summaryrefslogtreecommitdiff
path: root/cmdline/apt-key.in
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2014-01-24 18:24:43 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2014-09-27 00:12:14 +0200
commit4b30c1dc053278a6b9bdb50f0d91b3f934e8613d (patch)
tree5c43950c13004e6432b5863eb2aee2d2b28b3b9a /cmdline/apt-key.in
parent08cfcd73f517e909823c100143c4938b9997343e (diff)
downloadapt-4b30c1dc053278a6b9bdb50f0d91b3f934e8613d.tar.gz
refactor key removal code to reuse it in next step
Git-Dch: Ignore
Diffstat (limited to 'cmdline/apt-key.in')
-rw-r--r--cmdline/apt-key.in103
1 files changed, 55 insertions, 48 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 9da5fceb8..9adbd6443 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -170,62 +170,69 @@ update() {
}
remove_key_from_keyring() {
- local GPG="$GPG_CMD --keyring $1"
- # check if the key is in this keyring: the key id is in the 5 column at the end
- if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+$2:"; then
- return
- fi
- if [ ! -w "$1" ]; then
- echo >&2 "Key ${2} is in keyring ${1}, but can't be removed as it is read only."
- return
- fi
- # check if it is the only key in the keyring and if so remove the keyring altogether
- if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then
- mv -f "$1" "${1}~" # behave like gpg
- return
- fi
- # we can't just modify pointed to files as these might be in /usr or something
- local REALTARGET
- if [ -L "$1" ]; then
- REALTARGET="$(readlink -f "$1")"
- mv -f "$1" "${1}.dpkg-tmp"
- cp -a "$REALTARGET" "$1"
- fi
- # delete the key from the keyring
- $GPG --batch --delete-key --yes "$2"
- if [ -n "$REALTARGET" ]; then
- # the real backup is the old link, not the copy we made
- mv -f "${1}.dpkg-tmp" "${1}~"
- fi
+ local KEYRINGFILE="$1"
+ shift
+ local GPG="$GPG_CMD --keyring $KEYRINGFILE"
+ while [ -n "$1" ]; do
+ local KEY="$1"
+ shift
+ # check if the key is in this keyring: the key id is in the 5 column at the end
+ if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+${KEY}:"; then
+ continue
+ fi
+ if [ ! -w "$KEYRINGFILE" ]; then
+ echo >&2 "Key ${KEY} is in keyring ${KEYRINGFILE}, but can't be removed as it is read only."
+ continue
+ fi
+ # check if it is the only key in the keyring and if so remove the keyring altogether
+ if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then
+ mv -f "$KEYRINGFILE" "${KEYRINGFILE}~" # behave like gpg
+ return
+ fi
+ # we can't just modify pointed to files as these might be in /usr or something
+ local REALTARGET
+ if [ -L "$KEYRINGFILE" ]; then
+ REALTARGET="$(readlink -f "$KEYRINGFILE")"
+ mv -f "$KEYRINGFILE" "${KEYRINGFILE}.dpkg-tmp"
+ cp -a "$REALTARGET" "$KEYRINGFILE"
+ fi
+ # delete the key from the keyring
+ $GPG --batch --delete-key --yes "$KEY"
+ if [ -n "$REALTARGET" ]; then
+ # the real backup is the old link, not the copy we made
+ mv -f "${KEYRINGFILE}.dpkg-tmp" "${KEYRINGFILE}~"
+ fi
+ done
}
remove_key() {
requires_root
+ foreach_keyring_do 'remove_key_from_keyring' "$@"
+ aptkey_echo "OK"
+ }
- while [ -n "$1" ]; do
- # if a --keyring was given, just remove from there
- if [ -n "$FORCED_KEYRING" ]; then
- remove_key_from_keyring "$FORCED_KEYRING" "$1"
- else
- # otherwise all known keyrings are up for inspection
- local TRUSTEDFILE="/etc/apt/trusted.gpg"
- eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring)
- eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f)
- remove_key_from_keyring "$TRUSTEDFILE" "$1"
- TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
- eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
- if [ -d "$TRUSTEDPARTS" ]; then
- for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do
- remove_key_from_keyring "$trusted" "$1"
- done
- fi
+foreach_keyring_do() {
+ local ACTION="$1"
+ shift
+ # if a --keyring was given, just remove from there
+ if [ -n "$FORCED_KEYRING" ]; then
+ $ACTION "$FORCED_KEYRING" "$@"
+ else
+ # otherwise all known keyrings are up for inspection
+ local TRUSTEDFILE="/etc/apt/trusted.gpg"
+ eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring)
+ eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f)
+ $ACTION "$TRUSTEDFILE" "$@"
+ local TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
+ eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
+ if [ -d "$TRUSTEDPARTS" ]; then
+ for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do
+ $ACTION "$trusted" "$@"
+ done
fi
- aptkey_echo "OK"
- shift
- done
+ fi
}
-
usage() {
echo "Usage: apt-key [--keyring file] [command] [arguments]"
echo