]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/sh | |
2 | ||
3 | set -e | |
4 | unset GREP_OPTIONS | |
5 | ||
6 | APT_DIR="/" | |
7 | eval $(apt-config shell APT_DIR Dir) | |
8 | ||
9 | MASTER_KEYRING='&keyring-master-filename;' | |
10 | eval $(apt-config shell MASTER_KEYRING APT::Key::MasterKeyring) | |
11 | ARCHIVE_KEYRING='&keyring-filename;' | |
12 | eval $(apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring) | |
13 | REMOVED_KEYS='&keyring-removed-filename;' | |
14 | eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys) | |
15 | ARCHIVE_KEYRING_URI='&keyring-uri;' | |
16 | eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI) | |
17 | ||
18 | aptkey_echo() { echo "$@"; } | |
19 | ||
20 | requires_root() { | |
21 | if [ "$(id -u)" -ne 0 ]; then | |
22 | echo >&2 "ERROR: This command can only be used by root." | |
23 | exit 1 | |
24 | fi | |
25 | } | |
26 | ||
27 | get_fingerprints_of_keyring() { | |
28 | $GPG_CMD --keyring "$1" --with-colons --fingerprint | while read publine; do | |
29 | # search for a public key | |
30 | if [ "${publine%%:*}" != 'pub' ]; then continue; fi | |
31 | # search for the associated fingerprint (should be the very next line) | |
32 | while read fprline; do | |
33 | if [ "${fprline%%:*}" = 'sub' ]; then break; # should never happen | |
34 | elif [ "${fprline%%:*}" != 'fpr' ]; then continue; fi | |
35 | echo "$fprline" | cut -d':' -f 10 | |
36 | done | |
37 | # order in the keyring shouldn't be important | |
38 | done | sort | |
39 | } | |
40 | ||
41 | add_keys_with_verify_against_master_keyring() { | |
42 | ADD_KEYRING=$1 | |
43 | MASTER=$2 | |
44 | ||
45 | if [ ! -f "$ADD_KEYRING" ]; then | |
46 | echo >&2 "ERROR: '$ADD_KEYRING' not found" | |
47 | return | |
48 | fi | |
49 | if [ ! -f "$MASTER" ]; then | |
50 | echo >&2 "ERROR: '$MASTER' not found" | |
51 | return | |
52 | fi | |
53 | ||
54 | # when adding new keys, make sure that the archive-master-keyring | |
55 | # is honored. so: | |
56 | # all keys that are exported must have a valid signature | |
57 | # from a key in the $distro-master-keyring | |
58 | add_keys="$(get_fingerprints_of_keyring "$ADD_KEYRING")" | |
59 | all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5` | |
60 | master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` | |
61 | ||
62 | # ensure there are no colisions LP: #857472 | |
63 | for all_add_key in $all_add_keys; do | |
64 | for master_key in $master_keys; do | |
65 | if [ "$all_add_key" = "$master_key" ]; then | |
66 | echo >&2 "Keyid collision for '$all_add_key' detected, operation aborted" | |
67 | return 1 | |
68 | fi | |
69 | done | |
70 | done | |
71 | ||
72 | for add_key in $add_keys; do | |
73 | # export the add keyring one-by-one | |
74 | local TMP_KEYRING="${GPGHOMEDIR}/tmp-keyring.gpg" | |
75 | $GPG_CMD --batch --yes --keyring "$ADD_KEYRING" --output "$TMP_KEYRING" --export "$add_key" | |
76 | if ! $GPG_CMD --batch --yes --keyring "$TMP_KEYRING" --import "$MASTER" > "${GPGHOMEDIR}/gpgoutput.log" 2>&1; then | |
77 | cat >&2 "${GPGHOMEDIR}/gpgoutput.log" | |
78 | false | |
79 | fi | |
80 | # check if signed with the master key and only add in this case | |
81 | ADDED=0 | |
82 | for master_key in $master_keys; do | |
