]> git.saurik.com Git - apt.git/blobdiff - cmdline/apt-key.in
Merge branch 'debian/jessie' into debian/experimental
[apt.git] / cmdline / apt-key.in
index 9259fac0d32447d2009225908e19238235c73fbb..2a66ad74d182a805c5a62f410ab2a3857fc67ba8 100644 (file)
@@ -166,11 +166,9 @@ remove_key_from_keyring() {
     fi
 
     local GPG="$GPG_CMD --keyring $KEYRINGFILE"
-    while [ -n "$1" ]; do
-       local KEY="$1"
-       shift
+    for KEY in "$@"; do
        # check if the key is in this keyring: the key id is in the 5 column at the end
-       if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -q "^[0-9A-F]*${KEY}$"; then
+       if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -iq "^[0-9A-F]*${KEY}$"; then
            continue
        fi
        if [ ! -w "$KEYRINGFILE" ]; then
@@ -226,18 +224,11 @@ foreach_keyring_do() {
    fi
 }
 
-list_keys_from_keyring() {
+run_cmd_on_keyring() {
     local KEYRINGFILE="$1"
     shift
-    # don't show the error message if this keyring doesn't include the key
-    $GPG_CMD --keyring "$KEYRINGFILE" --batch --list-keys "$@" 2>/dev/null || true
-}
-
-fingerprint_keys_from_keyring() {
-    local KEYRINGFILE="$1"
-    shift
-    # don't show the error message if this keyring doesn't include the fingerprint
-    $GPG_CMD --keyring "$KEYRINGFILE" --batch --fingerprint "$@" 2>/dev/null || true
+    # fingerprint and co will fail if key isn't in this keyring
+    $GPG_CMD --keyring "$KEYRINGFILE" --batch "$@" 2>/dev/null || true
 }
 
 import_keys_from_keyring() {
@@ -267,10 +258,9 @@ merge_back_changes() {
        # merge all updated keys
        foreach_keyring_do 'merge_keys_into_keyrings' "${GPGHOMEDIR}/pubring.gpg"
     fi
-    # no look for keys which were added or removed
+    # look for keys which were added or removed
     get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.orig.gpg" > "${GPGHOMEDIR}/pubring.orig.keylst"
     get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.gpg" > "${GPGHOMEDIR}/pubring.keylst"
-    #echo >&2 "MERGE BACK"
     sort "${GPGHOMEDIR}/pubring.keylst" "${GPGHOMEDIR}/pubring.orig.keylst" | uniq --unique | while read key; do
        if grep -q "^${key}$" "${GPGHOMEDIR}/pubring.orig.keylst"; then
            # key isn't part of new keyring, so remove
@@ -337,20 +327,19 @@ while [ -n "$1" ]; do
         shift
         TRUSTEDFILE="$1"
         FORCED_KEYRING="$1"
-        shift
         ;;
       --secret-keyring)
         shift
         FORCED_SECRET_KEYRING="$1"
-        shift
+        ;;
+      --readonly)
+        merge_back_changes() { true; }
         ;;
       --fakeroot)
         requires_root() { true; }
-        shift
         ;;
       --quiet)
         aptkey_echo() { true; }
-        shift
         ;;
       --*)
         echo >&2 "Unknown option: $1"
@@ -359,6 +348,7 @@ while [ -n "$1" ]; do
       *)
         break;;
    esac
+   shift
 done
 
 if [ -z "$TRUSTEDFILE" ]; then
@@ -394,6 +384,13 @@ if [ "$command" != "help" ]; then
 
     # gpg needs (in different versions more or less) files to function correctly,
     # so we give it its own homedir and generate some valid content for it
+    if [ -n "$TMPDIR" ]; then
+       # tmpdir is a directory and current user has rwx access to it
+       # same tests as in apt-pkg/contrib/fileutl.cc GetTempDir()
+       if [ ! -d "$TMPDIR" ] || [ ! -r "$TMPDIR" ] || [ ! -w "$TMPDIR" ] || [ ! -x "$TMPDIR" ]; then
+         unset TMPDIR
+       fi
+    fi
     GPGHOMEDIR="$(mktemp -d)"
     CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';"
     trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
@@ -430,7 +427,6 @@ case "$command" in
     del|rm|remove)
        requires_root
        foreach_keyring_do 'remove_key_from_keyring' "$@"
-       merge_back_changes
        aptkey_echo "OK"
         ;;
     update)
@@ -446,10 +442,10 @@ case "$command" in
        merge_back_changes
        ;;
     list)
-       foreach_keyring_do 'list_keys_from_keyring' "$@"
+       foreach_keyring_do 'run_cmd_on_keyring' --list-keys "$@"
        ;;
     finger*)
-       foreach_keyring_do 'fingerprint_keys_from_keyring' "$@"
+       foreach_keyring_do 'run_cmd_on_keyring' --fingerprint "$@"
        ;;
     export|exportall)
        foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg"
@@ -461,6 +457,14 @@ case "$command" in
        $GPG "$@"
        merge_back_changes
        ;;
+    verify)
+       setup_merged_keyring
+       if which gpgv >/dev/null 2>&1; then
+           gpgv --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@"
+       else
+           $GPG --verify "$@"
+       fi
+       ;;
     help)
         usage
         ;;