fi
local GPG="$GPG_CMD --keyring $KEYRINGFILE"
- while [ -n "$1" ]; do
- local KEY="$1"
- shift
+ for KEY in "$@"; do
# check if the key is in this keyring: the key id is in the 5 column at the end
- if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -q "^[0-9A-F]*${KEY}$"; then
+ if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -iq "^[0-9A-F]*${KEY}$"; then
continue
fi
if [ ! -w "$KEYRINGFILE" ]; then
fi
}
-list_keys_from_keyring() {
+run_cmd_on_keyring() {
local KEYRINGFILE="$1"
shift
- # don't show the error message if this keyring doesn't include the key
- $GPG_CMD --keyring "$KEYRINGFILE" --batch --list-keys "$@" 2>/dev/null || true
-}
-
-fingerprint_keys_from_keyring() {
- local KEYRINGFILE="$1"
- shift
- # don't show the error message if this keyring doesn't include the fingerprint
- $GPG_CMD --keyring "$KEYRINGFILE" --batch --fingerprint "$@" 2>/dev/null || true
+ # fingerprint and co will fail if key isn't in this keyring
+ $GPG_CMD --keyring "$KEYRINGFILE" --batch "$@" 2>/dev/null || true
}
import_keys_from_keyring() {
# merge all updated keys
foreach_keyring_do 'merge_keys_into_keyrings' "${GPGHOMEDIR}/pubring.gpg"
fi
- # no look for keys which were added or removed
+ # look for keys which were added or removed
get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.orig.gpg" > "${GPGHOMEDIR}/pubring.orig.keylst"
get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.gpg" > "${GPGHOMEDIR}/pubring.keylst"
- #echo >&2 "MERGE BACK"
sort "${GPGHOMEDIR}/pubring.keylst" "${GPGHOMEDIR}/pubring.orig.keylst" | uniq --unique | while read key; do
if grep -q "^${key}$" "${GPGHOMEDIR}/pubring.orig.keylst"; then
# key isn't part of new keyring, so remove
shift
TRUSTEDFILE="$1"
FORCED_KEYRING="$1"
- shift
;;
--secret-keyring)
shift
FORCED_SECRET_KEYRING="$1"
- shift
+ ;;
+ --readonly)
+ merge_back_changes() { true; }
;;
--fakeroot)
requires_root() { true; }
- shift
;;
--quiet)
aptkey_echo() { true; }
- shift
;;
--*)
echo >&2 "Unknown option: $1"
*)
break;;
esac
+ shift
done
if [ -z "$TRUSTEDFILE" ]; then
# gpg needs (in different versions more or less) files to function correctly,
# so we give it its own homedir and generate some valid content for it
+ if [ -n "$TMPDIR" ]; then
+ # tmpdir is a directory and current user has rwx access to it
+ # same tests as in apt-pkg/contrib/fileutl.cc GetTempDir()
+ if [ ! -d "$TMPDIR" ] || [ ! -r "$TMPDIR" ] || [ ! -w "$TMPDIR" ] || [ ! -x "$TMPDIR" ]; then
+ unset TMPDIR
+ fi
+ fi
GPGHOMEDIR="$(mktemp -d)"
CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';"
trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
del|rm|remove)
requires_root
foreach_keyring_do 'remove_key_from_keyring' "$@"
- merge_back_changes
aptkey_echo "OK"
;;
update)
merge_back_changes
;;
list)
- foreach_keyring_do 'list_keys_from_keyring' "$@"
+ foreach_keyring_do 'run_cmd_on_keyring' --list-keys "$@"
;;
finger*)
- foreach_keyring_do 'fingerprint_keys_from_keyring' "$@"
+ foreach_keyring_do 'run_cmd_on_keyring' --fingerprint "$@"
;;
export|exportall)
foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg"
$GPG "$@"
merge_back_changes
;;
+ verify)
+ setup_merged_keyring
+ if which gpgv >/dev/null 2>&1; then
+ gpgv --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@"
+ else
+ $GPG --verify "$@"
+ fi
+ ;;
help)
usage
;;