83 | if $GPG_CMD --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then | |
84 | $GPG_CMD --batch --yes --keyring "$ADD_KEYRING" --export "$add_key" | $GPG --batch --yes --import | |
85 | ADDED=1 | |
86 | fi | |
87 | done | |
88 | if [ $ADDED = 0 ]; then | |
89 | echo >&2 "Key '$add_key' not added. It is not signed with a master key" | |
90 | fi | |
91 | rm -f "${TMP_KEYRING}" | |
92 | done | |
93 | } | |
94 | ||
95 | # update the current archive signing keyring from a network URI | |
96 | # the archive-keyring keys needs to be signed with the master key | |
97 | # (otherwise it does not make sense from a security POV) | |
98 | net_update() { | |
99 | # Disabled for now as code is insecure (LP: #1013639 (and 857472, 1013128)) | |
100 | APT_KEY_NET_UPDATE_ENABLED="" | |
101 | eval $(apt-config shell APT_KEY_NET_UPDATE_ENABLED APT::Key::Net-Update-Enabled) | |
102 | if [ -z "$APT_KEY_NET_UPDATE_ENABLED" ]; then | |
103 | exit 1 | |
104 | fi | |
105 | ||
106 | if [ -z "$ARCHIVE_KEYRING_URI" ]; then | |
107 | echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set" | |
108 | exit 1 | |
109 | fi | |
110 | # in theory we would need to depend on wget for this, but this feature | |
111 | # isn't useable in debian anyway as we have no keyring uri nor a master key | |
112 | if ! which wget >/dev/null 2>&1; then | |
113 | echo >&2 "ERROR: an installed wget is required for a network-based update" | |
114 | exit 1 | |
115 | fi | |
116 | if [ ! -d ${APT_DIR}/var/lib/apt/keyrings ]; then | |
117 | mkdir -p ${APT_DIR}/var/lib/apt/keyrings | |
118 | fi | |
119 | keyring=${APT_DIR}/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING_URI) | |
120 | old_mtime=0 | |
121 | if [ -e $keyring ]; then | |
122 | old_mtime=$(stat -c %Y $keyring) | |
123 | fi | |
124 | (cd ${APT_DIR}/var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI) | |
125 | if [ ! -e $keyring ]; then | |
126 | return | |
127 | fi | |
128 | new_mtime=$(stat -c %Y $keyring) | |
129 | if [ $new_mtime -ne $old_mtime ]; then | |
130 | aptkey_echo "Checking for new archive signing keys now" | |
131 | add_keys_with_verify_against_master_keyring $keyring $MASTER_KEYRING | |
132 | fi | |
133 | } | |
134 | ||
135 | update() { | |
136 | if [ ! -f $ARCHIVE_KEYRING ]; then | |
137 | echo >&2 "ERROR: Can't find the archive-keyring" | |
138 | echo >&2 "Is the &keyring-package; package installed?" | |
139 | exit 1 | |
140 | fi | |
141 | ||
142 | # add new keys from the package; | |
143 | ||
144 | # we do not use add_keys_with_verify_against_master_keyring here, | |
145 | # because "update" is run on regular package updates. A | |
146 | # attacker might as well replace the master-archive-keyring file | |
147 | # in the package and add his own keys. so this check wouldn't | |
148 | # add any security. we *need* this check on net-update though | |
149 | import_keyring_into_keyring "$ARCHIVE_KEYRING" '' && cat "${GPGHOMEDIR}/gpgoutput.log" | |
150 | ||
151 | if [ -r "$REMOVED_KEYS" ]; then | |
152 | # remove no-longer supported/used keys | |
153 | get_fingerprints_of_keyring "$REMOVED_KEYS" | while read key; do | |
154 | foreach_keyring_do 'remove_key_from_keyring' "$key" | |
155 | done | |
156 | else | |
157 | echo >&2 "Warning: removed keys keyring $REMOVED_KEYS missing or not readable" | |
158 | fi | |
