Currently, pacman-key allows the user to import their keys using the --add option. However, no similar functionality exists for importing ownertrust values.
The --import-trustdb option takes a list of directories and imports ownertrust values if the directories have a trustdb.gpg database. The --import option takes a list of directories and imports keys from pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination of --add and --import-trustdb Signed-off-by: Pang Yan Han <[email protected]> --- NOTE: To be applied on top of allan/working There is an issue with this patch and pacman -U See http://mailman.archlinux.org/pipermail/pacman-dev/2011-July/013780.html for more info. doc/pacman-key.8.txt | 7 +++++++ scripts/pacman-key.sh.in | 36 +++++++++++++++++++++++++++++++++--- 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index cf72b83..6314287 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -60,6 +60,13 @@ Options *-h, \--help*:: Output syntax and command line options. +*\--import* <dir(s)>:: + Adds keys from pubring.gpg into pacman's keyring and imports ownertrust + values from trustdb.gpg in the specified directories. + +*\--import-trustdb* <dir(s)>:: + Imports ownertrust values from trustdb.gpg in the specified directories. + *--init*:: Ensure the keyring is properly initialized and has the required access permissions. diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index cb108ac..91c3d87 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -32,6 +32,8 @@ DELETE=0 EDITKEY=0 EXPORT=0 FINGER=0 +IMPORT=0 +IMPORT_TRUSTDB=0 INIT=0 LIST=0 RECEIVE=0 @@ -66,6 +68,8 @@ usage() { echo "$(gettext " --edit-key <keyid(s)> Present a menu for key management task on keyids")" echo "$(gettext " --gpgdir <dir> Set an alternate directory for gnupg")" printf "$(gettext " (instead of '%s')")\n" "@sysconfdir@/pacman.d/gnupg" + echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")" + echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")" echo "$(gettext " --init Ensure the keyring is properly initialized")" echo "$(gettext " --reload Reload the default keys")" } @@ -278,6 +282,27 @@ edit_keys() { done } +import_trustdb() { + local importdir + for importdir in "${IMPORT_DIRS[@]}"; do + if [[ -f "${importdir}/trustdb.gpg" ]]; then + gpg --homedir "${importdir}" --export-ownertrust | ${GPG_PACMAN} --import-ownertrust + fi + done +} + +import() { + local importdir + for importdir in "${IMPORT_DIRS[@]}"; do + if [[ -f "${importdir}/trustdb.gpg" ]]; then + import_trustdb "${import_dir}" + fi + if [[ -f "${importdir}/pubring.gpg" ]]; then + ${GPG_PACMAN} --quiet --batch --import "${importdir}/pubring.gpg" + fi + done +} + # PROGRAM START if ! type gettext &>/dev/null; then gettext() { @@ -287,7 +312,8 @@ fi OPT_SHORT="a::d:e:f::hlr:uv:V" OPT_LONG="add::,config:,delete:,edit-key:,export::,finger::,gpgdir:" -OPT_LONG+=",help,init,list,receive:,reload,updatedb,verify:,version" +OPT_LONG+=",help,import:,import-trustdb:,init,list,receive:,reload,updatedb" +OPT_LONG+=",verify:,version" if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then echo; usage; exit 1 # E_INVALID_OPTION; fi @@ -308,6 +334,8 @@ while true; do -e|--export) EXPORT=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;; -f|--finger) FINGER=1; [[ -n $2 && ${2:0:1} != "-" ]] && shift && KEYIDS=($1) ;; --gpgdir) shift; PACMAN_KEYRING_DIR=$1 ;; + --import) IMPORT=1; shift; IMPORT_DIRS=($1) ;; + --import-trustdb) IMPORT_TRUSTDB=1; shift; IMPORT_DIRS=($1) ;; --init) INIT=1 ;; -l|--list) LIST=1 ;; -r|--receive) RECEIVE=1; shift; KEYSERVER="${1[0]}"; KEYIDS=("${1[@]:1}") ;; @@ -330,7 +358,7 @@ if ! type -p gpg >/dev/null; then exit 1 fi -if (( (ADD || DELETE || EDITKEY || INIT || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then +if (( (ADD || DELETE || EDITKEY || IMPORT || IMPORT_TRUSTDB || INIT || RECEIVE || RELOAD || UPDATEDB) && EUID != 0 )); then error "$(gettext "%s needs to be run as root for this operation.")" "pacman-key" exit 1 fi @@ -348,7 +376,7 @@ PACMAN_KEYRING_DIR=${PACMAN_KEYRING_DIR:-$(get_from "$CONFIG" "GPGDir" || echo " GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning" # check only a single operation has been given -numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + INIT + LIST + RECEIVE + RELOAD + UPDATEBD + VERIFY )) +numopt=$(( ADD + DELETE + EDITKEY + EXPORT + FINGER + IMPORT + IMPORT_TRUSTDB + INIT + LIST + RECEIVE + RELOAD + UPDATEBD + VERIFY )) if (( ! numopt )); then error "$(gettext "No operations specified")" @@ -370,6 +398,8 @@ fi (( EDITKEY )) && edit_keys (( EXPORT )) && ${GPG_PACMAN} --armor --export "${KEYIDS[@]}" (( FINGER )) && ${GPG_PACMAN} --batch --fingerprint "${KEYIDS[@]}" +(( IMPORT )) && import +(( IMPORT_TRUSTDB)) && import_trustdb (( INIT )) && initialize (( LIST )) && ${GPG_PACMAN} --batch --list-sigs "${KEYIDS[@]}" (( RECEIVE )) && receive_keys -- 1.7.6.132.g8b11f
