[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH 2/3] builder: trust the imported keys



In every SigChecker, trust by default the keys imported.
This should make gpg happier when using the keys later, used only when
validating the signatures of index files.
---
 builder/sigchecker.ml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
index a1a4220..b54977f 100644
--- a/builder/sigchecker.ml
+++ b/builder/sigchecker.ml
@@ -33,7 +33,7 @@ type t = {
 }
 
 (* Import the specified key file. *)
-let import_keyfile ~gpg ~gpghome ~verbose keyfile =
+let import_keyfile ~gpg ~gpghome ~verbose ?(trust = true) keyfile =
   let status_file = Filename.temp_file "vbstat" ".txt" in
   unlink_on_exit status_file;
   let cmd = sprintf "%s --homedir %s --status-file %s --import %s%s"
@@ -45,14 +45,25 @@ let import_keyfile ~gpg ~gpghome ~verbose keyfile =
     error (f_"could not import public key\nUse the '-v' option and look for earlier error messages.");
   let status = read_whole_file status_file in
   let status = string_nsplit "\n" status in
+  let key_id = ref "" in
   let fingerprint = ref "" in
   List.iter (
     fun line ->
       let line = string_nsplit " " line in
       match line with
       | "[GNUPG:]" :: "IMPORT_OK" :: _ :: fp :: _ -> fingerprint := fp
+      | "[GNUPG:]" :: "IMPORTED" :: key :: _ -> key_id := key
       | _ -> ()
   ) status;
+  if trust then (
+    let cmd = sprintf "%s --homedir %s --trusted-key %s --list-keys%s"
+      gpg gpghome (quote !key_id)
+      (if verbose then "" else " >/dev/null 2>&1") in
+    if verbose then printf "%s\n%!" cmd;
+    let r = Sys.command cmd in
+    if r <> 0 then
+      error (f_"GPG failure: could not trust the imported key\nUse the '-v' option and look for earlier error messages.");
+  );
   !fingerprint
 
 let rec create ~verbose ~gpg ~gpgkey ~check_signature =
-- 
2.1.0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]