[lxc-devel] [distrobuilder/master] managers/apt: Handle repo keys

[monstermunchkin on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 659 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200331/5d4c66fa/attachment.bin>
-------------- next part --------------
From 77201768828be66c28bbfb6dc3f1d994c233c89f Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Tue, 31 Mar 2020 13:16:07 +0200
Subject: [PATCH] managers/apt: Handle repo keys

This adds support for custom repo keys. If the full public key is
provided, it just gets imported by `apt-key`. If the key ID is provided,
gpg retrieves the public key before passing it to `apt-key`. In order
for the latter to succeed, gpg needs to be installed early.

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 managers/apt.go | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/managers/apt.go b/managers/apt.go
index e7106e7..16b31a8 100644
--- a/managers/apt.go
+++ b/managers/apt.go
@@ -1,7 +1,9 @@
 package managers
 
 import (
+	"bytes"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -105,6 +107,34 @@ func NewApt() *Manager {
 				}
 			}
 
+			if repoAction.Key != "" {
+				var reader io.Reader
+
+				if strings.HasPrefix(repoAction.Key, "-----BEGIN PGP PUBLIC KEY BLOCK-----") {
+					reader = strings.NewReader(repoAction.Key)
+				} else {
+					// If only key ID is provided, we need gpg to be installed early.
+					_, err := lxd.RunCommand("gpg", "--recv-keys", repoAction.Key)
+					if err != nil {
+						return err
+					}
+
+					var buf bytes.Buffer
+
+					err = lxd.RunCommandWithFds(nil, &buf, "gpg", "--export", "--armor", repoAction.Key)
+					if err != nil {
+						return err
+					}
+
+					reader = &buf
+				}
+
+				err = lxd.RunCommandWithFds(reader, nil, "apt-key", "add", "-")
+				if err != nil {
+					return err
+				}
+			}
+
 			return nil
 		},
 	}