Commit c7e4f459 authored by Daan De Meyer's avatar Daan De Meyer Committed by Allan McRae
Browse files

pacman-key: Reduce gpg trustdb checks



Every time we modify gpg's state by signing or revoking a key, gpg
marks the trustdb as stale and rechecks it the next time key_is_lsigned()
or key_is_revoked() is called.

Currently, we alternate calls signing of keys and calling key_is_lsigned()
(idem for revoking) which means that for each key we sign (or revoke), gpg
will check the trustdb once.

To avoid checking the trustb so many times, we can simply do all the
key_is_lsigned() and key_is_revoked() checks upfront. Inbetween read
operations the trustdb is not marked stale and inbetween write operations
the trustdb is also not marked stale. This reduces the amount of trustdb
checks from 50 to 1.
Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
parent 160f5bec
......@@ -333,12 +333,29 @@ populate_keyring() {
# skip blank lines, comments; these are valid in this file
[[ -z $key_id || ${key_id:0:1} = \# ]] && continue
if key_is_lsigned "$key_id" ; then
continue
fi
# Mark this key to be lsigned
trusted_ids[$key_id]=$keyring
done < "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
fi
done
local -A revoked_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -s $KEYRING_IMPORT_DIR/$keyring-revoked ]]; then
while read -r key_id; do
if key_is_revoked "$key_id" ; then
continue
fi
revoked_ids["$key_id"]=1
done <"$KEYRING_IMPORT_DIR/$keyring-revoked"
fi
done
if (( ${#trusted_ids[@]} > 0 )); then
msg "$(gettext "Locally signing trusted keys in keyring...")"
lsign_keys "${!trusted_ids[@]}"
......@@ -350,22 +367,10 @@ populate_keyring() {
done
fi
local -A revoked_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -s $KEYRING_IMPORT_DIR/$keyring-revoked ]]; then
while read -r key_id; do
revoked_ids["$key_id"]=1
done <"$KEYRING_IMPORT_DIR/$keyring-revoked"
fi
done
if (( ${#revoked_ids[@]} > 0 )); then
local key_count=0
msg "$(gettext "Disabling revoked keys in keyring...")"
for key_id in "${!revoked_ids[@]}"; do
if key_is_revoked "$key_id" ; then
continue
fi
if (( VERBOSE )); then
msg2 "$(gettext "Disabling key %s...")" "${key_id}"
fi
......@@ -485,9 +490,6 @@ lsign_keys() {
local ret=0
local key_count=0
for key_id in "$@"; do
if key_is_lsigned "$key_id" ; then
continue
fi
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
fi
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment