Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts/pacman-key.sh.in
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2012-06-19 14:55:35 +1000
committerAllan McRae <allan@archlinux.org>2013-01-04 21:49:38 +1000
commit09295f7e40a990971b81c3ebfea474bae873c223 (patch)
treecabf67e07a2e3c8eecbd17dd5d139584c300d596 /scripts/pacman-key.sh.in
parent86eefc1a3a3419bb41b2acab521a476db0d2a7ce (diff)
pacman-key: handle local signing of multiple keys
gpg --lsign-key does not like being given multiple keys to sign. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/pacman-key.sh.in')
-rw-r--r--scripts/pacman-key.sh.in22
1 files changed, 14 insertions, 8 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index ef4ab306..9561c7f2 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -300,10 +300,7 @@ populate_keyring() {
if (( ${#trusted_ids[@]} > 0 )); then
msg "$(gettext "Locally signing trusted keys in keyring...")"
- for key_id in "${!trusted_ids[@]}"; do
- msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
- lsign_keys "${key_id}"
- done
+ lsign_keys "${!trusted_ids[@]}"
msg "$(gettext "Importing owner trust values...")"
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
@@ -440,10 +437,19 @@ list_sigs() {
lsign_keys() {
check_keyids_exist
- # we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid
- printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "$@" 2>/dev/null
- if (( PIPESTATUS[1] )); then
- error "$(gettext "A specified key could not be locally signed.")"
+
+ local ret=0
+ for key_id in "$@"; do
+ msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
+ # we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid
+ printf 'y\ny\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null
+ if (( PIPESTATUS[1] )); then
+ error "$(gettext "%s could not be locally signed.")" "${key_id}"
+ ret=1
+ fi
+ done
+
+ if (( ret )); then
exit 1
fi
}