Package: apt
Version: 1.8.4
Severity: wishlist


this bug is a follow up of

mmdebstrap wants to have an answer to the question "does apt trust this
key" and it would be nice if the answer would come from apt directly
because what I'm currently doing, is to manually invoke gpg on whatever
I find in /etc/apt/trusted.gpg and /etc/apt/trusted.gpg.d/, list the
fingerprints and check whether the fingerprint I am looking for is in
the result or not.

DonKult proposed the following patch:

     diff --git a/cmdline/ b/cmdline/
     @@ -781,6 +781,16 @@ case "$command" in
             foreach_keyring_do 'list_keys_in_keyring' --fingerprint "$@"
     +    is-trusted)
     +       merge_all_trusted_keyrings_into_pubring
     +       if [ "$#" = '0' -o "$(aptkey_execute "$GPG_SH" --keyring 
"${GPGHOMEDIR}/pubring.gpg" --with-colons --list-keys "$@"
     2>/dev/null | grep -c '^pub:')" != "$#" ]; then
     +          exit 1
     +       fi
     +       ;;
     +    list-fingerprints)
     +       setup_merged_keyring
     +       aptkey_execute "$GPG" --with-colons --list-keys 2>/dev/null | grep 
'^fpr:' | cut -d':' -f 10
     +       ;;

For my purposes I basically don't care whether apt gives me the key
material itself or just a list of fingerprints as proposed above. The
only improvement would be, if I could also pass a keyring filename
because with the above I would still have to run gpg to extract the
fingerprint from the filename I have.

Something like this would be ideal:

    $ apt-key is-trusted /usr/share/keyrings/debian-archive-keyring.gpg
    $ echo $?


cheers, josch

Reply via email to