Przeglądaj źródła

add --secret-keyring option for apt-key

For some advanced usecases it might be handy to specify the secret
keyring to be used (e.g. as it is used in the testcases), but specifying
it via a normal option for gnupg might not be available forever:
http://lists.gnupg.org/pipermail/gnupg-users/2013-August/047180.html

Git-Dch: Ignore
David Kalnischkies 12 lat temu
rodzic
commit
bd7fb5aa31
2 zmienionych plików z 14 dodań i 3 usunięć
  1. 11 0
      cmdline/apt-key.in
  2. 3 3
      test/integration/framework

+ 11 - 0
cmdline/apt-key.in

@@ -287,6 +287,11 @@ while [ -n "$1" ]; do
 	 FORCED_KEYRING="$1"
 	 shift
 	 ;;
+      --secret-keyring)
+	 shift
+	 FORCED_SECRET_KEYRING="$1"
+	 shift
+	 ;;
       --fakeroot)
 	 requires_root() { true; }
 	 shift
@@ -355,6 +360,12 @@ if [ "$command" != "help" ]; then
     GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always"
     GPG="$GPG_CMD"
 
+    # for advanced operations, we might really need a secret keyring after all
+    if [ -n "$FORCED_SECRET_KEYRING" ] && [ -r "$FORCED_SECRET_KEYRING" ]; then
+	rm -f "$SECRETKEYRING"
+	cp -a "$FORCED_SECRET_KEYRING" "$SECRETKEYRING"
+    fi
+
     # gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead.
     if ! [ -e "$TRUSTEDFILE" ]; then
 	if [ -w "$(dirname "$TRUSTEDFILE")" ]; then

+ 3 - 3
test/integration/framework

@@ -429,8 +429,8 @@ Package: $NAME" >> ${BUILDDIR}/debian/control
 		| while read SRC; do
 		echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist
 #		if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then
-#			aptkey --keyring ./keys/joesixpack.pub --quiet adv --yes \
-#				--secret-keyring ./keys/joesixpack.sec --default-key 'Joe Sixpack' \
+#			aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet \
+#				adv --yes --default-key 'Joe Sixpack' \
 #				--clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
 #			mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
 #		fi
@@ -816,7 +816,7 @@ setupaptarchive() {
 signreleasefiles() {
 	local SIGNER="${1:-Joe Sixpack}"
 	local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
-	local GPG="aptkey --quiet --keyring ${KEY}.pub adv --batch --yes --secret-keyring ${KEY}.sec"
+	local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec adv --batch --yes"
 	msgninfo "\tSign archive with $SIGNER key $KEY… "
 	local REXKEY='keys/rexexpired'
 	local SECEXPIREBAK="${REXKEY}.sec.bak"