[lxc-devel] [distrobuilder/master] shared: Support armored GPG keys

monstermunchkin on Github lxc-bot at linuxcontainers.org
Tue Jul 9 16:39:54 UTC 2019


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190709/ae4a9233/attachment.bin>
-------------- next part --------------
From c59b4caed1a423311fcd48a67f941d2f8a5ab868 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Tue, 9 Jul 2019 18:38:13 +0200
Subject: [PATCH] shared: Support armored GPG keys

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 shared/util.go | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/shared/util.go b/shared/util.go
index 374ec2a..8db7f65 100644
--- a/shared/util.go
+++ b/shared/util.go
@@ -126,11 +126,31 @@ func VerifyFile(signedFile, signatureFile string, keys []string, keyserver strin
 func recvGPGKeys(gpgDir string, keyserver string, keys []string) (bool, error) {
 	args := []string{"--homedir", gpgDir}
 
+	var fingerprints []string
+	var publicKeys []string
+
+	for _, k := range keys {
+		if strings.HasPrefix(strings.TrimSpace(k), "-----BEGIN PGP PUBLIC KEY BLOCK-----") {
+			publicKeys = append(publicKeys, strings.TrimSpace(k))
+		} else {
+			fingerprints = append(fingerprints, strings.TrimSpace(k))
+		}
+	}
+
+	for _, f := range publicKeys {
+		args := append(args, "--import")
+
+		err := lxd.RunCommandWithFds(strings.NewReader(f), nil, "gpg", args...)
+		if err != nil {
+			return false, err
+		}
+	}
+
 	if keyserver != "" {
 		args = append(args, "--keyserver", keyserver)
 	}
 
-	args = append(args, append([]string{"--recv-keys"}, keys...)...)
+	args = append(args, append([]string{"--recv-keys"}, fingerprints...)...)
 
 	out, err := lxd.TryRunCommand("gpg", args...)
 	if err != nil {
@@ -150,8 +170,8 @@ func recvGPGKeys(gpgDir string, keyserver string, keys []string) (bool, error) {
 	}
 
 	// Figure out which key(s) couldn't be imported
-	if len(importedKeys) < len(keys) {
-		for _, j := range keys {
+	if len(importedKeys) < len(fingerprints) {
+		for _, j := range fingerprints {
 			found := false
 
 			for _, k := range importedKeys {


More information about the lxc-devel mailing list