[Pkg-libvirt-commits] [libguestfs] 03/12: builder: trust the imported keys

Hilko Bengen bengen at moszumanska.debian.org
Sun Nov 1 17:11:55 UTC 2015 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag upstream/1.29.42
in repository libguestfs.

commit 6442bcb7eb13f0a91d9933ef5f3468ac950b7a7a
Author: Pino Toscano <ptoscano at redhat.com>
Date:   Mon May 11 19:06:03 2015 +0200

    builder: trust the imported keys
    
    In every SigChecker, trust by default the keys imported.
    This should make gpg happier when using the keys later, used only when
    validating the signatures of index files.
---
 builder/sigchecker.ml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
index a1a4220..b54977f 100644
--- a/builder/sigchecker.ml
+++ b/builder/sigchecker.ml
@@ -33,7 +33,7 @@ type t = {
 }
 
 (* Import the specified key file. *)
-let import_keyfile ~gpg ~gpghome ~verbose keyfile =
+let import_keyfile ~gpg ~gpghome ~verbose ?(trust = true) keyfile =
   let status_file = Filename.temp_file "vbstat" ".txt" in
   unlink_on_exit status_file;
   let cmd = sprintf "%s --homedir %s --status-file %s --import %s%s"
@@ -45,14 +45,25 @@ let import_keyfile ~gpg ~gpghome ~verbose keyfile =
     error (f_"could not import public key\nUse the '-v' option and look for earlier error messages.");
   let status = read_whole_file status_file in
   let status = string_nsplit "\n" status in
+  let key_id = ref "" in
   let fingerprint = ref "" in
   List.iter (
     fun line ->
       let line = string_nsplit " " line in
       match line with
       | "[GNUPG:]" :: "IMPORT_OK" :: _ :: fp :: _ -> fingerprint := fp
+      | "[GNUPG:]" :: "IMPORTED" :: key :: _ -> key_id := key
       | _ -> ()
   ) status;
+  if trust then (
+    let cmd = sprintf "%s --homedir %s --trusted-key %s --list-keys%s"
+      gpg gpghome (quote !key_id)
+      (if verbose then "" else " >/dev/null 2>&1") in
+    if verbose then printf "%s\n%!" cmd;
+    let r = Sys.command cmd in
+    if r <> 0 then
+      error (f_"GPG failure: could not trust the imported key\nUse the '-v' option and look for earlier error messages.");
+  );
   !fingerprint
 
 let rec create ~verbose ~gpg ~gpgkey ~check_signature =

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libguestfs.git

More information about the Pkg-libvirt-commits mailing list