Allow the commands to safely handle any possible arguments.
Signed-off-by: DJ Mills <[email protected]>
---
scripts/pacman-key.sh.in | 48 +++++++++++++++++++++++-----------------------
1 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 833943c..5ad83c3 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -78,7 +78,7 @@ get_from() {
reload_keyring() {
local PACMAN_SHARE_DIR='@prefix@/share/pacman'
- local GPG_NOKEYRING="gpg --batch --quiet --ignore-time-conflict
--no-options --no-default-keyring --homedir ${PACMAN_KEYRING_DIR}"
+ local GPG_NOKEYRING=(gpg --batch --quiet --ignore-time-conflict
--no-options --no-default-keyring --homedir "${PACMAN_KEYRING_DIR}")
# Variable used for iterating on keyrings
local key
@@ -97,7 +97,7 @@ reload_keyring() {
# Verify signatures of related files, if they exist
if [[ -r "${ADDED_KEYS}" ]]; then
msg "$(gettext "Verifying official keys file signature...")"
- if ! ${GPG_PACMAN} --quiet --batch --verify "${ADDED_KEYS}.sig"
1>/dev/null; then
+ if ! "${GPG_PACMAN[@]}" --quiet --batch --verify
"${ADDED_KEYS}.sig" 1>/dev/null; then
error "$(gettext "The signature of file %s is not
valid.")" "${ADDED_KEYS}"
exit 1
fi
@@ -105,7 +105,7 @@ reload_keyring() {
if [[ -r "${DEPRECATED_KEYS}" ]]; then
msg "$(gettext "Verifying deprecated keys file signature...")"
- if ! ${GPG_PACMAN} --quiet --batch --verify
"${DEPRECATED_KEYS}.sig" 1>/dev/null; then
+ if ! "${GPG_PACMAN[@]}" --quiet --batch --verify
"${DEPRECATED_KEYS}.sig" 1>/dev/null; then
error "$(gettext "The signature of file %s is not
valid.")" "${DEPRECATED_KEYS}"
exit 1
fi
@@ -113,7 +113,7 @@ reload_keyring() {
if [[ -r "${REMOVED_KEYS}" ]]; then
msg "$(gettext "Verifying deleted keys file signature...")"
- if ! ${GPG_PACMAN} --quiet --batch --verify
"${REMOVED_KEYS}.sig"; then
+ if ! "${GPG_PACMAN[@]}" --quiet --batch --verify
"${REMOVED_KEYS}.sig"; then
error "$(gettext "The signature of file %s is not
valid.")" "${REMOVED_KEYS}"
exit 1
fi
@@ -126,7 +126,7 @@ reload_keyring() {
if [[ -r "${REMOVED_KEYS}" ]]; then
while read key; do
local key_values name
- key_values=$(${GPG_PACMAN} --quiet --with-colons
--list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')
+ key_values=$("${GPG_PACMAN[@]}" --quiet --with-colons
--list-key "${key}" | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')
if [[ -n $key_values ]]; then
# The first word is the key_id
key_id=${key_values%% *}
@@ -146,7 +146,7 @@ reload_keyring() {
# Remove the keys that must be kept from the set of keys that should be
removed
if [[ -n ${HOLD_KEYS} ]]; then
for key in ${HOLD_KEYS}; do
- key_id=$(${GPG_PACMAN} --quiet --with-colons --list-key
"${key}" | grep ^pub | cut -d: -f5)
+ key_id=$("${GPG_PACMAN[@]}" --quiet --with-colons
--list-key "${key}" | grep ^pub | cut -d: -f5)
if [[ -n "${removed_ids[$key_id]}" ]]; then
unset removed_ids[$key_id]
fi
@@ -157,22 +157,22 @@ reload_keyring() {
# be updated automatically.
if [[ -r "${ADDED_KEYS}" ]]; then
msg "$(gettext "Appending official keys...")"
- local add_keys=$(${GPG_NOKEYRING} --keyring "${ADDED_KEYS}"
--with-colons --list-keys | grep ^pub | cut -d: -f5)
+ local add_keys=$("${GPG_NOKEYRING[@]}" --keyring
"${ADDED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)
for key_id in ${add_keys}; do
# There is no point in adding a key that will be
deleted right after
if [[ -z "${removed_ids[$key_id]}" ]]; then
- ${GPG_NOKEYRING} --keyring "${ADDED_KEYS}"
--export "${key_id}" | ${GPG_PACMAN} --import
+ "${GPG_NOKEYRING[@]}" --keyring "${ADDED_KEYS}"
--export "${key_id}" | "${GPG_PACMAN[@]}" --import
fi
done
fi
if [[ -r "${DEPRECATED_KEYS}" ]]; then
msg "$(gettext "Appending deprecated keys...")"