159 | } | |
160 | ||
161 | remove_key_from_keyring() { | |
162 | local KEYRINGFILE="$1" | |
163 | shift | |
164 | # non-existent keyrings have by definition no keys | |
165 | if [ ! -e "$KEYRINGFILE" ]; then | |
166 | return | |
167 | fi | |
168 | ||
169 | local GPG="$GPG_CMD --keyring $KEYRINGFILE" | |
170 | for KEY in "$@"; do | |
171 | local FINGERPRINTS="${GPGHOMEDIR}/keyringfile.keylst" | |
172 | get_fingerprints_of_keyring "$KEYRINGFILE" > "$FINGERPRINTS" | |
173 | # check if the key is in this keyring | |
174 | if ! grep -iq "^[0-9A-F]*${KEY}$" "$FINGERPRINTS"; then | |
175 | continue | |
176 | fi | |
177 | if [ ! -w "$KEYRINGFILE" ]; then | |
178 | echo >&2 "Key ${KEY} is in keyring ${KEYRINGFILE}, but can't be removed as it is read only." | |
179 | continue | |
180 | fi | |
181 | # check if it is the only key in the keyring and if so remove the keyring altogether | |
182 | if [ '1' = "$(uniq "$FINGERPRINTS" | wc -l)" ]; then | |
183 | mv -f "$KEYRINGFILE" "${KEYRINGFILE}~" # behave like gpg | |
184 | return | |
185 | fi | |
186 | # we can't just modify pointed to files as these might be in /usr or something | |
187 | local REALTARGET | |
188 | if [ -L "$KEYRINGFILE" ]; then | |
189 | REALTARGET="$(readlink -f "$KEYRINGFILE")" | |
190 | mv -f "$KEYRINGFILE" "${KEYRINGFILE}.dpkg-tmp" | |
191 | cp -a "$REALTARGET" "$KEYRINGFILE" | |
192 | fi | |
193 | # delete the key from the keyring | |
194 | $GPG --batch --delete-keys --yes "$KEY" | |
195 | if [ -n "$REALTARGET" ]; then | |
196 | # the real backup is the old link, not the copy we made | |
197 | mv -f "${KEYRINGFILE}.dpkg-tmp" "${KEYRINGFILE}~" | |
198 | fi | |
199 | done | |
200 | } | |
201 | ||
202 | foreach_keyring_do() { | |
203 | local ACTION="$1" | |
204 | shift | |
205 | # if a --keyring was given, just work on this one | |
206 | if [ -n "$FORCED_KEYRING" ]; then | |
207 | $ACTION "$FORCED_KEYRING" "$@" | |
208 | else | |
209 | # otherwise all known keyrings are up for inspection | |
210 | if [ -s "$TRUSTEDFILE" ]; then | |
211 | $ACTION "$TRUSTEDFILE" "$@" | |
212 | fi | |
213 | local TRUSTEDPARTS="/etc/apt/trusted.gpg.d" | |
214 | eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) | |
215 | if [ -d "$TRUSTEDPARTS" ]; then | |
216 | # strip / suffix as gpg will double-slash in that case (#665411) | |
217 | local STRIPPED_TRUSTEDPARTS="${TRUSTEDPARTS%/}" | |
218 | if [ "${STRIPPED_TRUSTEDPARTS}/" = "$TRUSTEDPARTS" ]; then | |
219 | TRUSTEDPARTS="$STRIPPED_TRUSTEDPARTS" | |
220 | fi | |
221 | for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do | |
222 | if [ -s "$trusted" ]; then | |
223 | $ACTION "$trusted" "$@" | |
224 | fi | |
225 | done | |
226 | fi | |
227 | fi | |
228 | } | |
229 | ||
230 | run_cmd_on_keyring() { | |
231 | local KEYRINGFILE="$1" | |
232 | shift | |
233 | # fingerprint and co will fail if key isn't in this keyring | |
234 | $GPG_CMD --keyring "$KEYRINGFILE" --batch "$@" 2>/dev/null || true | |
235 | } | |
236 | ||
237 | import_keyring_into_keyring() { | |
238 | local FROM="${1:-${GPGHOMEDIR}/pubring.gpg}" | |
239 | local TO="${2:-${GPGHOMEDIR}/pubring.gpg}" | |
240 | shift 2 | |
241 | rm -f "${GPGHOMEDIR}/gpgoutput.log" | |
242 | # the idea is simple: We take keys from one keyring and copy it to another | |
