set -e
+# We don't use a secret keyring, of course, but gpg panics and
+# implodes if there isn't one available
+
+GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg"
+GPG="$GPG_CMD --keyring /etc/apt/trusted.gpg"
+
+
+ARCHIVE_KEYRING=/usr/share/keyrings/debian-archive-keyring.gpg
+REMOVED_KEYS=/usr/share/keyrings/debian-archive-removed-keys.gpg
+
+
+update() {
+ if [ ! -f $ARCHIVE_KEYRING ]; then
+ echo >&2 "ERROR: Can't find the archive-keyring"
+ echo >&2 "Is the debian-archive-keyring package installed?"
+ exit 1
+ fi
+
+ # add new keys
+ $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import
+
+ # remove no-longer used keys
+ keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5`
+ for key in $keys; do
+ if $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5 | grep -q $key; then
+ $GPG --quiet --batch --delete-key --yes ${key}
+ fi
+ done
+}
+
usage() {
echo "Usage: apt-key [command] [arguments]"
echo
echo
echo " apt-key add <file> - add the key contained in <file> ('-' for stdin)"
echo " apt-key del <keyid> - remove the key <keyid>"
+ echo " apt-key export <keyid> - output the key <keyid>"
+ echo " apt-key exportall - output all trusted keys"
+ echo " apt-key update - update keys using the keyring package"
echo " apt-key list - list keys"
echo
}
echo >&2
fi
-# We don't use a secret keyring, of course, but gpg panics and
-# implodes if there isn't one available
-
-GPG="gpg --no-options --no-default-keyring --keyring /etc/apt/trusted.gpg --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg"
-
case "$command" in
add)
$GPG --quiet --batch --import "$1"
$GPG --quiet --batch --delete-key --yes "$1"
echo "OK"
;;
+ update)
+ update
+ ;;
list)
$GPG --batch --list-keys
;;
finger*)
$GPG --batch --fingerprint
;;
+ export)
+ $GPG --armor --export "$1"
+ ;;
+ exportall)
+ $GPG --armor --export
+ ;;
adv*)
echo "Executing: $GPG $*"
$GPG $*