add --skip=check/signed-by

This commit is contained in:
Johannes Schauer Marin Rodrigues 2023-01-16 14:58:23 +01:00
parent 42386c90c8
commit 327b75846f
Signed by untrusted user: josch
GPG key ID: F2CBA5C78FBD83E1

View file

@ -5117,17 +5117,17 @@ sub main() {
# a signed-by option # a signed-by option
my $signedby = ''; my $signedby = '';
my %suite_by_vendor = get_suite_by_vendor(); my %suite_by_vendor = get_suite_by_vendor();
{ my $gpgproc = sub {
my $keyring my $keyring
= get_keyring_by_suite($options->{suite}, \%suite_by_vendor); = get_keyring_by_suite($options->{suite}, \%suite_by_vendor);
if (!defined $keyring) { if (!defined $keyring) {
last; return '';
} }
# we can only check if we need the signed-by entry if we u # we can only check if we need the signed-by entry if we u
# automatically chosen keyring exists # automatically chosen keyring exists
if (!defined $keyring || !-e $keyring) { if (!defined $keyring || !-e $keyring) {
last; return '';
} }
# we can only check key material if gpg is installed # we can only check key material if gpg is installed
@ -5155,9 +5155,9 @@ sub main() {
close $fh; close $fh;
} }
if ($? != 0 || !defined $ret || defined $message) { if ($? != 0 || !defined $ret || defined $message) {
info "gpg --version failed: cannot determine the right" warning
. " signed-by value"; "gpg --version failed: cannot infer signed-by value";
last; return '';
} }
# initialize gpg trustdb with empty one # initialize gpg trustdb with empty one
{ {
@ -5166,7 +5166,7 @@ sub main() {
} }
if (!-d $options->{apttrustedparts}) { if (!-d $options->{apttrustedparts}) {
warning "$options->{apttrustedparts} doesn't exist"; warning "$options->{apttrustedparts} doesn't exist";
last; return '';
} }
# find all the fingerprints of the keys apt currently # find all the fingerprints of the keys apt currently
# knows about # knows about
@ -5188,8 +5188,7 @@ sub main() {
} }
my @aptfingerprints = (); my @aptfingerprints = ();
if (scalar @keyrings == 0) { if (scalar @keyrings == 0) {
$signedby = " [signed-by=\"$keyring\"]"; return " [signed-by=\"$keyring\"]";
last;
} }
info "Finding correct signed-by value..."; info "Finding correct signed-by value...";
my $progress = 0.0; my $progress = 0.0;
@ -5212,8 +5211,7 @@ sub main() {
} }
print_progress("done"); print_progress("done");
if (scalar @aptfingerprints == 0) { if (scalar @aptfingerprints == 0) {
$signedby = " [signed-by=\"$keyring\"]"; return " [signed-by=\"$keyring\"]";
last;
} }
# check if all fingerprints from the keyring that we guessed # check if all fingerprints from the keyring that we guessed
# are known by apt and only add signed-by option if that's not # are known by apt and only add signed-by option if that's not
@ -5229,15 +5227,20 @@ sub main() {
# if this fingerprint is not known by apt, then we need # if this fingerprint is not known by apt, then we need
#to add the signed-by option #to add the signed-by option
if (none { $_ eq $1 } @aptfingerprints) { if (none { $_ eq $1 } @aptfingerprints) {
$signedby = " [signed-by=\"$keyring\"]"; return " [signed-by=\"$keyring\"]";
last;
} }
} }
close $fh; close $fh;
if ($? != 0) {
warning "gpg failed -- cannot infer signed-by value";
}
} }
if ($? != 0) { return '';
error "gpg failed"; };
} if (any { $_ eq 'check/signed-by' } @{ $options->{skip} }) {
info "skipping check/signed-by as requested";
} else {
$signedby = $gpgproc->();
} }
if (scalar @ARGV > 0) { if (scalar @ARGV > 0) {
for my $arg (@ARGV) { for my $arg (@ARGV) {
@ -6943,6 +6946,8 @@ Upon startup, several checks are carried out, like:
=item * whether the output directory is empty. This check can be disabled using B<--skip=check/empty> =item * whether the output directory is empty. This check can be disabled using B<--skip=check/empty>
=item * whether adding a C<signed-by> to C<apt/sources.list> is necessary. This requires gpg and can be disabled using B<--skip=check/signed-by>
=back =back
=item B<setup> =item B<setup>