[lxc-devel] [distrobuilder/master] managers/apt: Handle repo keys

[monstermunchkin on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/316

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
This adds support for custom repo keys. If the full public key is
provided, it just gets imported by `apt-key`. If the key ID is provided,
gpg retrieves the public key before passing it to `apt-key`. In order
for the latter to succeed, gpg needs to be installed early.

This fixes #315 

Signed-off-by: Thomas Hipp <thomas.h...@canonical.com>

From 77201768828be66c28bbfb6dc3f1d994c233c89f Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.h...@canonical.com>
Date: Tue, 31 Mar 2020 13:16:07 +0200
Subject: [PATCH] managers/apt: Handle repo keys

This adds support for custom repo keys. If the full public key is
provided, it just gets imported by `apt-key`. If the key ID is provided,
gpg retrieves the public key before passing it to `apt-key`. In order
for the latter to succeed, gpg needs to be installed early.

Signed-off-by: Thomas Hipp <thomas.h...@canonical.com>
---
 managers/apt.go | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/managers/apt.go b/managers/apt.go
index e7106e7..16b31a8 100644
--- a/managers/apt.go
+++ b/managers/apt.go
@@ -1,7 +1,9 @@
 package managers
 
 import (
+       "bytes"
        "fmt"
+       "io"
        "io/ioutil"
        "os"
        "path/filepath"
@@ -105,6 +107,34 @@ func NewApt() *Manager {
                                }
                        }
 
+                       if repoAction.Key != "" {
+                               var reader io.Reader
+
+                               if strings.HasPrefix(repoAction.Key, 
"-----BEGIN PGP PUBLIC KEY BLOCK-----") {
+                                       reader = 
strings.NewReader(repoAction.Key)
+                               } else {
+                                       // If only key ID is provided, we need 
gpg to be installed early.
+                                       _, err := lxd.RunCommand("gpg", 
"--recv-keys", repoAction.Key)
+                                       if err != nil {
+                                               return err
+                                       }
+
+                                       var buf bytes.Buffer
+
+                                       err = lxd.RunCommandWithFds(nil, &buf, 
"gpg", "--export", "--armor", repoAction.Key)
+                                       if err != nil {
+                                               return err
+                                       }
+
+                                       reader = &buf
+                               }
+
+                               err = lxd.RunCommandWithFds(reader, nil, 
"apt-key", "add", "-")
+                               if err != nil {
+                                       return err
+                               }
+                       }
+
                        return nil
                },
        }

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel