pkgmeek: tidy up the get_repo_key routine

scripts/pkgmeek

@@ -13,7 +13,7 @@ local errDL=0; local errUZ=0; local BSDTAR="/usr/bin/bsdtar --format=gnutar"
 parse_options "$@"
 
 # Exit early if refreshing an existing sha256 manifest was requested
-[ "$PKGMK_REFRESH_SIG" = "yes" ] && { make_signature refresh ; exit $?; }
+[ "$PKGMK_REFRESH_SIG" = "yes" ] && { make_signature refresh && info "signature refreshed."; exit $?; }
 #
 # Read the Pkgfile to determine what to do next. But first ensure that
 # it came from a trusted source (FS#1851)
@@ -109,7 +109,7 @@ if [ "$PKGMK_UPDATE_FOOTPRINT" = "yes" ]; then
 fi
 # Updating signatures (option -us) requires only sources and footprint, not a built package.
 # As with -uf, exit after fulfilling the explicit request for a manifest.
-[ "$PKGMK_UPDATE_SIG" = "yes" ] && { make_signature new; cleanup_work; exit $?; }
+[ "$PKGMK_UPDATE_SIG" = "yes" ] && { make_signature new && info "signature created."; cleanup_work; exit $?; }
 
 # All the sources should be here by now, let's verify that we can trust them.
 readonly cs_fail_msg="Use '--ignore-signature' to override, if you have determined integrity by other means."
@@ -456,7 +456,7 @@ check_signature() { # called from $PKGMK_ROOT in the case "when"="pre-Pkgfile",
 	local reqfiles=(Pkgfile); local s=0; local when="$1";
 	local SIGNIFY_ARGS=(-C -x "$PKGMK_ROOT/.signature")
 
-	[ "$PKGMK_PUBLICKEY" ] || PKGMK_PUBLICKEY=$(get_repo_key public)
+	[ -n "$PKGMK_PUBLICKEY" ] || PKGMK_PUBLICKEY="$(get_repo_key public)"
 	if [ -f "$PKGMK_ROOT/.signature" ]; then
 		[ "$when" = "pre-Pkgfile" ] || reqfiles=(.footprint)
 		while [ "$when" = "pre-build" ] && (( s < ${#_local_[@]} )); do 
@@ -466,7 +466,7 @@ check_signature() { # called from $PKGMK_ROOT in the case "when"="pre-Pkgfile",
 		for FILE in "${reqfiles[@]}"; do
 			[ -e "$FILE" ] || ln -sf "$PKGMK_ROOT/$FILE" .
 		done
-		[ -f "$PKGMK_PUBLICKEY" ] && SIGNIFY_ARGS+=(-p "$PKGMK_PUBLICKEY")
+		[ -r "$PKGMK_PUBLICKEY" ] && SIGNIFY_ARGS+=(-p "$PKGMK_PUBLICKEY")
 		/usr/bin/signify "${SIGNIFY_ARGS[@]}" "${reqfiles[@]}" 2>&1
 	else
 		[ "$when" = "pre-Pkgfile" ] && echo "Pkgfile verification failed"
@@ -475,23 +475,23 @@ check_signature() { # called from $PKGMK_ROOT in the case "when"="pre-Pkgfile",
 }
 
 get_repo_key() {
-	local typ="${1:0:3}"
-	for key in "/etc/ports/*.$typ" "$HOME/.ssh/*.$typ"; do
-		[ -e "$key" ] || continue
-		REPO="$(dirname "$PWD")"; REPO="$(basename -s .git "$REPO")";
-		[ "$REPO" = "$(basename -s ".$typ" "$key")" ] && { echo "$key"; break; }
-	done
+	local typ="${1:0:3}"; local REPO;
+	REPO=$(dirname "$PKGMK_ROOT"); REPO=$(basename -s .git "$REPO");
+	ls "/etc/ports/$REPO.$typ" 2>/dev/null \
+			|| ls "$HOME/.ssh/$REPO.$typ" 2>/dev/null
 }
 
 make_signature() {
 	local ordered si pub
 	[ -w "$PKGMK_ROOT/.signature" ] || { error ".signature not writable."; return $E_DIRPERM; }
 
-	[ "$PKGMK_PRIVATEKEY" ] || PKGMK_PRIVATEKEY="$(get_repo_key secret)"
-	[ -r "$PKGMK_PRIVATEKEY" ] && \
-		pub="/etc/ports/$(basename -s ".sec" "$PKGMK_PRIVATEKEY").pub" || \
-		{ error "No suitable secret key found. Specify one explicitly with '-sk'."; 
-		return $E_SIGNATURE; }
+	[ -n "$PKGMK_PRIVATEKEY" ] || PKGMK_PRIVATEKEY="$(get_repo_key secret)"
+	if [ -n "$PKGMK_PRIVATEKEY" ]; then
+		pub="/etc/ports/$(basename -s .sec "$PKGMK_PRIVATEKEY").pub"
+	else
+		error "No suitable secret key found. Specify one explicitly with '-sk'."
+		return $E_SIGNATURE
+	fi
 
 	# create a new .signature, or refresh an existing manifest?
 	case "$1" in
@@ -516,7 +516,7 @@ make_signature() {
 				{ error "missing .signature, cannot refresh."; return $E_SIGNATURE; }
 			if tail -n +3 ".signature" | /usr/bin/signify -S -e -x - -q \
 				-s "$PKGMK_PRIVATEKEY" -m - > .signature.tmp; then
-				mv .signature.tmp .signature; info "Signature refreshed."
+				mv .signature.tmp .signature
 			else
 				rm .signature.tmp; return $E_SIGNATURE
 			fi