mirror of
https://github.com/aptly-dev/aptly.git
synced 2026-07-15 11:57:59 +00:00
- #309 adding gpgKeys config key, accepting array of keyRef, cli args has precedence
- #691 adding handling of multiple keyRefs when signing with gpg
This commit is contained in:
+37
-1
@@ -1,6 +1,9 @@
|
|||||||
package cmd
|
package cmd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/aptly-dev/aptly/pgp"
|
"github.com/aptly-dev/aptly/pgp"
|
||||||
"github.com/smira/commander"
|
"github.com/smira/commander"
|
||||||
"github.com/smira/flag"
|
"github.com/smira/flag"
|
||||||
@@ -12,7 +15,23 @@ func getSigner(flags *flag.FlagSet) (pgp.Signer, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
signer := context.GetSigner()
|
signer := context.GetSigner()
|
||||||
signer.SetKey(flags.Lookup("gpg-key").Value.String())
|
|
||||||
|
var gpgKeys []string
|
||||||
|
|
||||||
|
// CLI args have priority over config
|
||||||
|
cliKeys := flags.Lookup("gpg-key").Value.Get().([]string)
|
||||||
|
if len(cliKeys) > 0 {
|
||||||
|
gpgKeys = cliKeys
|
||||||
|
} else if len(context.Config().GpgKeys) > 0 {
|
||||||
|
gpgKeys = context.Config().GpgKeys
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(gpgKeys) > 0 {
|
||||||
|
fmt.Printf("Signing with following gpg keys %s\n", strings.Join(gpgKeys, ", "))
|
||||||
|
}
|
||||||
|
for _, gpgKey := range gpgKeys {
|
||||||
|
signer.SetKey(gpgKey)
|
||||||
|
}
|
||||||
signer.SetKeyRing(flags.Lookup("keyring").Value.String(), flags.Lookup("secret-keyring").Value.String())
|
signer.SetKeyRing(flags.Lookup("keyring").Value.String(), flags.Lookup("secret-keyring").Value.String())
|
||||||
signer.SetPassphrase(flags.Lookup("passphrase").Value.String(), flags.Lookup("passphrase-file").Value.String())
|
signer.SetPassphrase(flags.Lookup("passphrase").Value.String(), flags.Lookup("passphrase-file").Value.String())
|
||||||
signer.SetBatch(flags.Lookup("batch").Value.Get().(bool))
|
signer.SetBatch(flags.Lookup("batch").Value.Get().(bool))
|
||||||
@@ -26,6 +45,23 @@ func getSigner(flags *flag.FlagSet) (pgp.Signer, error) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type gpgKeyFlag struct {
|
||||||
|
gpgKeys []string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *gpgKeyFlag) Set(value string) error {
|
||||||
|
k.gpgKeys = append(k.gpgKeys, value)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *gpgKeyFlag) Get() interface{} {
|
||||||
|
return k.gpgKeys
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *gpgKeyFlag) String() string {
|
||||||
|
return strings.Join(k.gpgKeys, ",")
|
||||||
|
}
|
||||||
|
|
||||||
func makeCmdPublish() *commander.Command {
|
func makeCmdPublish() *commander.Command {
|
||||||
return &commander.Command{
|
return &commander.Command{
|
||||||
UsageLine: "publish",
|
UsageLine: "publish",
|
||||||
|
|||||||
+1
-1
@@ -34,7 +34,7 @@ Example:
|
|||||||
}
|
}
|
||||||
cmd.Flag.String("distribution", "", "distribution name to publish")
|
cmd.Flag.String("distribution", "", "distribution name to publish")
|
||||||
