Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-09-21 16:19:12 -0500
committerDan McGee <dan@archlinux.org>2011-09-22 11:15:39 -0500
commit7d961c849bf4dab481e261bdb91304f6a4744d8c (patch)
tree9ca528ab4bee432ca0aedf8289fe7cc3f4f4f973
parent6767de5380d97f6544ca3968b83b74120dfcbeca (diff)
pacman-key: disable, don't remove, revoked keys
Unlike our protégé apt-key, removing a key from our keyring is not sufficient to prevent it from being trusted or used for verification. We are better off flagging it as disabled and leaving it in the keyring so it cannot be reimported or fetched at a later date from a keyserver and continue to be used. Implement the logic to disable the key instead of delete it, figuring out --command-fd in the process. Note that the surefire way to disable a key involves including said key in the keyring package, such that it is both in foobar.gpg and foobar-revoked. Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--scripts/pacman-key.sh.in34
1 files changed, 13 insertions, 21 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 39da83da..72614c6e 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -275,22 +275,14 @@ populate_keyring() {
# Read the revoked key IDs to an array. The conversion from whatever is inside the file
# to key ids is important, because key ids are the only guarantee of identification
# for the keys.
- local -A removed_ids
+ local -A revoked_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then
while read key; do
- local key_values name
- # extract key ID (field 5) and the name of owner (field 10)
- key_values="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5,10 --output-delimiter=' ')"
- if [[ -n $key_values ]]; then
- # The first word is the key_id
- key_id="${key_values%% *}"
- # the rest is the name of the owner
- name="${key_values#* }"
- if [[ -n ${key_id} ]]; then
- # Mark this key to be deleted
- removed_ids[$key_id]="$name"
- fi
+ key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
+ if [[ -n ${key_id} ]]; then
+ # Mark this key to be disabled
+ revoked_ids[$key_id]="${keyring}"
fi
done < "${KEYRING_IMPORT_DIR}/${keyring}-revoked"
fi
@@ -300,19 +292,19 @@ populate_keyring() {
# of keys to be removed
if [[ -f "${PACMAN_KEYRING_DIR}/holdkeys" ]]; then
while read key; do
- key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)"
- if [[ -n "${removed_ids[$key_id]}" ]]; then
- unset removed_ids[$key_id]
+ key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
+ if [[ -n "${revoked_ids[$key_id]}" ]]; then
+ unset revoked_ids[$key_id]
fi
done < "${PACMAN_KEYRING_DIR}/holdkeys"
fi
# Remove the keys not marked to keep
- if (( ${#removed_ids[@]} > 0 )); then
- msg "$(gettext "Removing revoked keys from keyring...")"
- for key_id in "${!removed_ids[@]}"; do
- echo " removing key $key_id - ${removed_ids[$key_id]}"
- "${GPG_PACMAN[@]}" --quiet --batch --yes --delete-key "${key_id}"
+ if (( ${#revoked_ids[@]} > 0 )); then
+ msg "$(gettext "Disabling revoked keys in keyring...")"
+ for key_id in "${!revoked_ids[@]}"; do
+ msg2 "$(gettext "Disabling key %s...")" "${key_id}"
+ printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
done
fi
}