Package: apt Version: 1.8.4 Severity: wishlist Hi,
this bug is a follow up of https://lists.debian.org/20200207000348.neeqjzu3qx6zwnul@crossbow mmdebstrap wants to have an answer to the question "does apt trust this key" and it would be nice if the answer would come from apt directly because what I'm currently doing, is to manually invoke gpg on whatever I find in /etc/apt/trusted.gpg and /etc/apt/trusted.gpg.d/, list the fingerprints and check whether the fingerprint I am looking for is in the result or not. DonKult proposed the following patch: diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in @@ -781,6 +781,16 @@ case "$command" in warn_on_script_usage foreach_keyring_do 'list_keys_in_keyring' --fingerprint "$@" ;; + is-trusted) + merge_all_trusted_keyrings_into_pubring + if [ "$#" = '0' -o "$(aptkey_execute "$GPG_SH" --keyring "${GPGHOMEDIR}/pubring.gpg" --with-colons --list-keys "$@" 2>/dev/null | grep -c '^pub:')" != "$#" ]; then + exit 1 + fi + ;; + list-fingerprints) + setup_merged_keyring + aptkey_execute "$GPG" --with-colons --list-keys 2>/dev/null | grep '^fpr:' | cut -d':' -f 10 + ;; export|exportall) warn_on_script_usage merge_all_trusted_keyrings_into_pubring For my purposes I basically don't care whether apt gives me the key material itself or just a list of fingerprints as proposed above. The only improvement would be, if I could also pass a keyring filename because with the above I would still have to run gpg to extract the fingerprint from the filename I have. Something like this would be ideal: $ apt-key is-trusted /usr/share/keyrings/debian-archive-keyring.gpg $ echo $? 0 Thanks! cheers, josch