[lxc-devel] [distrobuilder/master] shared: Support armored GPG keys
monstermunchkin on Github
lxc-bot at linuxcontainers.org
Tue Jul 9 16:39:54 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190709/ae4a9233/attachment.bin>
-------------- next part --------------
From c59b4caed1a423311fcd48a67f941d2f8a5ab868 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Tue, 9 Jul 2019 18:38:13 +0200
Subject: [PATCH] shared: Support armored GPG keys
Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
shared/util.go | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/shared/util.go b/shared/util.go
index 374ec2a..8db7f65 100644
--- a/shared/util.go
+++ b/shared/util.go
@@ -126,11 +126,31 @@ func VerifyFile(signedFile, signatureFile string, keys []string, keyserver strin
func recvGPGKeys(gpgDir string, keyserver string, keys []string) (bool, error) {
args := []string{"--homedir", gpgDir}
+ var fingerprints []string
+ var publicKeys []string
+
+ for _, k := range keys {
+ if strings.HasPrefix(strings.TrimSpace(k), "-----BEGIN PGP PUBLIC KEY BLOCK-----") {
+ publicKeys = append(publicKeys, strings.TrimSpace(k))
+ } else {
+ fingerprints = append(fingerprints, strings.TrimSpace(k))
+ }
+ }
+
+ for _, f := range publicKeys {
+ args := append(args, "--import")
+
+ err := lxd.RunCommandWithFds(strings.NewReader(f), nil, "gpg", args...)
+ if err != nil {
+ return false, err
+ }
+ }
+
if keyserver != "" {
args = append(args, "--keyserver", keyserver)
}
- args = append(args, append([]string{"--recv-keys"}, keys...)...)
+ args = append(args, append([]string{"--recv-keys"}, fingerprints...)...)
out, err := lxd.TryRunCommand("gpg", args...)
if err != nil {
@@ -150,8 +170,8 @@ func recvGPGKeys(gpgDir string, keyserver string, keys []string) (bool, error) {
}
// Figure out which key(s) couldn't be imported
- if len(importedKeys) < len(keys) {
- for _, j := range keys {
+ if len(importedKeys) < len(fingerprints) {
+ for _, j := range fingerprints {
found := false
for _, k := range importedKeys {
More information about the lxc-devel
mailing list