messages across lines in different strings. Signed-off-by: Dan McGee --- scripts/pacman-key.sh.in | 63 ++++++++++++++++++------------------------------ 1 file changed, 24 insertions(+), 39 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index ccaf4b2a..5746e64f 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -50,41 +50,34 @@ error() { usage() { printf "pacman-key (pacman) %s\n" ${myver} echo - printf "$(gettext "Usage: %s [options] command [arguments]")\n" $(basename $0) + printf "$(gettext "Usage: %s [options] [arguments]")\n" $(basename $0) echo echo "$(gettext "Manage pacman's list of trusted keys")" echo echo "$(gettext "Options must be placed before commands. The available options are:")" - echo "$(gettext " --config - set an alternative configuration file to use. ")" - printf "$(gettext " Default is %s")\n" "@sysconfdir@/pacman.conf" - echo "$(gettext " --gpgdir - set an alternative home directory for gnupg. ")" - printf "$(gettext " Default is set in %s")\n" "@sysconfdir@/pacman.conf" + printf "$(gettext " --config Use an alternate config file (instead of '%s')")\n" "$CONFIG" + echo "$(gettext " --gpgdir Set an alternate directory for gnupg")" echo echo "$(gettext "The available commands are:")" - echo "$(gettext " -a | --add [] ... - add the key contained in ")" - echo "$(gettext " (empty for stdin)")" - echo "$(gettext " -d | --del ... - remove the key ")" - echo "$(gettext " -e | --export ... - output the key ")" - echo "$(gettext " -f | --finger [] ... - list fingerprint for specified keyids")" - echo "$(gettext " (or for all, if no key is specified)")" - echo "$(gettext " -h | --help - displays this message")" - echo "$(gettext " -l | --list - list keys")" - echo "$(gettext " -r | --receive ... - fetch the keyids from the specified")" - echo "$(gettext " keyserver URL")" - echo "$(gettext " -t | --trust ... - set the trust level of the given key")" - echo "$(gettext " -u | --updatedb - update the trustdb of pacman")" - echo "$(gettext " -v | --version - displays the current version")" - echo "$(gettext " --adv - use pacman's keyring as target for")" - echo "$(gettext " advanced gpg commands")" - echo "$(gettext " --reload - reloads the keys supplied by your")" - printf "$(gettext " distribution in %s")"'@prefix@/share/pacman' + echo "$(gettext " -a, --add [] Add the specified keys (empty for stdin)")" + echo "$(gettext " -d, --del Remove the specified keyids")" + echo "$(gettext " -e, --export Export the specified keyids")" + echo "$(gettext " -f, --finger [] List fingerprint for specified or all keyids")" + echo "$(gettext " -h, --help This help")" + echo "$(gettext " -l, --list List keys")" + echo "$(gettext " -r, --receive Fetch the specified keyids")" + echo "$(gettext " -t, --trust Set the trust level of the given keyids")" + echo "$(gettext " -u, --updatedb Update the trustdb of pacman")" + echo "$(gettext " -V, --version Show program version")" + echo "$(gettext " --adv Use pacman's keyring with advanced gpg commands")" + printf "$(gettext " --reload Reload the default keys")" echo } version() { printf "pacman-key (pacman) %s\n" "${myver}" printf "$(gettext "\ -Copyright (c) 2010 Pacman Development Team .\n\ +Copyright (c) 2010-2011 Pacman Development Team .\n\ This is free software; see the source for copying conditions.\n\ There is NO WARRANTY, to the extent permitted by law.\n")" } @@ -218,7 +211,7 @@ if ! type gettext &>/dev/null; then } fi -if [[ $1 != "--version" && $1 != "-v" && $1 != "--help" && $1 != "-h" && $1 != "" ]]; then +if [[ $1 != "--version" && $1 != "-V" && $1 != "--help" && $1 != "-h" && $1 != "" ]]; then if type -p gpg >/dev/null 2>&1 = 1; then error "$(gettext "gnupg does not seem to be installed.")" msg2 "$(gettext "pacman-key requires gnupg for most operations.")" @@ -241,7 +234,7 @@ while [[ $1 =~ ^--(config|gpgdir)$ ]]; do done if [[ ! -r "${CONFIG}" ]]; then - error "$(gettext "It is not possible to read %s")" "${CONFIG}" + error "$(gettext "%s not found.")" "$CONFIG" exit 1 fi @@ -269,7 +262,6 @@ case "${command}" in -d|--del) if (( $# == 0 )); then error "$(gettext "You need to specify at least one key identifier")" - usage exit 1 fi ${GPG_PACMAN} --quiet --batch --delete-key --yes "$@" @@ -284,7 +276,7 @@ case "${command}" in ${GPG_PACMAN} --batch --list-sigs "$@" ;; -f|--finger) - ${GPG_PACMAN} --batch --fingerprint $* + ${GPG_PACMAN} --batch --fingerprint "$@" ;; -e|--export) ${GPG_PACMAN} --armor --export "$@" @@ -292,7 +284,6 @@ case "${command}" in -r|--receive) if (( $# < 2 )); then error "$(gettext "You need to specify the keyserver and at least one key identifier")" - usage exit 1 fi keyserver="$1" @@ -302,7 +293,6 @@ case "${command}" in -t|--trust) if (( $# == 0 )); then error "$(gettext "You need to specify at least one key identifier")" - usage