243 | # we do this with so many checks in between to ensure that WE control the | |
244 | # creation, so we know that the (potentially) created $TO keyring is a | |
245 | # simple keyring rather than a keybox as gpg2 would create it which in turn | |
246 | # can't be read by gpgv. | |
247 | # BEWARE: This is designed more in the way to work with the current | |
248 | # callers, than to have a well defined it would be easy to add new callers to. | |
249 | if [ ! -s "$TO" ]; then | |
250 | if [ -s "$FROM" ]; then | |
251 | if [ -z "$2" ]; then | |
252 | if ! $GPG_CMD --keyring "$FROM" --export ${1:+"$1"} > "$TO" 2> "${GPGHOMEDIR}/gpgoutput.log"; then | |
253 | cat >&2 "${GPGHOMEDIR}/gpgoutput.log" | |
254 | false | |
255 | else | |
256 | chmod 0644 -- "$TO" | |
257 | fi | |
258 | else | |
259 | create_new_keyring "$TO" | |
260 | fi | |
261 | else | |
262 | create_new_keyring "$TO" | |
263 | fi | |
264 | elif [ -s "$FROM" ]; then | |
265 | local EXPORTLIMIT="$1" | |
266 | if [ -n "$1$2" ]; then shift; fi | |
267 | if ! $GPG_CMD --keyring "$FROM" --export ${EXPORTLIMIT:+"$EXPORTLIMIT"} | $GPG_CMD --keyring "$TO" --batch --import "$@" > "${GPGHOMEDIR}/gpgoutput.log" 2>&1; then | |
268 | cat >&2 "${GPGHOMEDIR}/gpgoutput.log" | |
269 | false | |
270 | fi | |
271 | fi | |
272 | } | |
273 | ||
274 | merge_all_trusted_keyrings_into_pubring() { | |
275 | # does the same as: | |
276 | # foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg" | |
277 | # but without using gpg, just cat and find | |
278 | local PUBRING="${GPGHOMEDIR}/pubring.gpg" | |
279 | # if a --keyring was given, just use this one | |
280 | if [ -n "$FORCED_KEYRING" ]; then | |
281 | if [ -s "$FORCED_KEYRING" ]; then | |
282 | cp --dereference "$FORCED_KEYRING" "$PUBRING" | |
283 | fi | |
284 | else | |
285 | # otherwise all known keyrings are merged | |
286 | local TRUSTEDPARTS="/etc/apt/trusted.gpg.d" | |
287 | eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) | |
288 | if [ -d "$TRUSTEDPARTS" ]; then | |
289 | # ignore errors mostly for non-existing $TRUSTEDFILE | |
290 | cat /dev/null "$TRUSTEDFILE" $(find -L "$TRUSTEDPARTS" -type f -name '*.gpg') > "$PUBRING" 2>/dev/null || true | |
291 | elif [ -s "$TRUSTEDFILE" ]; then | |
292 | cp --dereference "$TRUSTEDFILE" "$PUBRING" | |
293 | fi | |
294 | fi | |
295 | ||
296 | if [ ! -s "$PUBRING" ]; then | |
297 | touch "$PUBRING" | |
298 | fi | |
299 | } | |
300 | ||
301 | import_keys_from_keyring() { | |
302 | import_keyring_into_keyring "$1" "$2" | |
303 | } | |
304 | ||
305 | merge_keys_into_keyrings() { | |
306 | import_keyring_into_keyring "$2" "$1" '' --import-options 'merge-only' | |
307 | } | |
308 | ||
309 | merge_back_changes() { | |
310 | if [ -n "$FORCED_KEYRING" ]; then | |
311 | # if the keyring was forced merge is already done | |
312 | return | |
313 | fi | |
314 | if [ -s "${GPGHOMEDIR}/pubring.gpg" ]; then | |
315 | # merge all updated keys | |
316 | foreach_keyring_do 'merge_keys_into_keyrings' "${GPGHOMEDIR}/pubring.gpg" | |
317 | fi | |
318 | # look for keys which were added or removed | |
319 | get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.orig.gpg" > "${GPGHOMEDIR}/pubring.orig.keylst" | |
320 | get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.gpg" > "${GPGHOMEDIR}/pubring.keylst" | |
