Am Dienstag, 6. September 2005 01:02 schrieb ich: > Having a directory with pubkey files in it seems to be a good idea to me. > I just read gpgv(1) and it says you can pass --keyring several times. > That means we don't have to build the keyring that holds all keys, and > we do not need gpg. The time has come that I want that functionality myself, so I implemented it. My approach has one disadvantage over Peter's: gpgv only works with keyring files, it doesn't like exported keys. The atached patch is against 0.6.44.2 and only includes my changes to methods/gpgv.cc. This means that there is still docs to be updated. For transition /etc/apt/trusted.gpg could be symlinked to /etc/apt/trusted-keys/apt-key.gpg. Timo Weingärtner
diff -Naur apt-0.6.44.2.old/methods/gpgv.cc apt-0.6.44.2/methods/gpgv.cc
--- apt-0.6.44.2.old/methods/gpgv.cc 2006-05-08 18:39:36.000000000 +0200
+++ apt-0.6.44.2/methods/gpgv.cc 2006-07-28 17:20:31.000000000 +0200
@@ -1,6 +1,7 @@
#include <apt-pkg/error.h>
#include <apt-pkg/acquire-method.h>
#include <apt-pkg/strutl.h>
+#include <apt-pkg/fileutl.h>
#include <apti18n.h>
#include <sys/stat.h>
@@ -12,6 +13,8 @@
#include <sys/wait.h>
#include <iostream>
#include <sstream>
+#include <fnmatch.h>
+#include <dirent.h>
#define GNUPGPREFIX "[GNUPG:]"
#define GNUPGBADSIG "[GNUPG:] BADSIG"
@@ -24,6 +27,7 @@
string VerifyGetSigners(const char *file, const char *outfile,
vector<string> &GoodSigners, vector<string> &BadSigners,
vector<string> &NoPubKeySigners);
+ vector<string> GetKeyrings(const string Keyringspath);
protected:
virtual bool Fetch(FetchItem *Itm);
@@ -52,18 +56,23 @@
int status;
struct stat buff;
string gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
- string pubringpath = _config->Find("APT::GPGV::TrustedKeyring", "/etc/apt/trusted.gpg");
+ string keyringspath = _config->Find("APT::GPGV::TrustedKeyringsPath", "/etc/apt/trusted-keys");
if (_config->FindB("Debug::Acquire::gpgv", false))
{
std::cerr << "gpgv path: " << gpgvpath << std::endl;
- std::cerr << "Keyring path: " << pubringpath << std::endl;
+ std::cerr << "Keyrings path: " << keyringspath << std::endl;
}
- if (stat(pubringpath.c_str(), &buff) != 0)
+ if (stat(keyringspath.c_str(), &buff) != 0)
{
- ioprintf(ret, _("Couldn't access keyring: '%s'"), strerror(errno));
+ ioprintf(ret, _("Couldn't access keyrings path: '%s'"), strerror(errno));
return ret.str();
}
+ vector<string> keyrings = GetKeyrings(keyringspath);
+ if (keyrings.empty())
+ {
+ return "No keyrings installed";
+ }
if (pipe(fd) < 0)
{
return "Couldn't create pipe";
@@ -82,8 +91,11 @@
Args[i++] = gpgvpath.c_str();
Args[i++] = "--status-fd";
Args[i++] = "3";
- Args[i++] = "--keyring";
- Args[i++] = pubringpath.c_str();
+ for (vector<string>::const_iterator I = keyrings.begin(); I != keyrings.end(); I++)
+ {
+ Args[i++] = "--keyring";
+ Args[i++] = I->c_str();
+ }
Configuration::Item const *Opts;
Opts = _config->Tree("Acquire::gpgv::Options");
@@ -213,6 +225,31 @@
}
}
+vector<string> GPGVMethod::GetKeyrings(const string keyringspath)
+{
+ vector<string> ret;
+ DIR *D = opendir(keyringspath.c_str());
+ if (D)
+ {
+ for (struct dirent *Ent = readdir(D); Ent != 0; Ent = readdir(D))
+ {
+ // Match against pattern
+ if (fnmatch("*.gpg", Ent->d_name, 0))
+ continue;
+
+ // Make sure it is a regular file
+ string File = flCombine(keyringspath,Ent->d_name);
+ struct stat St;
+ if (stat(File.c_str(),&St) != 0 || S_ISREG(St.st_mode) == 0)
+ continue;
+
+ ret.push_back(File);
+ }
+ closedir(D);
+ }
+ return ret;
+}
+
bool GPGVMethod::Fetch(FetchItem *Itm)
{
URI Get = Itm->Uri;
Attachment:
pgpLeySRHann4.pgp
Description: PGP signature