[pacman-dev] [PATCH 5/5] pacman-key: receive keys from WKD with -r/--recv-keys

Wed, 17 Jul 2019 13:08:00 -0700 

If an email address is specified, we use --locate-key to look up the key
using WKD and keyserver as a fallback. If the key is specified as a key
ID, this doesn't work, so we use the normal keyserver-based --recv-keys.

Note that --refresh-keys still uses the keyservers exclusively for
refreshing, though the situation might potentially be improved in a new
version of GnuPG:
https://lists.gnupg.org/pipermail/gnupg-users/2019-July/062169.html

Signed-off-by: Jonas Witschel <[email protected]>
---
 scripts/pacman-key.sh.in | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index b05754e5..cd214a2e 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -455,25 +455,30 @@ lsign_keys() {
 }

 receive_keys() {
-       local name id keyids
+       local name id keyids emails

        # if the key is not a hex ID, do a lookup
        for name; do
                if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then
                        keyids+=("$name")
-               else
-                       if id=$(key_lookup_from_name "$name"); then
-                               keyids+=("$id")
-                       fi
+               elif [[ $name = *@*.* ]]; then
+                       emails+=("$name")
+               elif id=$(key_lookup_from_name "$name"); then
+                       keyids+=("$id")
                fi
        done

-       (( ${#keyids[*]} > 0 )) || exit 1
+       (( ${#keyids[*]}+${#emails[*]} > 0 )) || exit 1

-       if ! "${GPG_PACMAN[@]}" --recv-keys "${keyids[@]}" ; then
+       if (( ${#keyids[*]} > 0 )) && ! "${GPG_PACMAN[@]}" --recv-keys 
"${keyids[@]}" ; then
                error "$(gettext "Remote key not fetched correctly from 
keyserver.")"
                exit 1
        fi
+
+       if (( ${#emails[*]} > 0 )) && ! "${GPG_PACMAN[@]}" --auto-key-locate 
nodefault,clear,wkd,keyserver --locate-key "${emails[@]}" ; then
+               error "$(gettext "Remote key not fetched correctly from WKD or 
keyserver.")"
+               exit 1
+       fi
 }

 refresh_keys() {
--
2.22.0

Reply via email to