There may be some situations when one needs to specify a different key from user's default. The option -k or --signwithkey accepts a key identifier and uses that in the signing command.
Signed-off-by: Denis A. Altoé Falqueto <[email protected]> --- There was a different version of this patch sent some time ago. For some reason, just the part for makepkg was merged. So, now I'm sending a little better version for repo-add/remove. scripts/repo-add.sh.in | 36 ++++++++++++++++++++++++++++-------- 1 files changed, 28 insertions(+), 8 deletions(-) diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index cb545f3..7b9e85f 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -66,7 +66,8 @@ usage() { cmd="$(basename $0)" printf "%s (pacman) %s\n\n" "$cmd" "$myver" if [[ $cmd == "repo-add" ]] ; then - printf "$(gettext "Usage: repo-add [-d] [-f] [-q] [-s] [-v] <path-to-db> <package|delta> ...\n")" + printf "$(gettext "Usage: repo-add [-d] [-f] [-q] [-s [-k|--signwithkey key]]\n")" + printf "$(gettext " [-v] <path-to-db> <package|delta> ...\n")" printf "$(gettext "\ repo-add will update a package database by reading a package file.\n\ Multiple packages to add can be specified on the command line.\n\n")" @@ -74,16 +75,18 @@ Multiple packages to add can be specified on the command line.\n\n")" printf "$(gettext " -d, --delta generate and add delta for package update\n")" printf "$(gettext " -f, --files update database's file list\n")" elif [[ $cmd == "repo-remove" ]] ; then - printf "$(gettext "Usage: repo-remove [-q] [-s] [-v] <path-to-db> <packagename|delta> ...\n\n")" + printf "$(gettext "Usage: repo-remove [-q] [-s [-k|--signwithkey key]]\n")" + printf "$(gettext " [-v] <path-to-db> <packagename|delta> ...\n\n")" printf "$(gettext "\ repo-remove will update a package database by removing the package name\n\ specified on the command line from the given repo database. Multiple\n\ packages to remove can be specified on the command line.\n\n")" printf "$(gettext "Options:\n")" fi - printf "$(gettext " -q, --quiet minimize output\n")" - printf "$(gettext " -s, --sign sign database with GnuPG after update\n")" - printf "$(gettext " -v, --verify verify database's signature before update\n")" + printf "$(gettext " -q, --quiet minimize output\n")" + printf "$(gettext " -s, --sign sign database with GnuPG after update\n")" + printf "$(gettext " -k, --signwithkey <key> use the specified key to sign the repository\n")" + printf "$(gettext " -v, --verify verify database's signature before update\n")" printf "$(gettext "\n\ See %s(8) for more details and descriptions of the available options.\n\n")" $cmd if [[ $cmd == "repo-add" ]] ; then @@ -204,7 +207,13 @@ create_signature() { error "$(gettext "Cannot find the gpg binary! Is gnupg installed?")" exit 1 # $E_MISSING_PROGRAM fi - gpg --detach-sign --use-agent "$dbfile" || ret=$? + + # Check if SIGNKEY is valid. + local SIGNWITHKEY="" + if [[ "${SIGNKEY}" ]]; then + SIGNWITHKEY="-u ${SIGNKEY}" + fi + gpg --detach-sign ${SIGNWITHKEY} "$dbfile" || ret=$? if (( ! ret )); then msg2 "$(gettext "Created signature file %s.")" "$dbfile.sig" else @@ -226,7 +235,7 @@ verify_signature() { warning "$(gettext "No existing signature found, skipping verification.")" return fi - gpg --verify "$dbfile.sig" || ret=$? + gpg --verify "$dbfile.sig" &>/dev/null || ret=$? if (( ! ret )); then msg2 "$(gettext "Database signature file verified.")" else @@ -542,12 +551,22 @@ trap 'trap_exit "$(gettext "An unknown error has occured. Exiting...")"' ERR success=0 # parse arguments -for arg in "$@"; do +while [[ $# > 0 ]]; do + arg="$1" case "$arg" in -q|--quiet) QUIET=1;; -d|--delta) DELTA=1;; -f|--files) WITHFILES=1;; -s|--sign) SIGN=1;; + -k|--signwithkey) + shift + SIGNKEY="$1" + # Check if key exists, to stop as early as possible + if ! gpg --list-key "${SIGNKEY}" &>/dev/null; then + error "$(gettext "The key ${SIGNKEY} doesnn't exist.")" + exit 1 + fi + ;; -v|--verify) VERIFY=1;; *) if [[ -z $REPO_DB_FILE ]]; then @@ -562,6 +581,7 @@ for arg in "$@"; do fi ;; esac + shift done # if at least one operation was a success, re-zip database -- 1.7.4.2
