From 8d66635150cab204ea5e9f73ef7ac829bf6814fe Mon Sep 17 00:00:00 2001 From: canyonknight Date: Tue, 3 Jan 2012 15:37:22 -0500 Subject: [PATCH 3/3] Add proper exit statuses and error messages to pacman-key Return codes from gpg commands are currently lost. This adds the functionality of taking the correct error codes from gpg. This includes error reporting for all gpg commands that are run individually, run in a loop, and run through a pipe. Includes the chk_key_exists function which verifies a key exists locally prior to local manipulation of the key. If a gpg command has a non-zero return status, pacman-key will now exit with exact same non-zero status. It will then print a gettext error message of gpg's failure. Signed-off-by: canyonknight --- scripts/pacman-key.sh.in | 130 +++++++++++++++++++++++++++++++++++++--------- 1 files changed, 106 insertions(+), 24 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 52ecc42..2645299 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -181,6 +181,20 @@ verify_keyring_input() { return $ret } +chk_key_exists() { + local ret=0; + for key in "${KEYIDS[@]}"; do + # Verify if the key exists in pacman's keyring + if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null ; then + error "$(gettext "The key identified by %s could not be found locally.")" "$key" + ret=1; + fi + done + if (( ret )); then + exit 1; + fi +} + check_keyring() { if [[ ! -r ${PACMAN_KEYRING_DIR}/pubring.gpg || \ ! -r ${PACMAN_KEYRING_DIR}/trustdb.gpg ]]; then @@ -207,56 +221,88 @@ check_keyring() { } add_keys() { - "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}" + local ret=0 + "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified keyfile could not be added to the gpg keychain.")" + exit "$ret" + fi } delete_keys() { - "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}" + chk_key_exists + local ret=0 + "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified key could not be removed from the gpg keychain.")" + exit "$ret" + fi } edit_keys() { - local errors=0; + chk_key_exists + local ret=0 for key in "${KEYIDS[@]}"; do - # Verify if the key exists in pacman's keyring - if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null; then - error "$(gettext "The key identified by %s does not exist.")" "$key" - errors=1; + "${GPG_PACMAN[@]}" --edit-key "$key" || ret=$? + if (( ret )); then + error "$(gettext "The key identified by %s could not be edited.")" "$key" + exit "$ret" fi done - (( errors )) && exit 1; - - for key in "${KEYIDS[@]}"; do - "${GPG_PACMAN[@]}" --edit-key "$key" - done } export_keys() { - "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}" + chk_key_exists + local ret=0 + "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified key could not be exported from the gpg keychain.")" + exit "$ret" + fi } finger_keys() { - "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}" + chk_key_exists + local ret=0 + "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "The fingerprint of a specified key could not be determined.")" + exit "$ret" + fi } import() { local importdir - + local ret=0 for importdir in "${IMPORT_DIRS[@]}"; do if [[ -f "${importdir}/pubring.gpg" ]]; then - "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg" + "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg" || ret=$? + else + error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg" + exit 1 fi done + if (( ret )); then + error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg" + exit "$ret" + fi } import_trustdb() { local importdir - for importdir in "${IMPORT_DIRS[@]}"; do if [[ -f "${importdir}/trustdb.gpg" ]]; then gpg --homedir "${importdir}" --export-ownertrust | \ - "${GPG_PACMAN[@]}" --import-ownertrust - + "${GPG_PACMAN[@]}" --import-ownertrust - || ret=$? + else + error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg" + exit 1 fi done + if (( PIPESTATUS )); then + error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg" + exit 1 + fi } initialize() { @@ -291,15 +337,30 @@ initialize() { } list_keys() { - "${GPG_PACMAN[@]}" --batch --list-keys "${KEYIDS[@]}" + local ret=0 + "${GPG_PACMAN[@]}" --batch --list-keys "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified key could not be listed.")" + exit "$ret" + fi } list_sigs() { - "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}" + chk_key_exists + local ret=0 + "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified signature could not be listed.")" + exit "$ret" + fi } sign_keys() { printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${KEYIDS[@]}" 2>/dev/null + if (( PIPESTATUS )); then + error "$(gettext "A specified key could not be locally signed.")" + exit "$ret" + fi } populate_keyring() { @@ -404,20 +465,41 @@ populate_keyring() { } receive_keys() { - "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}" + local ret=0 + "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "Remote key not fetched correctly from keyserver.")" + exit "$ret" + fi } refresh_keys() { - "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}" + chk_key_exists + local ret=0 + "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified local key could not be updated from a keyserver.")" + exit "$ret" + fi } verify_sig() { - "${GPG_PACMAN[@]}" --verify $SIGNATURE + local ret=0 + "${GPG_PACMAN[@]}" --verify $SIGNATURE || ret=$? + if (( ret )); then + error "$(gettext "The signiture identified by %s could not be verified.")" "$SIGNATURE" + exit "$ret" + fi } updatedb() { + local ret=0 msg "$(gettext "Updating trust database...")" - "${GPG_PACMAN[@]}" --batch --check-trustdb + "${GPG_PACMAN[@]}" --batch --check-trustdb || ret=$? + if (( ret )); then + error "$(gettext "Trust database could not be updated.")" + exit "$ret" + fi } # PROGRAM START -- 1.7.8.1