[lxc-devel] [distrobuilder/master] managers/apt: Handle repo keys
monstermunchkin on Github
lxc-bot at linuxcontainers.org
Tue Mar 31 11:33:32 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 659 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200331/5d4c66fa/attachment.bin>
-------------- next part --------------
From 77201768828be66c28bbfb6dc3f1d994c233c89f Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Tue, 31 Mar 2020 13:16:07 +0200
Subject: [PATCH] managers/apt: Handle repo keys
This adds support for custom repo keys. If the full public key is
provided, it just gets imported by `apt-key`. If the key ID is provided,
gpg retrieves the public key before passing it to `apt-key`. In order
for the latter to succeed, gpg needs to be installed early.
Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
managers/apt.go | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/managers/apt.go b/managers/apt.go
index e7106e7..16b31a8 100644
--- a/managers/apt.go
+++ b/managers/apt.go
@@ -1,7 +1,9 @@
package managers
import (
+ "bytes"
"fmt"
+ "io"
"io/ioutil"
"os"
"path/filepath"
@@ -105,6 +107,34 @@ func NewApt() *Manager {
}
}
+ if repoAction.Key != "" {
+ var reader io.Reader
+
+ if strings.HasPrefix(repoAction.Key, "-----BEGIN PGP PUBLIC KEY BLOCK-----") {
+ reader = strings.NewReader(repoAction.Key)
+ } else {
+ // If only key ID is provided, we need gpg to be installed early.
+ _, err := lxd.RunCommand("gpg", "--recv-keys", repoAction.Key)
+ if err != nil {
+ return err
+ }
+
+ var buf bytes.Buffer
+
+ err = lxd.RunCommandWithFds(nil, &buf, "gpg", "--export", "--armor", repoAction.Key)
+ if err != nil {
+ return err
+ }
+
+ reader = &buf
+ }
+
+ err = lxd.RunCommandWithFds(reader, nil, "apt-key", "add", "-")
+ if err != nil {
+ return err
+ }
+ }
+
return nil
},
}
More information about the lxc-devel
mailing list