[lxc-devel] [distrobuilder/master] shared: Improve GPG handling

Mon Jul 8 14:44:45 UTC 2019

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190708/effbd01f/attachment.bin>
-------------- next part --------------
From cd99f5f791406f5bdf0467fbdab538d1ccc9343a Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Mon, 8 Jul 2019 16:43:27 +0200
Subject: [PATCH] shared: Improve GPG handling

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 shared/util.go | 69 ++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 59 insertions(+), 10 deletions(-)

diff --git a/shared/util.go b/shared/util.go
index 2e0af1e..374ec2a 100644
--- a/shared/util.go
+++ b/shared/util.go
@@ -123,6 +123,54 @@ func VerifyFile(signedFile, signatureFile string, keys []string, keyserver strin
 	return true, nil
 }
 
+func recvGPGKeys(gpgDir string, keyserver string, keys []string) (bool, error) {
+	args := []string{"--homedir", gpgDir}
+
+	if keyserver != "" {
+		args = append(args, "--keyserver", keyserver)
+	}
+
+	args = append(args, append([]string{"--recv-keys"}, keys...)...)
+
+	out, err := lxd.TryRunCommand("gpg", args...)
+	if err != nil {
+		return false, err
+	}
+
+	// Verify output
+	var importedKeys []string
+	var missingKeys []string
+	lines := strings.Split(out, "\n")
+
+	for _, l := range lines {
+		if strings.HasPrefix(l, "gpg: key ") && (strings.HasSuffix(l, " imported") || strings.HasSuffix(l, " not changed")) {
+			key := strings.Split(l, " ")
+			importedKeys = append(importedKeys, strings.Split(key[2], ":")[0])
+		}
+	}
+
+	// Figure out which key(s) couldn't be imported
+	if len(importedKeys) < len(keys) {
+		for _, j := range keys {
+			found := false
+
+			for _, k := range importedKeys {
+				if strings.HasSuffix(j, k) {
+					found = true
+				}
+			}
+
+			if !found {
+				missingKeys = append(missingKeys, j)
+			}
+		}
+
+		return false, fmt.Errorf("Failed to import keys: %s", strings.Join(missingKeys, " "))
+	}
+
+	return true, nil
+}
+
 // CreateGPGKeyring creates a new GPG keyring.
 func CreateGPGKeyring(keyserver string, keys []string) (string, error) {
 	gpgDir, err := ioutil.TempDir(os.TempDir(), "distrobuilder.")
@@ -135,22 +183,23 @@ func CreateGPGKeyring(keyserver string, keys []string) (string, error) {
 		return "", err
 	}
 
-	args := []string{"--homedir", gpgDir}
+	var ok bool
 
-	if keyserver != "" {
-		args = append(args, "--keyserver", keyserver)
-	}
+	for i := 0; i < 3; i++ {
+		ok, err = recvGPGKeys(gpgDir, keyserver, keys)
+		if ok {
+			break
+		}
 
-	args = append(args, append([]string{"--recv-keys"}, keys...)...)
+		time.Sleep(2 * time.Second)
+	}
 
-	out, err := lxd.TryRunCommand("gpg", args...)
-	if err != nil {
-		os.RemoveAll(gpgDir)
-		return "", fmt.Errorf("Failed to create keyring: %s", out)
+	if !ok {
+		return "", err
 	}
 
 	// Export keys to support gpg1 and gpg2
-	out, err = lxd.RunCommand("gpg", "--homedir", gpgDir, "--export", "--output",
+	out, err := lxd.RunCommand("gpg", "--homedir", gpgDir, "--export", "--output",
 		filepath.Join(gpgDir, "distrobuilder.gpg"))
 	if err != nil {
 		os.RemoveAll(gpgDir)
