[dpkg] 16/51: Dpkg::OpenPGP: Add support for importing an OpenPGP key into a keyring

Wed, 30 Oct 2019 17:15:14 -0700 

This is an automated email from the git hooks/post-receive script.

guillem pushed a commit to branch master
in repository dpkg.

View the commit online:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=2f238b0e7286d401acd1325e30c86363a1e380db

commit 2f238b0e7286d401acd1325e30c86363a1e380db
Author: Guillem Jover <[email protected]>
AuthorDate: Wed May 1 23:23:03 2019 +0200

    Dpkg::OpenPGP: Add support for importing an OpenPGP key into a keyring
    
    This is needed, for example, to verify original tarball signatures.
---
 debian/changelog        |  1 +
 scripts/Dpkg/OpenPGP.pm | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 876e3460b..168e2d281 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -23,6 +23,7 @@ dpkg (1.20.0) UNRELEASED; urgency=medium
     - perl: Use File::Copy instead of spawning mv/cp commands.
     - Dpkg::OpenPGP: Refactor signature verification into a new function.
     - Dpkg::OpenPGP: Make it possible to verify detached signatures.
+    - Dpkg::OpenPGP: Add support for importing an OpenPGP key into a keyring.
   * Build system:
     - Bump minimal Perl version to 5.24.1.
 
diff --git a/scripts/Dpkg/OpenPGP.pm b/scripts/Dpkg/OpenPGP.pm
index f207af228..f08bd3b12 100644
--- a/scripts/Dpkg/OpenPGP.pm
+++ b/scripts/Dpkg/OpenPGP.pm
@@ -81,6 +81,42 @@ sub openpgp_sig_to_asc
     return;
 }
 
+sub import_key {
+    my ($asc, %opts) = @_;
+
+    $opts{require_valid_signature} //= 1;
+
+    my @exec;
+    if (find_command('gpg')) {
+        push @exec, 'gpg';
+    } elsif ($opts{require_valid_signature}) {
+        error(g_('cannot import key in %s since GnuPG is not installed'),
+              $asc);
+    } else {
+        warning(g_('cannot import key in %s since GnuPG is not installed'),
+                $asc);
+        return;
+    }
+    push @exec, '--no-options', '--no-default-keyring', '-q', '--import';
+    push @exec, '--keyring', $opts{keyring};
+    push @exec, $asc;
+
+    my ($stdout, $stderr);
+    spawn(exec => \@exec, wait_child => 1, nocheck => 1, timeout => 10,
+          to_string => \$stdout, error_to_string => \$stderr);
+    if (WIFEXITED($?)) {
+        my $status = WEXITSTATUS($?);
+        print { *STDERR } "$stdout$stderr" if $status;
+        if ($status == 1 or ($status && $opts{require_valid_signature})) {
+            error(g_('failed to import key in %s'), $asc);
+        } elsif ($status) {
+            warning(g_('failed to import key in %s'), $asc);
+        }
+    } else {
+        subprocerr("@exec");
+    }
+}
+
 sub verify_signature {
     my ($sig, %opts) = @_;
 

-- 
Dpkg.Org's dpkg

Reply via email to