]> git.saurik.com Git - apt.git/blobdiff - cmdline/apt-key.in
implement Signed-By option for sources.list
[apt.git] / cmdline / apt-key.in
index cf0b9a96f75960081d8a8bc2afb8dc5d08a2bca0..16887bd50a55b99ea2cd3dd546d126c82d616bd2 100644 (file)
@@ -168,7 +168,7 @@ remove_key_from_keyring() {
     local GPG="$GPG_CMD --keyring $KEYRINGFILE"
     for KEY in "$@"; do
        # check if the key is in this keyring: the key id is in the 5 column at the end
-       if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -q "^[0-9A-F]*${KEY}$"; then
+       if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -iq "^[0-9A-F]*${KEY}$"; then
            continue
        fi
        if [ ! -w "$KEYRINGFILE" ]; then
@@ -199,7 +199,7 @@ remove_key_from_keyring() {
 foreach_keyring_do() {
    local ACTION="$1"
    shift
-   # if a --keyring was given, just remove from there
+   # if a --keyring was given, just work on this one
    if [ -n "$FORCED_KEYRING" ]; then
        $ACTION "$FORCED_KEYRING" "$@"
    else
@@ -279,7 +279,14 @@ merge_back_changes() {
 }
 
 setup_merged_keyring() {
-    if [ -z "$FORCED_KEYRING" ]; then
+    if [ -n "$FORCED_KEYID" ]; then
+       foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/allrings.gpg"
+       FORCED_KEYRING="${GPGHOMEDIR}/forcedkeyid.gpg"
+       TRUSTEDFILE="${FORCED_KEYRING}"
+       GPG="$GPG --keyring $TRUSTEDFILE"
+       # ignore error as this "just" means we haven't found the forced keyid and the keyring will be empty
+       $GPG_CMD --batch --yes --keyring "${GPGHOMEDIR}/allrings.gpg" --export "$FORCED_KEYID" | $GPG --batch --yes --import || true
+    elif [ -z "$FORCED_KEYRING" ]; then
        foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg"
        if [ -r "${GPGHOMEDIR}/pubring.gpg" ]; then
            cp -a "${GPGHOMEDIR}/pubring.gpg" "${GPGHOMEDIR}/pubring.orig.gpg"
@@ -328,12 +335,17 @@ while [ -n "$1" ]; do
         TRUSTEDFILE="$1"
         FORCED_KEYRING="$1"
         ;;
+      --keyid)
+        shift
+        FORCED_KEYID="$1"
+        ;;
       --secret-keyring)
         shift
         FORCED_SECRET_KEYRING="$1"
         ;;
       --readonly)
         merge_back_changes() { true; }
+        create_new_keyring() { true; }
         ;;
       --fakeroot)
         requires_root() { true; }
@@ -460,7 +472,11 @@ case "$command" in
     verify)
        setup_merged_keyring
        if which gpgv >/dev/null 2>&1; then
-           gpgv --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@"
+           if [ -n "$FORCED_KEYRING" ]; then
+               gpgv --homedir "${GPGHOMEDIR}" --keyring "${FORCED_KEYRING}" --ignore-time-conflict "$@"
+           else
+               gpgv --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@"
+           fi
        else
            $GPG --verify "$@"
        fi