Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts/pacman-key.sh.in
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2011-07-09 21:51:01 +1000
committerAllan McRae <allan@archlinux.org>2011-07-19 10:27:54 +1000
commit31c9a521b47a84ae01f3f9c9e25980694e1c472d (patch)
tree4c8e46c757bd9b7d171291e3ecaef425257f059d /scripts/pacman-key.sh.in
parent0c9e86bab17691bf17c4251b2e16d65f517b88c8 (diff)
pacman-key: check required permissions on keyring
Makes sure that the pacman keyring is readable and that the user has permissions to create a lock file if lock-never is not specified in the gpg.conf file. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/pacman-key.sh.in')
-rw-r--r--scripts/pacman-key.sh.in20
1 files changed, 20 insertions, 0 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index d7129e53..972749f2 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -112,6 +112,25 @@ initialize() {
fi
}
+check_keyring() {
+ if [[ ! -r ${PACMAN_KEYRING_DIR}/pubring.gpg || \
+ ! -r ${PACMAN_KEYRING_DIR}/secring.gpg || \
+ ! -r ${PACMAN_KEYRING_DIR}/trustdb.gpg ]]; then
+ error "$(gettext "You do not have sufficient permissions to read the %s keyring...")" "pacman"
+ msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init"
+ exit 1
+ fi
+
+ if (( (EXPORT || FINGER || LIST || VERIFY) && EUID != 0 )); then
+ if ! grep -w -q "lock-never" ${PACMAN_KEYRING_DIR}/gpg.conf &>/dev/null; then
+ error "$(gettext "You do not have sufficient permissions to run this command...")"
+ msg "$(gettext "Use '%s' to correct the keyring permissions.")" "pacman-key --init"
+ exit 1
+ fi
+ fi
+
+}
+
verify_keyring_input() {
local ret=0;
@@ -344,6 +363,7 @@ if (( numopt != 1 )); then
exit 1
fi
+(( ! INIT )) && check_keyring
(( ADD )) && ${GPG_PACMAN} --quiet --batch --import "${KEYFILES[@]}"
(( DELETE )) && ${GPG_PACMAN} --quiet --batch --delete-key --yes "${KEYIDS[@]}"