Skip to content

Commit

Permalink
Honor user specified extra gpg keyrings
Browse files Browse the repository at this point in the history 
Closes: #224

Until now, we were only using the system path for apt keyring. But there
have been multiple reports of the possibility of keyrings being
scattered across the file system.

As such, introduce an `--extra-keyring` option and let the user specify
a directory path where extra keyrings are stored
  • Loading branch information
@rickysarraf
rickysarraf committed Jun 4, 2024
1 parent eb1069b commit 6325d7e
Showing 1 changed file with 42 additions and 28 deletions.
70 changes: 42 additions & 28 deletions apt_offline_core/AptOfflineCoreLib.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -702,33 +702,38 @@ def __init__(self, gpgv=None, keyring=None, Simulate=False):
self.gpgv = gpgv

self.opts = []
if keyring is None:
self.opts.append("--ignore-time-conflict")
for eachPath in self.defaultPaths:
if os.path.isfile(eachPath):
if eachPath.endswith(".asc"):
self.DearmorSig(eachPath)
elif eachPath.endswith(".gpg"):
self.opts.extend(["--keyring", eachPath])
elif os.path.isdir(eachPath):
for eachGPG in os.listdir(eachPath):
if eachGPG.endswith(".asc"):
eachGPG = os.path.join(eachPath, eachGPG)
self.DearmorSig(eachGPG)
elif eachGPG.endswith(".gpg"):
eachGPG = os.path.join(eachPath, eachGPG)
log.verbose(
"Adding %s to the apt-offline keyring\n" % (
eachGPG)
)
self.opts.extend(["--keyring", eachGPG])
if len(self.opts) == 1:
log.err(
"No valid keyring paths found in: %s\n"
% (", ".join(self.defaultPaths))
)
else:
self.opts.extend(["--keyring", keyring, "--ignore-time-conflict"])
self.opts.append("--ignore-time-conflict")

for eachPath in self.defaultPaths:
if os.path.isfile(eachPath):
if eachPath.endswith(".asc"):
self.DearmorSig(eachPath)
elif eachPath.endswith(".gpg"):
self.opts.extend(["--keyring", eachPath])
elif os.path.isdir(eachPath):
for eachGPG in os.listdir(eachPath):
if eachGPG.endswith(".asc"):
eachGPG = os.path.join(eachPath, eachGPG)
self.DearmorSig(eachGPG)
elif eachGPG.endswith(".gpg"):
eachGPG = os.path.join(eachPath, eachGPG)
log.verbose(
"Adding %s to the apt-offline keyring\n" % (
eachGPG)
)
self.opts.extend(["--keyring", eachGPG])

if len(self.opts) == 1:
log.err(
"No valid keyring paths found in: %s\n"
% (", ".join(self.defaultPaths))
)

if keyring:
for eachFile in os.listdir(keyring):
extraKeyringFile = os.path.join(keyring, eachFile)
log.verbose("extraKeyringFile is %s" % extraKeyringFile)
self.opts.extend(["--keyring", extraKeyringFile, "--ignore-time-conflict"])

def DearmorSig(self, asciiSig):
gpgCmd = []
Expand Down Expand Up @@ -1800,6 +1805,7 @@ def __init__(self, args):
self.Bool_SkipChangelog = args.skip_changelog
self.tempdir = tempfile.gettempdir()
self.Bool_StrictDebCheck = args.strict_deb_check
self.extra_keyring = args.extra_keyring

if not os.access(self.tempdir, os.W_OK):
log.err(
Expand Down Expand Up @@ -2210,7 +2216,7 @@ def displayBugs(self, dataType=None):
sys.exit(1)

def verifyAptFileIntegrity(self, FileList):
self.AptSecure = APTVerifySigs(
self.AptSecure = APTVerifySigs(keyring=InstallerInstance.extra_keyring,
Simulate=InstallerInstance.Bool_TestWindows)

self.lFileList = FileList
Expand Down Expand Up @@ -3103,6 +3109,14 @@ def main():
default=None,
)

parser_install.add_argument(
"--extra-keyring",
dest="extra_keyring",
help="Extra Keyring path to include for.",
metavar="/etc/apt/keyring/",
default=None,
)

parser_install.add_argument(
"--skip-bug-reports",
dest="skip_bug_reports",
Expand Down

0 comments on commit 6325d7e

Please sign in to comment.