gpg: handle ASCII-armored keyrings as well
gpg command "--list-keys" requires input files to be passed with option "--keyring" and each file must match type "public keyring v4" while gpg command "--show-keys" doesn't require extra options and handles also ASCII-armored public keyrings as well. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This commit is contained in:
parent
2767b051bc
commit
ccd4b5c163
1 changed files with 17 additions and 11 deletions
28
mmdebstrap
28
mmdebstrap
|
@ -4937,30 +4937,37 @@ sub main() {
|
||||||
. " signed-by value";
|
. " signed-by value";
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
|
# initialize gpg trustdb with empty one
|
||||||
|
{
|
||||||
|
`@gpgcmd --update-trustdb >/dev/null 2>/dev/null`;
|
||||||
|
$? == 0 or error "gpg failed to initialize trustdb: $?";
|
||||||
|
}
|
||||||
# find all the fingerprints of the keys apt currently
|
# find all the fingerprints of the keys apt currently
|
||||||
# knows about
|
# knows about
|
||||||
my @keyringopts = ();
|
my @keyrings = ();
|
||||||
opendir my $dh, "$options->{apttrustedparts}"
|
opendir my $dh, "$options->{apttrustedparts}"
|
||||||
or error "cannot read $options->{apttrustedparts}";
|
or error "cannot read $options->{apttrustedparts}";
|
||||||
while (my $filename = readdir $dh) {
|
while (my $filename = readdir $dh) {
|
||||||
if ($filename !~ /\.(asc|gpg)$/) {
|
if ($filename !~ /\.(asc|gpg)$/) {
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
push @keyringopts, '--keyring',
|
$filename = "$options->{apttrustedparts}/$filename";
|
||||||
"$options->{apttrustedparts}/$filename";
|
# skip empty keyrings
|
||||||
|
-s "$filename" || next;
|
||||||
|
push @keyrings, "$filename";
|
||||||
}
|
}
|
||||||
closedir $dh;
|
closedir $dh;
|
||||||
if (-e $options->{apttrusted}) {
|
if (-s $options->{apttrusted}) {
|
||||||
push @keyringopts, '--keyring', $options->{apttrusted};
|
push @keyrings, $options->{apttrusted};
|
||||||
}
|
}
|
||||||
my @aptfingerprints = ();
|
my @aptfingerprints = ();
|
||||||
if (scalar @keyringopts == 0) {
|
if (scalar @keyrings == 0) {
|
||||||
$signedby = " [signed-by=\"$keyring\"]";
|
$signedby = " [signed-by=\"$keyring\"]";
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
open my $fh, '-|', @gpgcmd, @keyringopts, '--with-colons',
|
open(my $fh, '-|', @gpgcmd, '--with-colons', '--show-keys',
|
||||||
'--list-keys' // error "failed to fork(): $!";
|
@keyrings) // error "failed to fork(): $!";
|
||||||
while (my $line = <$fh>) {
|
while (my $line = <$fh>) {
|
||||||
if ($line !~ /^fpr:::::::::([^:]+):/) {
|
if ($line !~ /^fpr:::::::::([^:]+):/) {
|
||||||
next;
|
next;
|
||||||
|
@ -4981,9 +4988,8 @@ sub main() {
|
||||||
# the case
|
# the case
|
||||||
my @suitefingerprints = ();
|
my @suitefingerprints = ();
|
||||||
{
|
{
|
||||||
open my $fh, '-|', @gpgcmd, '--keyring', $keyring,
|
open(my $fh, '-|', @gpgcmd, '--with-colons', '--show-keys',
|
||||||
'--with-colons',
|
$keyring) // error "failed to fork(): $!";
|
||||||
'--list-keys' // error "failed to fork(): $!";
|
|
||||||
while (my $line = <$fh>) {
|
while (my $line = <$fh>) {
|
||||||
if ($line !~ /^fpr:::::::::([^:]+):/) {
|
if ($line !~ /^fpr:::::::::([^:]+):/) {
|
||||||
next;
|
next;
|
||||||
|
|
Loading…
Reference in a new issue