[lxc-devel] [distrobuilder/master] shared: Improve GPG handling
monstermunchkin on Github
lxc-bot at linuxcontainers.org
Mon Jul 8 14:44:45 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190708/effbd01f/attachment.bin>
-------------- next part --------------
From cd99f5f791406f5bdf0467fbdab538d1ccc9343a Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Mon, 8 Jul 2019 16:43:27 +0200
Subject: [PATCH] shared: Improve GPG handling
Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
shared/util.go | 69 ++++++++++++++++++++++++++++++++++++++++++--------
1 file changed, 59 insertions(+), 10 deletions(-)
diff --git a/shared/util.go b/shared/util.go
index 2e0af1e..374ec2a 100644
--- a/shared/util.go
+++ b/shared/util.go
@@ -123,6 +123,54 @@ func VerifyFile(signedFile, signatureFile string, keys []string, keyserver strin
return true, nil
}
+func recvGPGKeys(gpgDir string, keyserver string, keys []string) (bool, error) {
+ args := []string{"--homedir", gpgDir}
+
+ if keyserver != "" {
+ args = append(args, "--keyserver", keyserver)
+ }
+
+ args = append(args, append([]string{"--recv-keys"}, keys...)...)
+
+ out, err := lxd.TryRunCommand("gpg", args...)
+ if err != nil {
+ return false, err
+ }
+
+ // Verify output
+ var importedKeys []string
+ var missingKeys []string
+ lines := strings.Split(out, "\n")
+
+ for _, l := range lines {
+ if strings.HasPrefix(l, "gpg: key ") && (strings.HasSuffix(l, " imported") || strings.HasSuffix(l, " not changed")) {
+ key := strings.Split(l, " ")
+ importedKeys = append(importedKeys, strings.Split(key[2], ":")[0])
+ }
+ }
+
+ // Figure out which key(s) couldn't be imported
+ if len(importedKeys) < len(keys) {
+ for _, j := range keys {
+ found := false
+
+ for _, k := range importedKeys {
+ if strings.HasSuffix(j, k) {
+ found = true
+ }
+ }
+
+ if !found {
+ missingKeys = append(missingKeys, j)
+ }
+ }
+
+ return false, fmt.Errorf("Failed to import keys: %s", strings.Join(missingKeys, " "))
+ }
+
+ return true, nil
+}
+
// CreateGPGKeyring creates a new GPG keyring.
func CreateGPGKeyring(keyserver string, keys []string) (string, error) {
gpgDir, err := ioutil.TempDir(os.TempDir(), "distrobuilder.")
@@ -135,22 +183,23 @@ func CreateGPGKeyring(keyserver string, keys []string) (string, error) {
return "", err
}
- args := []string{"--homedir", gpgDir}
+ var ok bool
- if keyserver != "" {
- args = append(args, "--keyserver", keyserver)
- }
+ for i := 0; i < 3; i++ {
+ ok, err = recvGPGKeys(gpgDir, keyserver, keys)
+ if ok {
+ break
+ }
- args = append(args, append([]string{"--recv-keys"}, keys...)...)
+ time.Sleep(2 * time.Second)
+ }
- out, err := lxd.TryRunCommand("gpg", args...)
- if err != nil {
- os.RemoveAll(gpgDir)
- return "", fmt.Errorf("Failed to create keyring: %s", out)
+ if !ok {
+ return "", err
}
// Export keys to support gpg1 and gpg2
- out, err = lxd.RunCommand("gpg", "--homedir", gpgDir, "--export", "--output",
+ out, err := lxd.RunCommand("gpg", "--homedir", gpgDir, "--export", "--output",
filepath.Join(gpgDir, "distrobuilder.gpg"))
if err != nil {
os.RemoveAll(gpgDir)
More information about the lxc-devel
mailing list