add --secret-keyring option for apt-key

For some advanced usecases it might be handy to specify the secret
keyring to be used (e.g. as it is used in the testcases), but specifying
it via a normal option for gnupg might not be available forever:
http://lists.gnupg.org/pipermail/gnupg-users/2013-August/047180.html

Git-Dch: Ignore

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 74ca4d1351d9c9d12b0284307682586a713c2a2b..36824b6ecbf63f1e99c02fe4cc29f71d12cb754c 100644 (file)
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -287,6 +287,11 @@ while [ -n "$1" ]; do
         FORCED_KEYRING="$1"
         shift
         ;;
+      --secret-keyring)
+        shift
+        FORCED_SECRET_KEYRING="$1"
+        shift
+        ;;
       --fakeroot)
         requires_root() { true; }
         shift
@@ -355,6 +360,12 @@ if [ "$command" != "help" ]; then
     GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always"
     GPG="$GPG_CMD"
 
+    # for advanced operations, we might really need a secret keyring after all
+    if [ -n "$FORCED_SECRET_KEYRING" ] && [ -r "$FORCED_SECRET_KEYRING" ]; then
+       rm -f "$SECRETKEYRING"
+       cp -a "$FORCED_SECRET_KEYRING" "$SECRETKEYRING"
+    fi
+
     # gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead.
     if ! [ -e "$TRUSTEDFILE" ]; then
        if [ -w "$(dirname "$TRUSTEDFILE")" ]; then

diff --git a/test/integration/framework b/test/integration/framework
index 1ab01b20a151d1dd2bdcee8ab4e26875703fcbd4..50f16fb465c9976ef37251897c0dc1c527022a9d 100644 (file)
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -429,8 +429,8 @@ Package: $NAME" >> ${BUILDDIR}/debian/control
                | while read SRC; do
                echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist
 #              if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then
-#                      aptkey --keyring ./keys/joesixpack.pub --quiet adv --yes \
-#                              --secret-keyring ./keys/joesixpack.sec --default-key 'Joe Sixpack' \
+#                      aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet \
+#                              adv --yes --default-key 'Joe Sixpack' \
 #                              --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
 #                      mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
 #              fi
@@ -816,7 +816,7 @@ setupaptarchive() {
 signreleasefiles() {
        local SIGNER="${1:-Joe Sixpack}"
        local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
-       local GPG="aptkey --quiet --keyring ${KEY}.pub adv --batch --yes --secret-keyring ${KEY}.sec"
+       local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec adv --batch --yes"
        msgninfo "\tSign archive with $SIGNER key $KEY… "
        local REXKEY='keys/rexexpired'
        local SECEXPIREBAK="${REXKEY}.sec.bak"