- local add_keys=$(${GPG_NOKEYRING} --keyring
"${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)
+ local add_keys=$("${GPG_NOKEYRING[@]}" --keyring
"${DEPRECATED_KEYS}" --with-colons --list-keys | grep ^pub | cut -d: -f5)
for key_id in ${add_keys}; do
# There is no point in adding a key that will be
deleted right after
if [[ -z "${removed_ids[$key_id]}" ]]; then
- ${GPG_NOKEYRING} --keyring "${DEPRECATED_KEYS}"
--export "${key_id}" | ${GPG_PACMAN} --import
+ "${GPG_NOKEYRING[@]}" --keyring
"${DEPRECATED_KEYS}" --export "${key_id}" | "${GPG_PACMAN[@]}" --import
fi
done
fi
@@ -182,13 +182,13 @@ reload_keyring() {
msg "$(gettext "Removing deleted keys from keyring...")"
for key_id in "${!removed_ids[@]}"; do
echo " removing key $key_id - ${removed_ids[$key_id]}"
- ${GPG_PACMAN} --quiet --batch --yes --delete-key
"${key_id}"
+ "${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key
"${key_id}"
done
fi
# Update trustdb, just to be sure
msg "$(gettext "Updating trust database...")"
- ${GPG_PACMAN} --batch --check-trustdb
+ "${GPG_PACMAN[@]}" --batch --check-trustdb
}
# PROGRAM START
@@ -229,7 +229,7 @@ fi
if [[ GPGDIR=$(get_from "$CONFIG" "GPGDir") == 0 ]]; then
PACMAN_KEYRING_DIR="${GPGDIR}"
fi
-GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR} --no-permission-warning"
+GPG_PACMAN=(gpg --homedir "${PACMAN_KEYRING_DIR}" --no-permission-warning)
# Try to create $PACMAN_KEYRING_DIR if non-existent
# Check for simple existence rather than for a directory as someone may want
@@ -247,29 +247,29 @@ shift
case "${command}" in
-a|--add)
# If there is no extra parameter, gpg will read stdin
- ${GPG_PACMAN} --quiet --batch --import "$@"
+ "${GPG_PACMAN[@]}" --quiet --batch --import "$@"
;;
-d|--del)
if (( $# == 0 )); then
error "$(gettext "You need to specify at least one key
identifier")"
exit 1
fi
- ${GPG_PACMAN} --quiet --batch --delete-key --yes "$@"
+ "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "$@"
;;
-u|--updatedb)
- ${GPG_PACMAN} --batch --check-trustdb
+ "${GPG_PACMAN[@]}" --batch --check-trustdb
;;
--reload)
reload_keyring
;;
-l|--list)
- ${GPG_PACMAN} --batch --list-sigs "$@"
+ "${GPG_PACMAN[@]}" --batch --list-sigs "$@"
;;
-f|--finger)
- ${GPG_PACMAN} --batch --fingerprint "$@"
+ "${GPG_PACMAN[@]}" --batch --fingerprint "$@"
;;
-e|--export)
- ${GPG_PACMAN} --armor --export "$@"
+ "${GPG_PACMAN[@]}" --armor --export "$@"
;;
-r|--receive)
if (( $# < 2 )); then
@@ -278,7 +278,7 @@ case "${command}" in
fi
keyserver="$1"
shift
- ${GPG_PACMAN} --keyserver "${keyserver}" --recv-keys "$@"
+ "${GPG_PACMAN[@]}" --keyserver "${keyserver}" --recv-keys "$@"
;;
-t|--trust)
if (( $# == 0 )); then
@@ -287,8 +287,8 @@ case "${command}" in
fi
while (( $# > 0 )); do
# Verify if the key exists in pacman's keyring
- if ${GPG_PACMAN} --list-keys "$1" > /dev/null 2>&1; then
- ${GPG_PACMAN} --edit-key "$1"
+ if "${GPG_PACMAN[@]}" --list-keys "$1" > /dev/null
2>&1; then
+ "${GPG_PACMAN[@]}" --edit-key "$1"
else
error "$(gettext "The key identified by %s
doesn't exist")" "$1"
exit 1
@@ -297,8 +297,8 @@ case "${command}" in
done
;;
--adv)
- msg "$(gettext "Executing: %s ")$*" "${GPG_PACMAN}"
- ${GPG_PACMAN} "$@" || ret=$?
+ msg "$(gettext "Executing: %s ")$*" ""${GPG_PACMAN[@]}""
+ "${GPG_PACMAN[@]}" "$@" || ret=$?
exit $ret
;;
-h|--help)
--
1.7.6
