X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/0dae96a2b5e8ecd80a1b6e44961f1692ad4aec15..05f64ca2e483709faa6bc69dfa79129d2d4c679e:/cmdline/apt-key.in diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 9259fac0d..2a66ad74d 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -166,11 +166,9 @@ remove_key_from_keyring() { fi local GPG="$GPG_CMD --keyring $KEYRINGFILE" - while [ -n "$1" ]; do - local KEY="$1" - shift + for KEY in "$@"; do # check if the key is in this keyring: the key id is in the 5 column at the end - if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -q "^[0-9A-F]*${KEY}$"; then + if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -iq "^[0-9A-F]*${KEY}$"; then continue fi if [ ! -w "$KEYRINGFILE" ]; then @@ -226,18 +224,11 @@ foreach_keyring_do() { fi } -list_keys_from_keyring() { +run_cmd_on_keyring() { local KEYRINGFILE="$1" shift - # don't show the error message if this keyring doesn't include the key - $GPG_CMD --keyring "$KEYRINGFILE" --batch --list-keys "$@" 2>/dev/null || true -} - -fingerprint_keys_from_keyring() { - local KEYRINGFILE="$1" - shift - # don't show the error message if this keyring doesn't include the fingerprint - $GPG_CMD --keyring "$KEYRINGFILE" --batch --fingerprint "$@" 2>/dev/null || true + # fingerprint and co will fail if key isn't in this keyring + $GPG_CMD --keyring "$KEYRINGFILE" --batch "$@" 2>/dev/null || true } import_keys_from_keyring() { @@ -267,10 +258,9 @@ merge_back_changes() { # merge all updated keys foreach_keyring_do 'merge_keys_into_keyrings' "${GPGHOMEDIR}/pubring.gpg" fi - # no look for keys which were added or removed + # look for keys which were added or removed get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.orig.gpg" > "${GPGHOMEDIR}/pubring.orig.keylst" get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.gpg" > "${GPGHOMEDIR}/pubring.keylst" - #echo >&2 "MERGE BACK" sort "${GPGHOMEDIR}/pubring.keylst" "${GPGHOMEDIR}/pubring.orig.keylst" | uniq --unique | while read key; do if grep -q "^${key}$" "${GPGHOMEDIR}/pubring.orig.keylst"; then # key isn't part of new keyring, so remove @@ -337,20 +327,19 @@ while [ -n "$1" ]; do shift TRUSTEDFILE="$1" FORCED_KEYRING="$1" - shift ;; --secret-keyring) shift FORCED_SECRET_KEYRING="$1" - shift + ;; + --readonly) + merge_back_changes() { true; } ;; --fakeroot) requires_root() { true; } - shift ;; --quiet) aptkey_echo() { true; } - shift ;; --*) echo >&2 "Unknown option: $1" @@ -359,6 +348,7 @@ while [ -n "$1" ]; do *) break;; esac + shift done if [ -z "$TRUSTEDFILE" ]; then @@ -394,6 +384,13 @@ if [ "$command" != "help" ]; then # gpg needs (in different versions more or less) files to function correctly, # so we give it its own homedir and generate some valid content for it + if [ -n "$TMPDIR" ]; then + # tmpdir is a directory and current user has rwx access to it + # same tests as in apt-pkg/contrib/fileutl.cc GetTempDir() + if [ ! -d "$TMPDIR" ] || [ ! -r "$TMPDIR" ] || [ ! -w "$TMPDIR" ] || [ ! -x "$TMPDIR" ]; then + unset TMPDIR + fi + fi GPGHOMEDIR="$(mktemp -d)" CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';" trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM @@ -430,7 +427,6 @@ case "$command" in del|rm|remove) requires_root foreach_keyring_do 'remove_key_from_keyring' "$@" - merge_back_changes aptkey_echo "OK" ;; update) @@ -446,10 +442,10 @@ case "$command" in merge_back_changes ;; list) - foreach_keyring_do 'list_keys_from_keyring' "$@" + foreach_keyring_do 'run_cmd_on_keyring' --list-keys "$@" ;; finger*) - foreach_keyring_do 'fingerprint_keys_from_keyring' "$@" + foreach_keyring_do 'run_cmd_on_keyring' --fingerprint "$@" ;; export|exportall) foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg" @@ -461,6 +457,14 @@ case "$command" in $GPG "$@" merge_back_changes ;; + verify) + setup_merged_keyring + if which gpgv >/dev/null 2>&1; then + gpgv --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@" + else + $GPG --verify "$@" + fi + ;; help) usage ;;