cmd.Flag.String("component", "", "component name to publish (for multi-component publishing, separate components with commas)")
|
cmd.Flag.String("component", "", "component name to publish (for multi-component publishing, separate components with commas)")
|
||||||
cmd.Flag.String("gpg-key", "", "GPG key ID to use when signing the release")
|
cmd.Flag.Var(&gpgKeyFlag{}, "gpg-key", "GPG key ID to use when signing the release (repeatable, can be specified multiple times)")
|
||||||
cmd.Flag.Var(&keyRingsFlag{}, "keyring", "GPG keyring to use (instead of default)")
|
cmd.Flag.Var(&keyRingsFlag{}, "keyring", "GPG keyring to use (instead of default)")
|
||||||
cmd.Flag.String("secret-keyring", "", "GPG secret keyring to use (instead of default)")
|
cmd.Flag.String("secret-keyring", "", "GPG secret keyring to use (instead of default)")
|
||||||
cmd.Flag.String("passphrase", "", "GPG passphrase for the key (warning: could be insecure)")
|
cmd.Flag.String("passphrase", "", "GPG passphrase for the key (warning: could be insecure)")
|
||||||
|
|||||||
@@ -230,7 +230,7 @@ Example:
|
|||||||
}
|
}
|
||||||
cmd.Flag.String("distribution", "", "distribution name to publish")
|
cmd.Flag.String("distribution", "", "distribution name to publish")
|
||||||
cmd.Flag.String("component", "", "component name to publish (for multi-component publishing, separate components with commas)")
|
cmd.Flag.String("component", "", "component name to publish (for multi-component publishing, separate components with commas)")
|
||||||
cmd.Flag.String("gpg-key", "", "GPG key ID to use when signing the release")
|
cmd.Flag.Var(&gpgKeyFlag{}, "gpg-key", "GPG key ID to use when signing the release (repeatable, can be specified multiple times)")
|
||||||
cmd.Flag.Var(&keyRingsFlag{}, "keyring", "GPG keyring to use (instead of default)")
|
cmd.Flag.Var(&keyRingsFlag{}, "keyring", "GPG keyring to use (instead of default)")
|
||||||
cmd.Flag.String("secret-keyring", "", "GPG secret keyring to use (instead of default)")
|
cmd.Flag.String("secret-keyring", "", "GPG secret keyring to use (instead of default)")
|
||||||
cmd.Flag.String("passphrase", "", "GPG passphrase for the key (warning: could be insecure)")
|
cmd.Flag.String("passphrase", "", "GPG passphrase for the key (warning: could be insecure)")
|
||||||
|
|||||||
@@ -151,7 +151,7 @@ This command would switch published repository (with one component) named ppa/wh
|
|||||||
`,
|
`,
|
||||||
Flag: *flag.NewFlagSet("aptly-publish-switch", flag.ExitOnError),
|
Flag: *flag.NewFlagSet("aptly-publish-switch", flag.ExitOnError),
|
||||||
}
|
}
|
||||||
cmd.Flag.String("gpg-key", "", "GPG key ID to use when signing the release")
|
cmd.Flag.Var(&gpgKeyFlag{}, "gpg-key", "GPG key ID to use when signing the release (repeatable, can be specified multiple times)")
|
||||||
cmd.Flag.Var(&keyRingsFlag{}, "keyring", "GPG keyring to use (instead of default)")
|
cmd.Flag.Var(&keyRingsFlag{}, "keyring", "GPG keyring to use (instead of default)")
|
||||||
cmd.Flag.String("secret-keyring", "", "GPG secret keyring to use (instead of default)")
|
