X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/4039798d971752325d097bfbdc9011b5e9efd29c..374a6efa1d6d77016e14a32f2dd85e8e1773187d:/cmdline/apt-key.in?ds=sidebyside

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 80aacfa5e..0c10e5955 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -200,8 +200,8 @@ remove_key_from_keyring() {
 	local FINGERPRINTS="${GPGHOMEDIR}/keyringfile.keylst"
 	get_fingerprints_of_keyring "$KEYRINGFILE" > "$FINGERPRINTS"
 
-        # strip leading 0x, if present:
-        KEY="${KEY#0x}"
+	# strip leading 0x, if present:
+	KEY="$(echo "${KEY#0x}" | tr -d ' ')"
 
 	# check if the key is in this keyring
 	if ! grep -iq "^[0-9A-F]*${KEY}$" "$FINGERPRINTS"; then
@@ -232,6 +232,17 @@ remove_key_from_keyring() {
     done
 }
 
+accessible_file_exists() {
+   if ! test -s "$1"; then
+      return 1
+   fi
+   if test -r "$1"; then
+      return 0
+   fi
+   warn "The key(s) in the keyring $1 are ignored as the file is not readable by user '$USER' executing apt-key."
+   return 1
+}
+
 foreach_keyring_do() {
    local ACTION="$1"
    shift
@@ -240,7 +251,7 @@ foreach_keyring_do() {
 	$ACTION "$FORCED_KEYRING" "$@"
    else
 	# otherwise all known keyrings are up for inspection
-	if [ -s "$TRUSTEDFILE" ]; then
+	if accessible_file_exists "$TRUSTEDFILE"; then
 	    $ACTION "$TRUSTEDFILE" "$@"
 	fi
 	local TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
@@ -249,7 +260,7 @@ foreach_keyring_do() {
 	    TRUSTEDPARTS="$(readlink -f "$TRUSTEDPARTS")"
 	    local TRUSTEDPARTSLIST="$(cd /; find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 -name '*.gpg')"
 	    for trusted in $(echo "$TRUSTEDPARTSLIST" | sort); do
-		if [ -s "$trusted" ]; then
+		if accessible_file_exists "$trusted"; then
 		    $ACTION "$trusted" "$@"
 		fi
 	    done
@@ -302,35 +313,18 @@ import_keyring_into_keyring() {
     fi
 }
 
+catfile() {
+   cat "$1" >> "$2"
+}
+
 merge_all_trusted_keyrings_into_pubring() {
     # does the same as:
     # foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg"
     # but without using gpg, just cat and find
-    local PUBRING="$(readlink -f "${GPGHOMEDIR}/pubring.gpg")"
-    # if a --keyring was given, just use this one
-    if [ -n "$FORCED_KEYRING" ]; then
-	if [ -s "$FORCED_KEYRING" ]; then
-	    cp --dereference "$FORCED_KEYRING" "$PUBRING"
-	fi
-    else
-	# otherwise all known keyrings are merged
-	local TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
-	eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
-	if [ -d "$TRUSTEDPARTS" ]; then
-	    rm -f "$PUBRING"
-	    if [ -s "$TRUSTEDFILE" ]; then
-		cat "$TRUSTEDFILE" > "$PUBRING"
-	    fi
-	    TRUSTEDPARTS="$(readlink -f "$TRUSTEDPARTS")"
-	    (cd /; find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 -name '*.gpg' -exec cat {} + >> "$PUBRING";)
-	elif [ -s "$TRUSTEDFILE" ]; then
-	    cp --dereference "$TRUSTEDFILE" "$PUBRING"
-	fi
-    fi
-
-    if [ ! -s "$PUBRING" ]; then
-	touch "$PUBRING"
-    fi
+    local PUBRING="$(readlink -f "${GPGHOMEDIR}")/pubring.gpg"
+    rm -f "$PUBRING"
+    touch "$PUBRING"
+    foreach_keyring_do 'catfile' "$PUBRING"
 }
 
 import_keys_from_keyring() {
@@ -480,10 +474,36 @@ if [ -z "$command" ]; then
 fi
 shift
 
+find_gpgv_status_fd() {
+   while [ -n "$1" ]; do
+	if [ "$1" = '--status-fd' ]; then
+		shift
+		echo "$1"
+		break
+	fi
+	shift
+   done
+}
+GPGSTATUSFD="$(find_gpgv_status_fd "$@")"
+
+warn() {
+    if [ -z "$GPGHOMEDIR" ]; then
+	echo >&2 'W:' "$@"
+    else
+	echo 'W:' "$@" > "${GPGHOMEDIR}/aptwarnings.log"
+    fi
+    if [ -n "$GPGSTATUSFD" ]; then
+	echo >&${GPGSTATUSFD} '[APTKEY:] WARNING' "$@"
+    fi
+}
+
 cleanup_gpg_home() {
     if [ -z "$GPGHOMEDIR" ]; then return; fi
+    if [ -s "$GPGHOMEDIR/aptwarnings.log" ]; then
+	cat >&2 "$GPGHOMEDIR/aptwarnings.log"
+    fi
     if command_available 'gpgconf'; then
-	GNUPGHOME="${GPGHOMEDIR}" gpgconf --kill gpg-agent
+	GNUPGHOME="${GPGHOMEDIR}" gpgconf --kill gpg-agent >/dev/null 2>&1 || true
     fi
     rm -rf "$GPGHOMEDIR"
 }
@@ -530,9 +550,11 @@ EOF
 	GPG_EXE="gpg"
     elif command_available 'gpg2'; then
 	GPG_EXE="gpg2"
+    elif command_available 'gpg1'; then
+	GPG_EXE="gpg1"
     else
-	echo >&2 "Error: gnupg or gnupg2 do not seem to be installed,"
-	echo >&2 "Error: but apt-key requires gnupg or gnupg2 for this operation."
+	echo >&2 "Error: gnupg, gnupg2 and gnupg1 do not seem to be installed,"
+	echo >&2 "Error: but apt-key requires gnupg, gnupg2 or gnupg1 for this operation."
 	echo >&2
 	exit 255
     fi
@@ -639,8 +661,9 @@ case "$command" in
 	if [ -n "$GPGV" ] && command_available "$GPGV"; then true;
 	elif command_available 'gpgv'; then GPGV='gpgv';
 	elif command_available 'gpgv2'; then GPGV='gpgv2';
+	elif command_available 'gpgv1'; then GPGV='gpgv1';
 	else
-	   echo >&2 'ERROR: gpgv or gpgv2 required for verification'
+	   echo >&2 'ERROR: gpgv, gpgv2 or gpgv1 required for verification'
 	   exit 29
 	fi
 	# for a forced keyid we need gpg --export, so full wrapping required