From 8660d00b320657b1dfaad21662d2211dbcf1fc1b Mon Sep 17 00:00:00 2001 From: canyonknight Date: Mon, 9 Jan 2012 21:43:34 -0500 Subject: [PATCH 2/2] Add proper exit statuses and error messages to pacman-key Return codes from gpg commands are currently lost. This adds the functionality of taking the correct error codes from gpg. This includes error reporting for all gpg commands that are run individually, run in a loop, and run through a pipe. Includes the check_key_exists function which verifies a key exists locally prior to local manipulation of the key. If a gpg command has a non-zero return status, pacman-key will now exit with the same non-zero status. It will then print a gettext error message of gpg's failure. Signed-off-by: canyonknight --- scripts/pacman-key.sh.in | 136 ++++++++++++++++++++++++++++++++++++++-------- 1 files changed, 113 insertions(+), 23 deletions(-) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 1fd74a7..8d977fa 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -144,6 +144,20 @@ add_gpg_conf_option() { fi } +check_key_exists() { + local ret=0 + for key in "${KEYIDS[@]}"; do + # Verify if the key exists in pacman's keyring + if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null ; then + error "$(gettext "The key identified by %s could not be found locally.")" "$key" + ret=1 + fi + done + if (( ret )); then + exit 1 + fi +} + initialize() { local conffile keyserv # Check for simple existence rather than for a directory as someone @@ -339,85 +353,161 @@ populate_keyring() { } add_keys() { - "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}" + local ret=0 + "${GPG_PACMAN[@]}" --quiet --batch --import "${KEYFILES[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified keyfile could not be added to the gpg keychain.")" + exit "$ret" + fi } delete_keys() { - "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}" + check_key_exists + local ret=0 + "${GPG_PACMAN[@]}" --quiet --batch --delete-key --yes "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified key could not be removed from the gpg keychain.")" + exit "$ret" + fi } edit_keys() { - local errors=0; + check_key_exists + local ret=0 for key in "${KEYIDS[@]}"; do - # Verify if the key exists in pacman's keyring - if ! "${GPG_PACMAN[@]}" --list-keys "$key" &>/dev/null; then - error "$(gettext "The key identified by %s does not exist.")" "$key" - errors=1; + "${GPG_PACMAN[@]}" --edit-key "$key" || ret=$? + if (( ret )); then + error "$(gettext "The key identified by %s could not be edited.")" "$key" fi done - (( errors )) && exit 1; - - for key in "${KEYIDS[@]}"; do - "${GPG_PACMAN[@]}" --edit-key "$key" - done + if (( ret )); then + exit "$ret" + fi } export_keys() { - "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}" + check_key_exists + local ret=0 + "${GPG_PACMAN[@]}" --armor --export "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified key could not be exported from the gpg keychain.")" + exit "$ret" + fi } finger_keys() { - "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}" + check_key_exists + local ret=0 + "${GPG_PACMAN[@]}" --batch --fingerprint "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "The fingerprint of a specified key could not be determined.")" + exit "$ret" + fi } import_trustdb() { local importdir - + local ret=0 for importdir in "${IMPORT_DIRS[@]}"; do if [[ -f "${importdir}/trustdb.gpg" ]]; then gpg --homedir "${importdir}" --export-ownertrust | \ "${GPG_PACMAN[@]}" --import-ownertrust - + if (( PIPESTATUS )); then + error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg" + ret=1 + fi + else + error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg" + ret=1 fi done + if (( ret )); then + exit "$ret" + fi } import() { local importdir - + local ret=0 for importdir in "${IMPORT_DIRS[@]}"; do if [[ -f "${importdir}/pubring.gpg" ]]; then - "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg" + "${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg" || ret=$? + if (( ret )); then + error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg" + fi + else + error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg" + ret=1 fi done + if (( ret )); then + exit "$ret" + fi } list_keys() { - "${GPG_PACMAN[@]}" --batch --list-keys "${KEYIDS[@]}" + local ret=0 + "${GPG_PACMAN[@]}" --batch --list-keys "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified key could not be listed.")" + exit "$ret" + fi } list_sigs() { - "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}" + check_key_exists + local ret=0 + "${GPG_PACMAN[@]}" --batch --list-sigs "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified signature could not be listed.")" + exit "$ret" + fi } lsign_keys() { printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${KEYIDS[@]}" 2>/dev/null + if (( PIPESTATUS )); then + error "$(gettext "A specified key could not be locally signed.")" + exit "$ret" + fi } receive_keys() { - "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}" + local ret=0 + "${GPG_PACMAN[@]}" --recv-keys "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "Remote key not fetched correctly from keyserver.")" + exit "$ret" + fi } refresh_keys() { - "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}" + check_key_exists + local ret=0 + "${GPG_PACMAN[@]}" --refresh-keys "${KEYIDS[@]}" || ret=$? + if (( ret )); then + error "$(gettext "A specified local key could not be updated from a keyserver.")" + exit "$ret" + fi } verify_sig() { - "${GPG_PACMAN[@]}" --verify $SIGNATURE + local ret=0 + "${GPG_PACMAN[@]}" --verify $SIGNATURE || ret=$? + if (( ret )); then + error "$(gettext "The signature identified by %s could not be verified.")" "$SIGNATURE" + exit "$ret" + fi } updatedb() { + local ret=0 msg "$(gettext "Updating trust database...")" - "${GPG_PACMAN[@]}" --batch --check-trustdb + "${GPG_PACMAN[@]}" --batch --check-trustdb || ret=$? + if (( ret )); then + error "$(gettext "Trust database could not be updated.")" + exit "$ret" + fi } # PROGRAM START -- 1.7.8.3