cmd.Flag.String("secret-keyring", "", "GPG secret keyring to use (instead of default)")
|
||||||
cmd.Flag.String("passphrase", "", "GPG passphrase for the key (warning: could be insecure)")
|
cmd.Flag.String("passphrase", "", "GPG passphrase for the key (warning: could be insecure)")
|
||||||
|
|||||||
@@ -115,7 +115,7 @@ Example:
|
|||||||
`,
|
`,
|
||||||
Flag: *flag.NewFlagSet("aptly-publish-update", flag.ExitOnError),
|
Flag: *flag.NewFlagSet("aptly-publish-update", flag.ExitOnError),
|
||||||
}
|
}
|
||||||
cmd.Flag.String("gpg-key", "", "GPG key ID to use when signing the release")
|
cmd.Flag.Var(&gpgKeyFlag{}, "gpg-key", "GPG key ID to use when signing the release (repeatable, can be specified multiple times)")
|
||||||
cmd.Flag.Var(&keyRingsFlag{}, "keyring", "GPG keyring to use (instead of default)")
|
cmd.Flag.Var(&keyRingsFlag{}, "keyring", "GPG keyring to use (instead of default)")
|
||||||
cmd.Flag.String("secret-keyring", "", "GPG secret keyring to use (instead of default)")
|
cmd.Flag.String("secret-keyring", "", "GPG secret keyring to use (instead of default)")
|
||||||
cmd.Flag.String("passphrase", "", "GPG passphrase for the key (warning: could be insecure)")
|
cmd.Flag.String("passphrase", "", "GPG passphrase for the key (warning: could be insecure)")
|
||||||
|
|||||||
+8
-4
@@ -22,7 +22,7 @@ var (
|
|||||||
type GpgSigner struct {
|
type GpgSigner struct {
|
||||||
gpg string
|
gpg string
|
||||||
version GPGVersion
|
version GPGVersion
|
||||||
keyRef string
|
keyRefs []string
|
||||||
keyring, secretKeyring string
|
keyring, secretKeyring string
|
||||||
passphrase, passphraseFile string
|
passphrase, passphraseFile string
|
||||||
batch bool
|
batch bool
|
||||||
@@ -35,7 +35,11 @@ func (g *GpgSigner) SetBatch(batch bool) {
|
|||||||
|
|
||||||
// SetKey sets key ID to use when signing files
|
// SetKey sets key ID to use when signing files
|
||||||
func (g *GpgSigner) SetKey(keyRef string) {
|
func (g *GpgSigner) SetKey(keyRef string) {
|
||||||
g.keyRef = keyRef
|
if g.keyRefs == nil {
|
||||||
|
g.keyRefs = []string{strings.TrimSpace(keyRef)}
|
||||||
|
} else {
|
||||||
|
g.keyRefs = append(g.keyRefs, strings.TrimSpace(keyRef))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetKeyRing allows to set custom keyring and secretkeyring
|
// SetKeyRing allows to set custom keyring and secretkeyring
|
||||||
@@ -57,8 +61,8 @@ func (g *GpgSigner) gpgArgs() []string {
|
|||||||
args = append(args, "--secret-keyring", g.secretKeyring)
|
args = append(args, "--secret-keyring", g.secretKeyring)
|
||||||
}
|
}
|
||||||
|
|
||||||
if g.keyRef != "" {
|
for _, k := range g.keyRefs {
|
||||||
args = append(args, "-u", g.keyRef)
|
args = append(args, "-u", k)
|
||||||
}
|
}
|
||||||
|
|
||||||
if g.passphrase != "" || g.passphraseFile != "" {
|
if g.passphrase != "" || g.passphraseFile != "" {
|
||||||
|
|||||||
+5
-3
@@ -49,9 +49,10 @@ type ConfigStructure struct { // nolint: maligned
|
|||||||
DownloadSourcePackages bool `json:"downloadSourcePackages" yaml:"download_sourcepackages"`
|
