diff options
| author | Matt Zimmerman <matt.zimmerman@canonical.com> | 2004-12-29 01:18:28 +0000 |
|---|---|---|
| committer | Matt Zimmerman <matt.zimmerman@canonical.com> | 2004-12-29 01:18:28 +0000 |
| commit | 2ee99a54fd671f74b6ee24307e11ab0534580b87 (patch) | |
| tree | 0e5e082135ad29f15effaa045b5da2758004e5d8 /cmdline/apt-key | |
| parent | 51d13ae3354082c12f6e5dd3797c514c6de702b0 (diff) | |
| parent | 32133629d8c49029f3d04886aa605de4864b486e (diff) | |
Merge apt--mvo--0
Patches applied:
* michael.vogt@canonical.com--2004/apt--mvo--0--patch-5
* added apt-key update method
* michael.vogt@canonical.com--2004/apt--mvo--0--patch-6
* if a sign-file download fails, delete the the partial download in "partial/" also
* michael.vogt@canonical.com--2004/apt--mvo--0--patch-7
* changelog updated, version is now 0.6.27ubuntu4; added DEB_BUILD_PROG_OPTS to debian/rules
* michael.vogt@canonical.com--2004/apt--mvo--0--patch-8
* removed Release.gpg files in partial/ before fetching a new one
* michael.vogt@canonical.com--2004/apt--mvo--0--patch-9
* some comments about the pkgAcqMetaSig::Custom600Headers() added
* michael.vogt@canonical.com--2004/apt--mvo--0--patch-10
* fix permissions in po/
* michael.vogt@canonical.com--2004/apt--mvo--0--patch-11
* use gpg --with-colons
Diffstat (limited to 'cmdline/apt-key')
| -rwxr-xr-x | cmdline/apt-key | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/cmdline/apt-key b/cmdline/apt-key index 583cde191..a96afe944 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -2,6 +2,36 @@ set -e +# We don't use a secret keyring, of course, but gpg panics and +# implodes if there isn't one available + +GPG_CMD="gpg --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg" +GPG="$GPG_CMD --keyring /etc/apt/trusted.gpg" + + +ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg +REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg + + +update() { + if [ ! -f $ARCHIVE_KEYRING ]; then + echo >&2 "ERROR: Can't find the archive-keyring" + echo >&2 "Is the ubuntu-keyring package installed?" + exit 1 + fi + + # add new keys + $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import + + # remove no-longer used keys + keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys|awk '/^pub/{FS=":";print $5}'` + for key in $keys; do + if $GPG --list-keys --with-colons | awk '/^pub/{FS=":";print $5}'|grep -q $key; then + $GPG --quiet --batch --delete-key --yes ${key} + fi + done +} + usage() { echo "Usage: apt-key [command] [arguments]" echo @@ -9,6 +39,7 @@ usage() { echo echo " apt-key add <file> - add the key contained in <file> ('-' for stdin)" echo " apt-key del <keyid> - remove the key <keyid>" + echo " apt-key update - update keys using the keyring package" echo " apt-key list - list keys" echo } @@ -26,11 +57,6 @@ if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then echo >&2 fi -# We don't use a secret keyring, of course, but gpg panics and -# implodes if there isn't one available - -GPG="gpg --no-options --no-default-keyring --keyring /etc/apt/trusted.gpg --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg" - case "$command" in add) $GPG --quiet --batch --import "$1" @@ -40,6 +66,9 @@ case "$command" in $GPG --quiet --batch --delete-key --yes "$1" echo "OK" ;; + update) + update + ;; list) $GPG --batch --list-keys ;; |