mirror of
https://github.com/aptly-dev/aptly.git
synced 2026-07-15 11:57:59 +00:00
updating REST api with multiple gpg keys support, due backwards compatibility introducing CSV under same key (gpg-key)
This commit is contained in:
+17
-3
@@ -16,8 +16,8 @@ import (
|
|||||||
type signingParams struct {
|
type signingParams struct {
|
||||||
// Don't sign published repository
|
// Don't sign published repository
|
||||||
Skip bool ` json:"Skip" example:"false"`
|
Skip bool ` json:"Skip" example:"false"`
|
||||||
// GPG key ID to use when signing the release, if not specified default key is used
|
// GPG key ID(s) to use when signing the release, CSV if multiple keys, if not specified default configured key(s) are used
|
||||||
GpgKey string ` json:"GpgKey" example:"A0546A43624A8331"`
|
GpgKey string ` json:"GpgKey" example:"KEY_ID_a,KEY_ID_b"`
|
||||||
// GPG keyring to use (instead of default)
|
// GPG keyring to use (instead of default)
|
||||||
Keyring string ` json:"Keyring" example:"trustedkeys.gpg"`
|
Keyring string ` json:"Keyring" example:"trustedkeys.gpg"`
|
||||||
// GPG secret keyring to use (instead of default) Note: depreciated with gpg2
|
// GPG secret keyring to use (instead of default) Note: depreciated with gpg2
|
||||||
@@ -41,7 +41,21 @@ func getSigner(options *signingParams) (pgp.Signer, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
signer := context.GetSigner()
|
signer := context.GetSigner()
|
||||||
signer.SetKey(options.GpgKey)
|
|
||||||
|
var multiGpgKeys []string
|
||||||
|
// REST params have priority over config
|
||||||
|
if options.GpgKey != "" {
|
||||||
|
for _, p := range strings.Split(options.GpgKey, ",") {
|
||||||
|
if t := strings.TrimSpace(p); t != "" {
|
||||||
|
multiGpgKeys = append(multiGpgKeys, t)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if len(context.Config().GpgKeys) > 0 {
|
||||||
|
multiGpgKeys = context.Config().GpgKeys
|
||||||
|
}
|
||||||
|
for _, gpgKey := range multiGpgKeys {
|
||||||
|
signer.SetKey(gpgKey)
|
||||||
|
}
|
||||||
signer.SetKeyRing(options.Keyring, options.SecretKeyring)
|
signer.SetKeyRing(options.Keyring, options.SecretKeyring)
|
||||||
signer.SetPassphrase(options.Passphrase, options.PassphraseFile)
|
signer.SetPassphrase(options.Passphrase, options.PassphraseFile)
|
||||||
|
|
||||||
|
|||||||
+5
-1
@@ -25,7 +25,11 @@ Public part of the key should be exported from your keyring using `gpg --export
|
|||||||
```
|
```
|
||||||
aptly publish repo my-repo --gpg-key=KEY_ID_a --gpg-key=KEY_ID_b
|
aptly publish repo my-repo --gpg-key=KEY_ID_a --gpg-key=KEY_ID_b
|
||||||
```
|
```
|
||||||
* If `--gpg-key` is specified on the command line, it takes precedence over any gpgKeys configuration in `aptly.conf`.
|
* When using the REST API, the `gpgKey` parameter supports a comma-separated list of key IDs:
|
||||||
|
```
|
||||||
|
"gpgKey": "KEY_ID_a,KEY_ID_b"
|
||||||
|
```
|
||||||
|
* If `--gpg-key` is specified on the command line, or `gpgKey` is provided via the REST API, it takes precedence over any gpgKeys configuration in aptly.conf.
|
||||||
* With multi-key support, aptly will sign all Release files (both clearsigned and detached signatures) with each provided key, ensuring a smooth key rotation process while maintaining compatibility for existing clients.
|
* With multi-key support, aptly will sign all Release files (both clearsigned and detached signatures) with each provided key, ensuring a smooth key rotation process while maintaining compatibility for existing clients.
|
||||||
|
|
||||||
#### Parameters
|
#### Parameters
|
||||||
|
|||||||
Reference in New Issue
Block a user