321 | comm -3 "${GPGHOMEDIR}/pubring.keylst" "${GPGHOMEDIR}/pubring.orig.keylst" > "${GPGHOMEDIR}/pubring.diff" | |
322 | # key isn't part of new keyring, so remove | |
323 | cut -f 2 "${GPGHOMEDIR}/pubring.diff" | while read key; do | |
324 | if [ -z "$key" ]; then continue; fi | |
325 | foreach_keyring_do 'remove_key_from_keyring' "$key" | |
326 | done | |
327 | # key is only part of new keyring, so we need to import it | |
328 | cut -f 1 "${GPGHOMEDIR}/pubring.diff" | while read key; do | |
329 | if [ -z "$key" ]; then continue; fi | |
330 | import_keyring_into_keyring '' "$TRUSTEDFILE" "$key" | |
331 | done | |
332 | } | |
333 | ||
334 | setup_merged_keyring() { | |
335 | if [ -n "$FORCED_KEYID" ]; then | |
336 | merge_all_trusted_keyrings_into_pubring | |
337 | FORCED_KEYRING="${GPGHOMEDIR}/forcedkeyid.gpg" | |
338 | TRUSTEDFILE="${FORCED_KEYRING}" | |
339 | GPG="$GPG --keyring $TRUSTEDFILE" | |
340 | # ignore error as this "just" means we haven't found the forced keyid and the keyring will be empty | |
341 | import_keyring_into_keyring '' "$TRUSTEDFILE" "$FORCED_KEYID" || true | |
342 | elif [ -z "$FORCED_KEYRING" ]; then | |
343 | merge_all_trusted_keyrings_into_pubring | |
344 | if [ -r "${GPGHOMEDIR}/pubring.gpg" ]; then | |
345 | cp -a "${GPGHOMEDIR}/pubring.gpg" "${GPGHOMEDIR}/pubring.orig.gpg" | |
346 | else | |
347 | touch "${GPGHOMEDIR}/pubring.gpg" "${GPGHOMEDIR}/pubring.orig.gpg" | |
348 | fi | |
349 | GPG="$GPG --keyring ${GPGHOMEDIR}/pubring.gpg" | |
350 | else | |
351 | create_new_keyring "$TRUSTEDFILE" | |
352 | GPG="$GPG --keyring $TRUSTEDFILE" | |
353 | fi | |
354 | } | |
355 | ||
356 | create_new_keyring() { | |
357 | # gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. | |
358 | if ! [ -e "$TRUSTEDFILE" ]; then | |
359 | if [ -w "$(dirname "$TRUSTEDFILE")" ]; then | |
360 | touch -- "$TRUSTEDFILE" | |
361 | chmod 0644 -- "$TRUSTEDFILE" | |
362 | fi | |
363 | fi | |
364 | } | |
365 | ||
366 | usage() { | |
367 | echo "Usage: apt-key [--keyring file] [command] [arguments]" | |
368 | echo | |
369 | echo "Manage apt's list of trusted keys" | |
370 | echo | |
371 | echo " apt-key add <file> - add the key contained in <file> ('-' for stdin)" | |
372 | echo " apt-key del <keyid> - remove the key <keyid>" | |
373 | echo " apt-key export <keyid> - output the key <keyid>" | |
374 | echo " apt-key exportall - output all trusted keys" | |
375 | echo " apt-key update - update keys using the keyring package" | |
376 | echo " apt-key net-update - update keys using the network" | |
377 | echo " apt-key list - list keys" | |
378 | echo " apt-key finger - list fingerprints" | |
379 | echo " apt-key adv - pass advanced options to gpg (download key)" | |
380 | echo | |
381 | echo "If no specific keyring file is given the command applies to all keyring files." | |
382 | } | |
383 | ||
384 | while [ -n "$1" ]; do | |
385 | case "$1" in | |
386 | --keyring) | |
387 | shift | |
388 | TRUSTEDFILE="$1" | |
389 | FORCED_KEYRING="$1" | |
390 | ;; | |
391 | --keyid) | |
392 | shift | |
393 | FORCED_KEYID="$1" | |
394 | ;; | |
395 | --secret-keyring) | |
396 | shift | |
397 | FORCED_SECRET_KEYRING="$1" | |
398 | ;; | |
399 | --readonly) | |
400 | merge_back_changes() { true; } | |