DownloadSourcePackages bool `json:"downloadSourcePackages" yaml:"download_sourcepackages"`
|
||||||
|
|
||||||
// Signing
|
// Signing
|
||||||
GpgProvider string `json:"gpgProvider" yaml:"gpg_provider"`
|
GpgProvider string `json:"gpgProvider" yaml:"gpg_provider"`
|
||||||
GpgDisableSign bool `json:"gpgDisableSign" yaml:"gpg_disable_sign"`
|
GpgDisableSign bool `json:"gpgDisableSign" yaml:"gpg_disable_sign"`
|
||||||
GpgDisableVerify bool `json:"gpgDisableVerify" yaml:"gpg_disable_verify"`
|
GpgDisableVerify bool `json:"gpgDisableVerify" yaml:"gpg_disable_verify"`
|
||||||
|
GpgKeys []string `json:"gpgKeys" yaml:"gpg_keys"`
|
||||||
|
|
||||||
// Publishing
|
// Publishing
|
||||||
SkipContentsPublishing bool `json:"skipContentsPublishing" yaml:"skip_contents_publishing"`
|
SkipContentsPublishing bool `json:"skipContentsPublishing" yaml:"skip_contents_publishing"`
|
||||||
@@ -226,6 +227,7 @@ var Config = ConfigStructure{
|
|||||||
GpgProvider: "gpg",
|
GpgProvider: "gpg",
|
||||||
GpgDisableSign: false,
|
GpgDisableSign: false,
|
||||||
GpgDisableVerify: false,
|
GpgDisableVerify: false,
|
||||||
|
GpgKeys: []string{},
|
||||||
DownloadSourcePackages: false,
|
DownloadSourcePackages: false,
|
||||||
PackagePoolStorage: PackagePoolStorage{
|
PackagePoolStorage: PackagePoolStorage{
|
||||||
Local: &LocalPoolStorage{Path: ""},
|
Local: &LocalPoolStorage{Path: ""},
|
||||||
|
|||||||
@@ -102,6 +102,7 @@ func (s *ConfigSuite) TestSaveConfig(c *C) {
|
|||||||
" \"gpgProvider\": \"gpg\",\n"+
|
" \"gpgProvider\": \"gpg\",\n"+
|
||||||
" \"gpgDisableSign\": false,\n"+
|
" \"gpgDisableSign\": false,\n"+
|
||||||
" \"gpgDisableVerify\": false,\n"+
|
" \"gpgDisableVerify\": false,\n"+
|
||||||
|
" \"gpgKeys\": null,\n"+
|
||||||
" \"skipContentsPublishing\": false,\n"+
|
" \"skipContentsPublishing\": false,\n"+
|
||||||
" \"skipBz2Publishing\": false,\n"+
|
" \"skipBz2Publishing\": false,\n"+
|
||||||
" \"FileSystemPublishEndpoints\": {\n"+
|
" \"FileSystemPublishEndpoints\": {\n"+
|
||||||
@@ -267,6 +268,7 @@ func (s *ConfigSuite) TestSaveYAML2Config(c *C) {
|
|||||||
"gpg_provider: \"\"\n"+
|
"gpg_provider: \"\"\n"+
|
||||||
"gpg_disable_sign: false\n"+
|
"gpg_disable_sign: false\n"+
|
||||||
"gpg_disable_verify: false\n"+
|
"gpg_disable_verify: false\n"+
|
||||||
|
"gpg_keys: []\n"+
|
||||||
"skip_contents_publishing: false\n"+
|
"skip_contents_publishing: false\n"+
|
||||||
"skip_bz2_publishing: false\n"+
|
"skip_bz2_publishing: false\n"+
|
||||||
"filesystem_publish_endpoints: {}\n"+
|
"filesystem_publish_endpoints: {}\n"+
|
||||||
@@ -322,6 +324,7 @@ download_sourcepackages: true
|
|||||||
gpg_provider: gpg
|
gpg_provider: gpg
|
||||||
gpg_disable_sign: true
|
gpg_disable_sign: true
|
||||||
gpg_disable_verify: true
|
gpg_disable_verify: true
|
||||||
|
gpg_keys: []
|
||||||
skip_contents_publishing: true
|
skip_contents_publishing: true
|
||||||
skip_bz2_publishing: true
|
skip_bz2_publishing: true
|
||||||
filesystem_publish_endpoints:
|
filesystem_publish_endpoints:
|
||||||
|
|||||||
Reference in New Issue
Block a user