On Sat, Mar 08, 2014 at 06:34:53PM +0100, Thomas Bächler wrote:
> Am 08.03.2014 18:20, schrieb Dave Reisner:
> >> + pubkey=$(grep VALIDSIG "$statusfile" | sed -nr 's/.* VALIDSIG
> >> ([A-Z0-9]*) .*/\1/p;')
> >
> > I think you just want:
> >
> > pubkey=$(sed -n '/VALIDSIG/ s/.* VALIDSIG \([[:alnum:]]*\) .*/\1/p'
> > "$statusfile")
> >
> > sed's -r flag isn't portable.
>
> I took that from another place in makepkg:
>
> scripts/makepkg.sh.in:1740: for sofile in $(LC_ALL=C readelf
> -d "$filename" 2>/dev/null | sed -nr 's/.*Shared library: \[(.*)\].*/\1/p')
>
> If it's not portable, it should be fixed there, too.
Hrmm. It seems that, at least, more recent freebsd now suppots this:
-r Same as -E for compatibility with GNU sed.
I'd prefer that we avoid it, though. We can absolutely get by without it
in both cases.
> >> + echo "$pubkey"
> >
> > Don't you only want to echo this if the check that follows succeeds?
>
> Actually, I only need it in the failure case.
>
> >> + in_array "$pubkey" ${validpgpkeys[@]}
> >
> > The array needs quoting.
>
> Not according to the documentation, but sure, I'll add it.
>
> >> + return $?
> >
> > Wholly redundant for this function in its current form.
>
> You are right, although I hate that implicit return value stuff in bash.
>
> >> +}
> >> +
> >> check_pgpsigs() {
> >> (( SKIPPGPCHECK )) && return 0
> >> ! source_has_signatures && return 0
> >> @@ -1303,9 +1312,12 @@ check_pgpsigs() {
> >> if grep -q "REVKEYSIG" "$statusfile"; then
> >> printf '%s (%s)' "$(gettext "FAILED")"
> >> "$(gettext "the key has been revoked.")" >&2
> >> errors=1
> >> - elif grep -q -e "TRUST_UNDEFINED" -e "TRUST_NEVER"
> >> "$statusfile"; then
> >> + elif (( ${#validpgpkeys[@]} == 0 )) && grep -q -e
> >> "TRUST_UNDEFINED" -e "TRUST_NEVER" "$statusfile"; then
> >> printf '%s (%s)' "$(gettext "FAILED")"
> >> "$(gettext "the key is not trusted")" >&2
> >> errors=1
> >> + elif (( ${#validpgpkeys[@]} > 0 )) && !
> >> pubkey=$(is_valid_pgpkey "$statusfile"); then
> >> + printf "%s (%s $pubkey)" "$(gettext "FAILED")"
> >> "$(gettext "invalid key")"
> >> + errors=1
> >
> > Is there a decent way to extract the real status from the file once and
> > then do string comparisons in bash, rather than forking to grep all the
> > time?
>
> You just used the word 'decent' in a sentence that talks about gnupg.
You're right, I must apologize for that faux pas.
> We could use read to parse the file, set some variables and test those.
> Is that desirable?
I forget what the format is of the status files, exactly. I don't mind
calling external tools to parse once, but calling them repeatedly to
operate on the same section of a file seems wasteful.
