summaryrefslogtreecommitdiff
path: root/cmdline
diff options
context:
space:
mode:
authorMatt Zimmerman <matt.zimmerman@canonical.com>2004-12-29 01:18:28 +0000
committerMatt Zimmerman <matt.zimmerman@canonical.com>2004-12-29 01:18:28 +0000
commit2ee99a54fd671f74b6ee24307e11ab0534580b87 (patch)
tree0e5e082135ad29f15effaa045b5da2758004e5d8 /cmdline
parent51d13ae3354082c12f6e5dd3797c514c6de702b0 (diff)
parent32133629d8c49029f3d04886aa605de4864b486e (diff)
Merge apt--mvo--0
Patches applied: * michael.vogt@canonical.com--2004/apt--mvo--0--patch-5 * added apt-key update method * michael.vogt@canonical.com--2004/apt--mvo--0--patch-6 * if a sign-file download fails, delete the the partial download in "partial/" also * michael.vogt@canonical.com--2004/apt--mvo--0--patch-7 * changelog updated, version is now 0.6.27ubuntu4; added DEB_BUILD_PROG_OPTS to debian/rules * michael.vogt@canonical.com--2004/apt--mvo--0--patch-8 * removed Release.gpg files in partial/ before fetching a new one * michael.vogt@canonical.com--2004/apt--mvo--0--patch-9 * some comments about the pkgAcqMetaSig::Custom600Headers() added * michael.vogt@canonical.com--2004/apt--mvo--0--patch-10 * fix permissions in po/ * michael.vogt@canonical.com--2004/apt--mvo--0--patch-11 * use gpg --with-colons
Diffstat (limited to 'cmdline')
-rwxr-xr-xcmdline/apt-key39
1 files changed, 34 insertions, 5 deletions
diff --git a/cmdline/apt-key b/cmdline/apt-key
index 583cde191..a96afe944 100755
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -2,6 +2,36 @@
set -e
+# We don't use a secret keyring, of course, but gpg panics and
+# implodes if there isn't one available
+
+GPG_CMD="gpg --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg"
+GPG="$GPG_CMD --keyring /etc/apt/trusted.gpg"
+
+
+ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
+REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
+
+
+update() {
+ if [ ! -f $ARCHIVE_KEYRING ]; then
+ echo >&2 "ERROR: Can't find the archive-keyring"
+ echo >&2 "Is the ubuntu-keyring package installed?"
+ exit 1
+ fi
+
+ # add new keys
+ $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import
+
+ # remove no-longer used keys
+ keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys|awk '/^pub/{FS=":";print $5}'`
+ for key in $keys; do
+ if $GPG --list-keys --with-colons | awk '/^pub/{FS=":";print $5}'|grep -q $key; then
+ $GPG --quiet --batch --delete-key --yes ${key}
+ fi
+ done
+}
+
usage() {
echo "Usage: apt-key [command] [arguments]"
echo
@@ -9,6 +39,7 @@ usage() {
echo
echo " apt-key add <file> - add the key contained in <file> ('-' for stdin)"
echo " apt-key del <keyid> - remove the key <keyid>"
+ echo " apt-key update - update keys using the keyring package"
echo " apt-key list - list keys"
echo
}
@@ -26,11 +57,6 @@ if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
echo >&2
fi
-# We don't use a secret keyring, of course, but gpg panics and
-# implodes if there isn't one available
-
-GPG="gpg --no-options --no-default-keyring --keyring /etc/apt/trusted.gpg --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg"
-
case "$command" in
add)
$GPG --quiet --batch --import "$1"
@@ -40,6 +66,9 @@ case "$command" in
$GPG --quiet --batch --delete-key --yes "$1"
echo "OK"
;;
+ update)
+ update
+ ;;
list)
$GPG --batch --list-keys
;;