exit 1 fi while (( $# > 0 )); do @@ -321,15 +311,10 @@ case "${command}" in ${GPG_PACMAN} "$@" || ret=$? exit $ret ;; - -h | --help) - usage - ;; - -v | --version) - version - exit 0 - ;; + -h|--help) + usage; exit 0 ;; + -V|--version) + version; exit 0 ;; *) - usage - exit 1 - ;; + usage; exit 1 ;; esac -- cgit v1.2.3-70-g09d2 From b625d03dd689faa598b1427677f9308f516d6946 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Wed, 23 Mar 2011 01:53:44 -0500 Subject: pacman-key manpage updates Make consistent in formatting, syntax, and prose with the rest of our documentation. Signed-off-by: Dan McGee --- doc/index.txt | 1 + doc/pacman-key.8.txt | 71 +++++++++++++++++++++++++++++----------------------- 2 files changed, 41 insertions(+), 31 deletions(-) diff --git a/doc/index.txt b/doc/index.txt index 0d855bdf..3703421c 100644 --- a/doc/index.txt +++ b/doc/index.txt @@ -41,6 +41,7 @@ configuration files dealing with pacman. * linkman:makepkg[8] * linkman:makepkg.conf[5] * linkman:pacman[8] +* linkman:pacman-key[8] * linkman:pacman.conf[5] * linkman:repo-add[8] * linkman:vercmp[8] diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index 5ebbd0a2..9bd135ce 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -12,65 +12,74 @@ pacman-key - manage pacman's list of trusted keys Synopsis -------- -*pacman-key* [options] *command* ['arguments'] +'pacman-key' [options] [arguments] Description ----------- -The script *pacman-key* manage *pacman*'s keyring, which is the collection of GnuPG keys used to check signed packages. -It provides the ability to import and export keys, fetch keys from keyservers and update the key trust database. +pacman-key is a script used to manage pacman's keyring, which is the collection +of GnuPG keys used to check signed packages. It provides the ability to import +and export keys, fetch keys from keyservers and update the key trust database. Options ------- -*\--config* 'file':: - Set an alternative configuration file to use (default is {sysconfdir}/pacman.conf) +*\--config* :: + Use an alternate config file instead of the `{sysconfdir}/pacman.conf` + default. -*\--gpgdir* 'directory':: - Set an alternative home directory for GnuPG (default is set in {sysconfdir}/pacman.conf) +*\--gpgdir* :: + Set an alternate home directory for GnuPG. If unspecified, the value is + read from `{sysconfdir}/pacman.conf`. Commands ------- -*-a*, *\--add* 'file ...':: - Add the key(s) contained in 'file'(s) to pacman's keyring. If a key already exists, update it. +*-a, \--add* file ...:: + Add the key(s) contained in the specified file or files to pacman's + keyring. If a key already exists, update it. -*\--adv* 'param ...':: - Use this option to issue particular GnuPG actions to pacman's keyring. This option should be used with care as it can modify pacman's trust in packages' signatures. +*\--adv* param ...:: + Use this option to issue particular GnuPG actions to pacman's keyring. This + option should be used with care as it can modify pacman's trust in + packages' signatures. -*-d*, *\--del* 'keyid ...':: - Remove the key(s) identified by 'keyid'(s) from pacman's keyring +*-d, \--del* keyid ...:: + Remove the key(s) identified by the specified keyid or keyids from pacman's + keyring. -*-e*, *\--export* ['keyid ...']:: - Export key(s) identified by 'keyid'(s) to STDOUT or all keys if no 'keyid' is specified +*-e, \--export* [keyid ...]:: + Export key(s) identified by the specified keyid to 'stdout'. If no keyid is + specified, all keys will be exported. -*-f*, *\--finger* ['keyid ...']:: - List fingerprint(s) for specified 'keyid'(s) or for all if none is specified +*-f, \--finger* [keyid ...]:: + List a fingerprint for each specified keyid, or for all known keys if no + keyids are specified. -*\--help*:: - Display short usage instructions +*-h, \--help*:: + Output syntax and command line options. -*-l*, *\--list*:: - Equivalent to --list-sigs from GnuPG +*-l, \--list*:: + Equivalent to --list-sigs from GnuPG. -*-r*, *\--receive* 'keyserver' 'keyid ...':: - Fetch the 'keyid'(s) from the specified 'keyserver' URL +*-r, \--receive* keyserver keyid ...:: + Fetch the specified keyids from the specified key server URL. *\--reload*:: - Reloads the keys from the keyring package + Reloads the keys from the keyring package. -*-t*, *\--trust* 'keyid':: - Set the trust level of the given key +*-t, \--trust* keyid:: + Set the trust level of the given key. -*-u*, *\--updatedb*:: - Equivalent to \--check-trustdb in GnuPG +*-u, \--updatedb*:: + Equivalent to \--check-trustdb in GnuPG. -*-v*, *\--version*:: - Displays the current version +*-v, \--version*:: + Displays the program version. See Also -------- -linkman:pacman.conf[5] +linkman:pacman[8], linkman:pacman.conf[5] include::footer.txt[] -- cgit v1.2.3-70-g09d2