Преглед изворни кода

refactor key removal code to reuse it in next step

Git-Dch: Ignore
David Kalnischkies пре 12 година
родитељ
комит
4b30c1dc05
1 измењених фајлова са 55 додато и 48 уклоњено
  1. 55 48
      cmdline/apt-key.in

+ 55 - 48
cmdline/apt-key.in

@@ -170,62 +170,69 @@ update() {
 }
 
 remove_key_from_keyring() {
-    local GPG="$GPG_CMD --keyring $1"
-    # check if the key is in this keyring: the key id is in the 5 column at the end
-    if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+$2:"; then
-	return
-    fi
-    if [ ! -w "$1" ]; then
-	echo >&2 "Key ${2} is in keyring ${1}, but can't be removed as it is read only."
-	return
-    fi
-    # check if it is the only key in the keyring and if so remove the keyring altogether
-    if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then
-	mv -f "$1" "${1}~" # behave like gpg
-	return
-    fi
-    # we can't just modify pointed to files as these might be in /usr or something
-    local REALTARGET
-    if [ -L "$1" ]; then
-	REALTARGET="$(readlink -f "$1")"
-	mv -f "$1" "${1}.dpkg-tmp"
-	cp -a "$REALTARGET" "$1"
-    fi
-    # delete the key from the keyring
-    $GPG --batch --delete-key --yes "$2"
-    if [ -n "$REALTARGET" ]; then
-	# the real backup is the old link, not the copy we made
-	mv -f "${1}.dpkg-tmp" "${1}~"
-    fi
+    local KEYRINGFILE="$1"
+    shift
+    local GPG="$GPG_CMD --keyring $KEYRINGFILE"
+    while [ -n "$1" ]; do
+       local KEY="$1"
+       shift
+	# check if the key is in this keyring: the key id is in the 5 column at the end
+	if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+${KEY}:"; then
+	    continue
+	fi
+	if [ ! -w "$KEYRINGFILE" ]; then
+	    echo >&2 "Key ${KEY} is in keyring ${KEYRINGFILE}, but can't be removed as it is read only."
+	    continue
+	fi
+	# check if it is the only key in the keyring and if so remove the keyring altogether
+	if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then
+	    mv -f "$KEYRINGFILE" "${KEYRINGFILE}~" # behave like gpg
+	    return
+	fi
+	# we can't just modify pointed to files as these might be in /usr or something
+	local REALTARGET
+	if [ -L "$KEYRINGFILE" ]; then
+	    REALTARGET="$(readlink -f "$KEYRINGFILE")"
+	    mv -f "$KEYRINGFILE" "${KEYRINGFILE}.dpkg-tmp"
+	    cp -a "$REALTARGET" "$KEYRINGFILE"
+	fi
+	# delete the key from the keyring
+	$GPG --batch --delete-key --yes "$KEY"
+	if [ -n "$REALTARGET" ]; then
+	    # the real backup is the old link, not the copy we made
+	    mv -f "${KEYRINGFILE}.dpkg-tmp" "${KEYRINGFILE}~"
+	fi
+    done
 }
 
 remove_key() {
     requires_root
+    foreach_keyring_do 'remove_key_from_keyring' "$@"
+    aptkey_echo "OK"
+ }
 
-    while [ -n "$1" ]; do
-	# if a --keyring was given, just remove from there
-	if [ -n "$FORCED_KEYRING" ]; then
-	    remove_key_from_keyring "$FORCED_KEYRING" "$1"
-	else
-	    # otherwise all known keyrings are up for inspection
-	    local TRUSTEDFILE="/etc/apt/trusted.gpg"
-	    eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring)
-	    eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f)
-	    remove_key_from_keyring "$TRUSTEDFILE" "$1"
-	    TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
-	    eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
-	    if [ -d "$TRUSTEDPARTS" ]; then
-		for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do
-		    remove_key_from_keyring "$trusted" "$1"
-		done
-	    fi
+foreach_keyring_do() {
+   local ACTION="$1"
+   shift
+   # if a --keyring was given, just remove from there
+   if [ -n "$FORCED_KEYRING" ]; then
+	$ACTION "$FORCED_KEYRING" "$@"
+   else
+	# otherwise all known keyrings are up for inspection
+	local TRUSTEDFILE="/etc/apt/trusted.gpg"
+	eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring)
+	eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f)
+	$ACTION "$TRUSTEDFILE" "$@"
+	local TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
+	eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
+	if [ -d "$TRUSTEDPARTS" ]; then
+	    for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do
+		$ACTION "$trusted" "$@"
+	    done
 	fi
-	aptkey_echo "OK"
-	shift
-    done
+   fi
 }
 
-
 usage() {
     echo "Usage: apt-key [--keyring file] [command] [arguments]"
     echo