summaryrefslogtreecommitdiff
path: root/cmdline/apt-key.in
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2018-10-14 19:23:41 +0000
committerJulian Andres Klode <jak@debian.org>2018-10-14 19:23:41 +0000
commitb80e48783c183aeaf1d30d898a7743f091d96336 (patch)
tree7a0e3711dd68bbd8fdfd0d07f9af6f33aa9d2d51 /cmdline/apt-key.in
parentbb2f6c8c2a965ac1ff01582b93e64da8991dcbfc (diff)
parent8375d5b58038fc026098dcccc3de87cd9d740334 (diff)
Merge branch 'feature/subkeys' into 'master'
Support subkeys and multiple keyrings in Signed-By options See merge request apt-team/apt!27
Diffstat (limited to 'cmdline/apt-key.in')
-rw-r--r--cmdline/apt-key.in157
1 files changed, 86 insertions, 71 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 7ec1b034c..e9187b423 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -15,6 +15,74 @@ eval "$(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI)"
aptkey_echo() { echo "$@"; }
+find_gpgv_status_fd() {
+ while [ -n "$1" ]; do
+ if [ "$1" = '--status-fd' ]; then
+ shift
+ echo "$1"
+ break
+ fi
+ shift
+ done
+}
+GPGSTATUSFD="$(find_gpgv_status_fd "$@")"
+
+apt_warn() {
+ if [ -z "$GPGHOMEDIR" ]; then
+ echo >&2 'W:' "$@"
+ else
+ echo 'W:' "$@" > "${GPGHOMEDIR}/aptwarnings.log"
+ fi
+ if [ -n "$GPGSTATUSFD" ]; then
+ echo >&${GPGSTATUSFD} '[APTKEY:] WARNING' "$@"
+ fi
+}
+apt_error() {
+ if [ -z "$GPGHOMEDIR" ]; then
+ echo >&2 'E:' "$@"
+ else
+ echo 'E:' "$@" > "${GPGHOMEDIR}/aptwarnings.log"
+ fi
+ if [ -n "$GPGSTATUSFD" ]; then
+ echo >&${GPGSTATUSFD} '[APTKEY:] ERROR' "$@"
+ fi
+}
+
+cleanup_gpg_home() {
+ if [ -z "$GPGHOMEDIR" ]; then return; fi
+ if [ -s "$GPGHOMEDIR/aptwarnings.log" ]; then
+ cat >&2 "$GPGHOMEDIR/aptwarnings.log"
+ fi
+ if command_available 'gpgconf'; then
+ GNUPGHOME="${GPGHOMEDIR}" gpgconf --kill all >/dev/null 2>&1 || true
+ fi
+ rm -rf "$GPGHOMEDIR"
+}
+
+# gpg needs (in different versions more or less) files to function correctly,
+# so we give it its own homedir and generate some valid content for it later on
+create_gpg_home() {
+ # for cases in which we want to cache a homedir due to expensive setup
+ if [ -n "$GPGHOMEDIR" ]; then
+ return
+ fi
+ if [ -n "$TMPDIR" ]; then
+ # tmpdir is a directory and current user has rwx access to it
+ # same tests as in apt-pkg/contrib/fileutl.cc GetTempDir()
+ if [ ! -d "$TMPDIR" ] || [ ! -r "$TMPDIR" ] || [ ! -w "$TMPDIR" ] || [ ! -x "$TMPDIR" ]; then
+ unset TMPDIR
+ fi
+ fi
+ GPGHOMEDIR="$(mktemp --directory --tmpdir 'apt-key-gpghome.XXXXXXXXXX')"
+ CURRENTTRAP="${CURRENTTRAP} cleanup_gpg_home;"
+ trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
+ if [ -z "$GPGHOMEDIR" ]; then
+ apt_error "Could not create temporary gpg home directory in $TMPDIR (wrong permissions?)"
+ exit 28
+ fi
+ chmod 700 "$GPGHOMEDIR"
+}
+
requires_root() {
if [ "$(id -u)" -ne 0 ]; then
apt_error "This command can only be used by root."
