summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2014-01-27 18:26:44 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2014-09-27 00:12:14 +0200
commitbd7fb5aa31f58917e8630f2981e78d190d465198 (patch)
tree2bf9517a938892a1e008f791576e70301ae2540e
parentba72845c07b2682f251dc7661869d20095260f8f (diff)
add --secret-keyring option for apt-key
For some advanced usecases it might be handy to specify the secret keyring to be used (e.g. as it is used in the testcases), but specifying it via a normal option for gnupg might not be available forever: http://lists.gnupg.org/pipermail/gnupg-users/2013-August/047180.html Git-Dch: Ignore
-rw-r--r--cmdline/apt-key.in11
-rw-r--r--test/integration/framework6
2 files changed, 14 insertions, 3 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 74ca4d135..36824b6ec 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -287,6 +287,11 @@ while [ -n "$1" ]; do
FORCED_KEYRING="$1"
shift
;;
+ --secret-keyring)
+ shift
+ FORCED_SECRET_KEYRING="$1"
+ shift
+ ;;
--fakeroot)
requires_root() { true; }
shift
@@ -355,6 +360,12 @@ if [ "$command" != "help" ]; then
GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always"
GPG="$GPG_CMD"
+ # for advanced operations, we might really need a secret keyring after all
+ if [ -n "$FORCED_SECRET_KEYRING" ] && [ -r "$FORCED_SECRET_KEYRING" ]; then
+ rm -f "$SECRETKEYRING"
+ cp -a "$FORCED_SECRET_KEYRING" "$SECRETKEYRING"
+ fi
+
# gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead.
if ! [ -e "$TRUSTEDFILE" ]; then
if [ -w "$(dirname "$TRUSTEDFILE")" ]; then
diff --git a/test/integration/framework b/test/integration/framework
index 1ab01b20a..50f16fb46 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -429,8 +429,8 @@ Package: $NAME" >> ${BUILDDIR}/debian/control
| while read SRC; do
echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist
# if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then
-# aptkey --keyring ./keys/joesixpack.pub --quiet adv --yes \
-# --secret-keyring ./keys/joesixpack.sec --default-key 'Joe Sixpack' \
+# aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet \
+# adv --yes --default-key 'Joe Sixpack' \
# --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
# mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
# fi
@@ -816,7 +816,7 @@ setupaptarchive() {
signreleasefiles() {
local SIGNER="${1:-Joe Sixpack}"
local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
- local GPG="aptkey --quiet --keyring ${KEY}.pub adv --batch --yes --secret-keyring ${KEY}.sec"
+ local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec adv --batch --yes"
msgninfo "\tSign archive with $SIGNER key $KEY… "
local REXKEY='keys/rexexpired'
local SECEXPIREBAK="${REXKEY}.sec.bak"