401 | create_new_keyring() { if [ ! -r $FORCED_KEYRING ]; then TRUSTEDFILE='/dev/null'; FORCED_KEYRING="$TRUSTEDFILE"; fi; } | |
402 | ;; | |
403 | --fakeroot) | |
404 | requires_root() { true; } | |
405 | ;; | |
406 | --quiet) | |
407 | aptkey_echo() { true; } | |
408 | ;; | |
409 | --debug1) | |
410 | # some cmds like finger redirect stderr to /dev/null … | |
411 | aptkey_execute() { echo 'EXEC:' "$@"; "$@"; } | |
412 | ;; | |
413 | --debug2) | |
414 | # … other more complicated ones pipe gpg into gpg. | |
415 | aptkey_execute() { echo >&2 'EXEC:' "$@"; "$@"; } | |
416 | ;; | |
417 | --*) | |
418 | echo >&2 "Unknown option: $1" | |
419 | usage | |
420 | exit 1;; | |
421 | *) | |
422 | break;; | |
423 | esac | |
424 | shift | |
425 | done | |
426 | ||
427 | if [ -z "$TRUSTEDFILE" ]; then | |
428 | TRUSTEDFILE="/etc/apt/trusted.gpg" | |
429 | eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) | |
430 | eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) | |
431 | fi | |
432 | ||
433 | command="$1" | |
434 | if [ -z "$command" ]; then | |
435 | usage | |
436 | exit 1 | |
437 | fi | |
438 | shift | |
439 | ||
440 | create_gpg_home() { | |
441 | # gpg needs (in different versions more or less) files to function correctly, | |
442 | # so we give it its own homedir and generate some valid content for it later on | |
443 | if [ -n "$TMPDIR" ]; then | |
444 | # tmpdir is a directory and current user has rwx access to it | |
445 | # same tests as in apt-pkg/contrib/fileutl.cc GetTempDir() | |
446 | if [ ! -d "$TMPDIR" ] || [ ! -r "$TMPDIR" ] || [ ! -w "$TMPDIR" ] || [ ! -x "$TMPDIR" ]; then | |
447 | unset TMPDIR | |
448 | fi | |
449 | fi | |
450 | GPGHOMEDIR="$(mktemp -d)" | |
451 | CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';" | |
452 | trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM | |
453 | chmod 700 "$GPGHOMEDIR" | |
454 | } | |
455 | ||
456 | prepare_gpg_home() { | |
457 | eval $(apt-config shell GPG_EXE Apt::Key::gpgcommand) | |
458 | ||
459 | if [ -n "$GPG_EXE" ] && which "$GPG_EXE" >/dev/null 2>&1; then | |
460 | true | |
461 | elif which gpg >/dev/null 2>&1; then | |
462 | GPG_EXE="gpg" | |
463 | elif which gpg2 >/dev/null 2>&1; then | |
464 | GPG_EXE="gpg2" | |
465 | else | |
466 | echo >&2 "Error: gnupg or gnupg2 do not seem to be installed," | |
467 | echo >&2 "Error: but apt-key requires gnupg or gnupg2 for this operation." | |
468 | echo >&2 | |
469 | exit 255 | |
470 | fi | |
471 | ||
472 | if type aptkey_execute >/dev/null 2>&1; then | |
473 | GPG_EXE="aptkey_execute $GPG_EXE" | |
474 | fi | |
475 | GPG_CMD="$GPG_EXE --ignore-time-conflict --no-options --no-default-keyring" | |
476 | ||
477 | create_gpg_home | |
478 | ||
479 | # We don't use a secret keyring, of course, but gpg panics and | |
480 | # implodes if there isn't one available - and writeable for imports | |
481 | SECRETKEYRING="${GPGHOMEDIR}/secring.gpg" | |
482 | touch $SECRETKEYRING | |
483 | GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR" | |
484 | # create the trustdb with an (empty) dummy keyring | |
485 | # older gpgs required it, newer gpgs even warn that it isn't needed, | |
486 | # but require it nonetheless for some commands, so we just play safe | |
