diff options
| author | Guillem Jover <guillem@debian.org> | 2019-05-01 23:23:03 +0200 |
|---|---|---|
| committer | Guillem Jover <guillem@debian.org> | 2019-10-30 22:02:41 +0100 |
| commit | 2f238b0e7286d401acd1325e30c86363a1e380db (patch) | |
| tree | e0e7487f5bfb04bf31e7200b3b9da7e5162fda4e /scripts | |
| parent | e4f9fc7a5040f0eeef330e82bdeda6483bbd8a50 (diff) | |
| download | dpkg-2f238b0e7286d401acd1325e30c86363a1e380db.tar.gz | |
Dpkg::OpenPGP: Add support for importing an OpenPGP key into a keyring
This is needed, for example, to verify original tarball signatures.
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/Dpkg/OpenPGP.pm | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/scripts/Dpkg/OpenPGP.pm b/scripts/Dpkg/OpenPGP.pm index f207af228..f08bd3b12 100644 --- a/scripts/Dpkg/OpenPGP.pm +++ b/scripts/Dpkg/OpenPGP.pm @@ -81,6 +81,42 @@ sub openpgp_sig_to_asc return; } +sub import_key { + my ($asc, %opts) = @_; + + $opts{require_valid_signature} //= 1; + + my @exec; + if (find_command('gpg')) { + push @exec, 'gpg'; + } elsif ($opts{require_valid_signature}) { + error(g_('cannot import key in %s since GnuPG is not installed'), + $asc); + } else { + warning(g_('cannot import key in %s since GnuPG is not installed'), + $asc); + return; + } + push @exec, '--no-options', '--no-default-keyring', '-q', '--import'; + push @exec, '--keyring', $opts{keyring}; + push @exec, $asc; + + my ($stdout, $stderr); + spawn(exec => \@exec, wait_child => 1, nocheck => 1, timeout => 10, + to_string => \$stdout, error_to_string => \$stderr); + if (WIFEXITED($?)) { + my $status = WEXITSTATUS($?); + print { *STDERR } "$stdout$stderr" if $status; + if ($status == 1 or ($status && $opts{require_valid_signature})) { + error(g_('failed to import key in %s'), $asc); + } elsif ($status) { + warning(g_('failed to import key in %s'), $asc); + } + } else { + subprocerr("@exec"); + } +} + sub verify_signature { my ($sig, %opts) = @_; |