Am Dienstag, 6. September 2005 01:02 schrieb ich: > Having a directory with pubkey files in it seems to be a good idea to me. > I just read gpgv(1) and it says you can pass --keyring several times. > That means we don't have to build the keyring that holds all keys, and > we do not need gpg. The time has come that I want that functionality myself, so I implemented it. My approach has one disadvantage over Peter's: gpgv only works with keyring files, it doesn't like exported keys. The atached patch is against 0.6.44.2 and only includes my changes to methods/gpgv.cc. This means that there is still docs to be updated. For transition /etc/apt/trusted.gpg could be symlinked to /etc/apt/trusted-keys/apt-key.gpg. Timo Weingärtner
diff -Naur apt-0.6.44.2.old/methods/gpgv.cc apt-0.6.44.2/methods/gpgv.cc --- apt-0.6.44.2.old/methods/gpgv.cc 2006-05-08 18:39:36.000000000 +0200 +++ apt-0.6.44.2/methods/gpgv.cc 2006-07-28 17:20:31.000000000 +0200 @@ -1,6 +1,7 @@ #include <apt-pkg/error.h> #include <apt-pkg/acquire-method.h> #include <apt-pkg/strutl.h> +#include <apt-pkg/fileutl.h> #include <apti18n.h> #include <sys/stat.h> @@ -12,6 +13,8 @@ #include <sys/wait.h> #include <iostream> #include <sstream> +#include <fnmatch.h> +#include <dirent.h> #define GNUPGPREFIX "[GNUPG:]" #define GNUPGBADSIG "[GNUPG:] BADSIG" @@ -24,6 +27,7 @@ string VerifyGetSigners(const char *file, const char *outfile, vector<string> &GoodSigners, vector<string> &BadSigners, vector<string> &NoPubKeySigners); + vector<string> GetKeyrings(const string Keyringspath); protected: virtual bool Fetch(FetchItem *Itm); @@ -52,18 +56,23 @@ int status; struct stat buff; string gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv"); - string pubringpath = _config->Find("APT::GPGV::TrustedKeyring", "/etc/apt/trusted.gpg"); + string keyringspath = _config->Find("APT::GPGV::TrustedKeyringsPath", "/etc/apt/trusted-keys"); if (_config->FindB("Debug::Acquire::gpgv", false)) { std::cerr << "gpgv path: " << gpgvpath << std::endl; - std::cerr << "Keyring path: " << pubringpath << std::endl; + std::cerr << "Keyrings path: " << keyringspath << std::endl; } - if (stat(pubringpath.c_str(), &buff) != 0) + if (stat(keyringspath.c_str(), &buff) != 0) { - ioprintf(ret, _("Couldn't access keyring: '%s'"), strerror(errno)); + ioprintf(ret, _("Couldn't access keyrings path: '%s'"), strerror(errno)); return ret.str(); } + vector<string> keyrings = GetKeyrings(keyringspath); + if (keyrings.empty()) + { + return "No keyrings installed"; + } if (pipe(fd) < 0) { return "Couldn't create pipe"; @@ -82,8 +91,11 @@ Args[i++] = gpgvpath.c_str(); Args[i++] = "--status-fd"; Args[i++] = "3"; - Args[i++] = "--keyring"; - Args[i++] = pubringpath.c_str(); + for (vector<string>::const_iterator I = keyrings.begin(); I != keyrings.end(); I++) + { + Args[i++] = "--keyring"; + Args[i++] = I->c_str(); + } Configuration::Item const *Opts; Opts = _config->Tree("Acquire::gpgv::Options"); @@ -213,6 +225,31 @@ } } +vector<string> GPGVMethod::GetKeyrings(const string keyringspath) +{ + vector<string> ret; + DIR *D = opendir(keyringspath.c_str()); + if (D) + { + for (struct dirent *Ent = readdir(D); Ent != 0; Ent = readdir(D)) + { + // Match against pattern + if (fnmatch("*.gpg", Ent->d_name, 0)) + continue; + + // Make sure it is a regular file + string File = flCombine(keyringspath,Ent->d_name); + struct stat St; + if (stat(File.c_str(),&St) != 0 || S_ISREG(St.st_mode) == 0) + continue; + + ret.push_back(File); + } + closedir(D); + } + return ret; +} + bool GPGVMethod::Fetch(FetchItem *Itm) { URI Get = Itm->Uri;
Attachment:
pgpLeySRHann4.pgp
Description: PGP signature