---
scripts/makepkg.sh.in | 6 +++---
scripts/repo-add.sh.in | 23 ++++++++++++++++++++---
2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index b0d0c23..95f541f 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1625,7 +1625,7 @@ usage() {
printf "$(gettext " --nocheck Do not run the check() function
in the %s")\n" "$BUILDSCRIPT"
echo "$(gettext " --nosign Do not create a signature for the
package")"
echo "$(gettext " --pkg <list> Only build listed packages from a
split package")"
- echo "$(gettext " --sign Sign the resulting package with
gpg")"
+ echo "$(gettext " -S, --sign Sign the resulting package with
gpg")"
echo "$(gettext " --skipinteg Do not fail when integrity checks
are missing")"
echo "$(gettext " --source Generate a source-only tarball
without downloaded sources")"
echo
@@ -1659,7 +1659,7 @@ fi
ARGLIST=("$@")
# Parse Command Line Options.
-OPT_SHORT="AcCdefFghiLmop:rRsV"
+OPT_SHORT="AcCdefFghiLmop:rRsSV"
OPT_LONG="allsource,asroot,ignorearch,check,clean,cleancache,nodeps"
OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver"
OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps"
@@ -1708,7 +1708,7 @@ while true; do
-r|--rmdeps) RMDEPS=1 ;;
-R|--repackage) REPKG=1 ;;
--skipinteg) SKIPINTEG=1 ;;
- --sign) SIGNPKG='y' ;;
+ -S|--sign) SIGNPKG='y' ;;
--source) SOURCEONLY=1 ;;
-s|--syncdeps) DEP_BIN=1 ;;
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 820db36..f00b519 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -26,6 +26,8 @@ export TEXTDOMAINDIR='@localedir@'
myver='@PACKAGE_VERSION@'
confdir='@sysconfdir@'
+GPGDIR='@sysconfdir@/pacman.d/gnupg'
+
QUIET=0
DELTA=0
WITHFILES=0
@@ -80,8 +82,9 @@ specified on the command line from the given repo database.
Multiple\n\
packages to remove can be specified on the command line.\n\n")"
printf "$(gettext "Options:\n")"
fi
+ printf "$(gettext " --gpgdir <dir> use the specified GnuPG home
directory\n")"
printf "$(gettext " -q, --quiet minimize output\n")"
- printf "$(gettext " -s, --sign sign database with GnuPG after
update\n")"
+ printf "$(gettext " -S, --sign sign database with GnuPG after
update\n")"
printf "$(gettext " -k, --key <key> use the specified key to sign
the database\n")"
printf "$(gettext " -v, --verify verify database's signature
before update\n")"
printf "$(gettext "\n\
@@ -231,7 +234,12 @@ verify_signature() {
warning "$(gettext "No existing signature found, skipping
verification.")"
return
fi
- gpg --verify "$dbfile.sig" || ret=$?
+ # unlike signing, verification of old database is done with pacman's
keyring
+ if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then
+ error "$(gettext "${GPGDIR} is not a properly initialized GnuPG
home directory.")"
+ exit 1
+ fi
+ gpg --homedir "$GPGDIR" --verify "$dbfile.sig" || ret=$?
if (( ! ret )); then
msg2 "$(gettext "Database signature file verified.")"
else
@@ -552,7 +560,16 @@ while [[ $# > 0 ]]; do
-q|--quiet) QUIET=1;;
-d|--delta) DELTA=1;;
-f|--files) WITHFILES=1;;
- -s|--sign)
+ --gpgdir)
+ check_gpg
+ shift
+ GPGDIR="$1"
+ if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null;
then
+ error "$(gettext "${GPGDIR} is not a properly
initialized GnuPG home directory.")"
+ exit 1
+ fi
+ ;;
+ -S|--sign)
check_gpg
SIGN=1
if ! gpg --list-key ${GPGKEY} &>/dev/null; then
--
1.7.5.2