@@ -282,7 +350,7 @@ foreach_keyring_do() {
shift
# if a --keyring was given, just work on this one
if [ -n "$FORCED_KEYRING" ]; then
- $ACTION "$TRUSTEDFILE" "$@"
+ $ACTION "$FORCED_KEYRING" "$@"
else
# otherwise all known keyrings are up for inspection
if accessible_file_exists "$TRUSTEDFILE" && is_supported_keyring "$TRUSTEDFILE"; then
@@ -525,11 +593,26 @@ while [ -n "$1" ]; do
case "$1" in
--keyring)
shift
- TRUSTEDFILE="$1"
- FORCED_KEYRING="$1"
+ if [ -z "$FORCED_KEYRING" -o "$FORCED_KEYRING" = '/dev/null' ]; then
+ TRUSTEDFILE="$1"
+ FORCED_KEYRING="$1"
+ elif [ "$TRUSTEDFILE" = "$FORCED_KEYRING" ]; then
+ create_gpg_home
+ FORCED_KEYRING="${GPGHOMEDIR}/mergedkeyrings.gpg"
+ echo -n '' > "$FORCED_KEYRING"
+ chmod 0644 -- "$FORCED_KEYRING"
+ catfile "$TRUSTEDFILE" "$FORCED_KEYRING"
+ catfile "$1" "$FORCED_KEYRING"
+ else
+ catfile "$1" "$FORCED_KEYRING"
+ fi
;;
--keyid)
shift
+ if [ -n "$FORCED_KEYID" ]; then
+ apt_error 'Specifying --keyid multiple times is not supported'
+ exit 1
+ fi
FORCED_KEYID="$1"
;;
--secret-keyring)
@@ -582,74 +665,6 @@ if [ -z "$command" ]; then
fi
shift
-find_gpgv_status_fd() {
- while [ -n "$1" ]; do
- if [ "$1" = '--status-fd' ]; then
- shift
- echo "$1"
- break
- fi
- shift
- done
-}
-GPGSTATUSFD="$(find_gpgv_status_fd "$@")"
-
-apt_warn() {
- if [ -z "$GPGHOMEDIR" ]; then
- echo >&2 'W:' "$@"
- else
- echo 'W:' "$@" > "${GPGHOMEDIR}/aptwarnings.log"
- fi
- if [ -n "$GPGSTATUSFD" ]; then
- echo >&${GPGSTATUSFD} '[APTKEY:] WARNING' "$@"
- fi
-}
-apt_error() {
- if [ -z "$GPGHOMEDIR" ]; then
- echo >&2 'E:' "$@"
- else
- echo 'E:' "$@" > "${GPGHOMEDIR}/aptwarnings.log"
- fi
- if [ -n "$GPGSTATUSFD" ]; then
- echo >&${GPGSTATUSFD} '[APTKEY:] ERROR' "$@"
- fi
-}
-
-cleanup_gpg_home() {
- if [ -z "$GPGHOMEDIR" ]; then return; fi
- if [ -s "$GPGHOMEDIR/aptwarnings.log" ]; then
- cat >&2 "$GPGHOMEDIR/aptwarnings.log"
- fi
- if command_available 'gpgconf'; then
- GNUPGHOME="${GPGHOMEDIR}" gpgconf --kill all >/dev/null 2>&1 || true
- fi
- rm -rf "$GPGHOMEDIR"
-}
-
-# gpg needs (in different versions more or less) files to function correctly,
-# so we give it its own homedir and generate some valid content for it later on
-create_gpg_home() {
- # for cases in which we want to cache a homedir due to expensive setup
- if [ -n "$GPGHOMEDIR" ]; then
- return
- fi
- if [ -n "$TMPDIR" ]; then
- # tmpdir is a directory and current user has rwx access to it
- # same tests as in apt-pkg/contrib/fileutl.cc GetTempDir()
- if [ ! -d "$TMPDIR" ] || [ ! -r "$TMPDIR" ] || [ ! -w "$TMPDIR" ] || [ ! -x "$TMPDIR" ]; then
- unset TMPDIR
- fi
- fi
- GPGHOMEDIR="$(mktemp --directory --tmpdir 'apt-key-gpghome.XXXXXXXXXX')"
- CURRENTTRAP="${CURRENTTRAP} cleanup_gpg_home;"
- trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
- if [ -z "$GPGHOMEDIR" ]; then
- apt_error "Could not create temporary gpg home directory in $TMPDIR (wrong permissions?)"
- exit 28
- fi
- chmod 700 "$GPGHOMEDIR"
-}
-
prepare_gpg_home() {
# crude detection if we are called from a maintainerscript where the
# package depends on gnupg or not. We accept recommends here as