487 | # here for the foreseeable future and create a dummy one | |
488 | $GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1 | |
489 | # tell gpg that it shouldn't try to maintain a trustdb file | |
490 | GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" | |
491 | GPG="$GPG_CMD" | |
492 | ||
493 | # for advanced operations, we might really need a secret keyring after all | |
494 | if [ -n "$FORCED_SECRET_KEYRING" ] && [ -r "$FORCED_SECRET_KEYRING" ]; then | |
495 | rm -f "$SECRETKEYRING" | |
496 | cp -a "$FORCED_SECRET_KEYRING" "$SECRETKEYRING" | |
497 | fi | |
498 | ||
499 | # older gpg versions need a secring file, but newer versions take it as | |
500 | # a hint to start a migration from earlier versions. The file is empty | |
501 | # anyhow, so nothing actually happens, but its three lines of output | |
502 | # nobody expects to see in apt-key context, so trigger it in silence | |
503 | echo -n | $GPG --batch --import >/dev/null 2>&1 || true | |
504 | } | |
505 | ||
506 | if [ "$command" != 'help' ] && [ "$command" != 'verify' ]; then | |
507 | prepare_gpg_home | |
508 | fi | |
509 | ||
510 | case "$command" in | |
511 | add) | |
512 | requires_root | |
513 | setup_merged_keyring | |
514 | $GPG --quiet --batch --import "$@" | |
515 | merge_back_changes | |
516 | aptkey_echo "OK" | |
517 | ;; | |
518 | del|rm|remove) | |
519 | requires_root | |
520 | foreach_keyring_do 'remove_key_from_keyring' "$@" | |
521 | aptkey_echo "OK" | |
522 | ;; | |
523 | update) | |
524 | requires_root | |
525 | setup_merged_keyring | |
526 | update | |
527 | merge_back_changes | |
528 | ;; | |
529 | net-update) | |
530 | requires_root | |
531 | setup_merged_keyring | |
532 | net_update | |
533 | merge_back_changes | |
534 | ;; | |
535 | list) | |
536 | foreach_keyring_do 'run_cmd_on_keyring' --list-keys "$@" | |
537 | ;; | |
538 | finger*) | |
539 | foreach_keyring_do 'run_cmd_on_keyring' --fingerprint "$@" | |
540 | ;; | |
541 | export|exportall) | |
542 | merge_all_trusted_keyrings_into_pubring | |
543 | $GPG_CMD --keyring "${GPGHOMEDIR}/pubring.gpg" --armor --export "$@" | |
544 | ;; | |
545 | adv*) | |
546 | setup_merged_keyring | |
547 | aptkey_echo "Executing: $GPG $*" | |
548 | $GPG "$@" | |
549 | merge_back_changes | |
550 | ;; | |
551 | verify) | |
552 | GPGV='' | |
553 | eval $(apt-config shell GPGV Apt::Key::gpgvcommand) | |
554 | if [ -n "$GPGV" ] && which "$GPGV" >/dev/null 2>&1; then true; | |
555 | elif which gpgv >/dev/null 2>&1; then GPGV='gpgv'; | |
556 | elif which gpgv2 >/dev/null 2>&1; then GPGV='gpgv2'; | |
557 | else | |
558 | echo >&2 'ERROR: gpgv or gpgv2 required for verification' | |
559 | exit 29 | |
560 | fi | |
561 | # for a forced keyid we need gpg --export, so full wrapping required | |
562 | if [ -n "$FORCED_KEYID" ]; then | |
563 | prepare_gpg_home | |
564 | else | |
565 | create_gpg_home | |
566 | fi | |
567 | setup_merged_keyring | |
568 | if [ -n "$FORCED_KEYRING" ]; then | |
569 | $GPGV --homedir "${GPGHOMEDIR}" --keyring "${FORCED_KEYRING}" --ignore-time-conflict "$@" | |
570 | else | |
571 | $GPGV --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@" | |
572 | fi | |
573 | ;; | |
574 | help) | |
575 | usage | |
576 | ;; | |
577 | *) | |
578 | usage | |
579 | exit 1 | |
580 | ;; | |
581 | esac |