Added gpg api so mirror updates are fully functional from api

api/gpg.go

@@ -0,0 +1,71 @@
+package api
+
+import (
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/gin-gonic/gin"
+)
+
+// POST /api/gpg
+func apiGPGAddKey(c *gin.Context) {
+	var b struct {
+		Keyserver   string
+		GpgKeyID    string
+		GpgKeyArmor string
+		Keyring     string
+	}
+
+	if c.Bind(&b) != nil {
+		return
+	}
+
+	var err error
+	args := []string{"--no-default-keyring"}
+	keyring := "trustedkeys.gpg"
+	if len(b.Keyring) > 0 {
+		keyring = b.Keyring
+	}
+	args = append(args, "--keyring", keyring)
+	if len(b.Keyserver) > 0 {
+		args = append(args, "--keyserver", b.Keyserver)
+	}
+	if len(b.GpgKeyArmor) > 0 {
+		var tempdir string
+		tempdir, err = ioutil.TempDir(os.TempDir(), "aptly")
+		if err != nil {
+			c.AbortWithError(400, err)
+			return
+		}
+		defer os.RemoveAll(tempdir)
+
+		keypath := filepath.Join(tempdir, "key")
+		keyfile, e := os.Create(keypath)
+		if e != nil {
+			c.AbortWithError(400, e)
+			return
+		}
+		if _, e = keyfile.WriteString(b.GpgKeyArmor); e != nil {
+			c.AbortWithError(400, e)
+		}
+		args = append(args, "--import", keypath)
+
+	}
+	if len(b.GpgKeyID) > 0 {
+		args = append(args, "--recv", b.GpgKeyID)
+	}
+
+	// it might happened that we have a situation with an erroneous
+	// gpg command (e.g. when GpgKeyID and GpgKeyArmor is set).
+	// there is no error handling for such as gpg will do this for us
+	cmd := exec.Command("gpg", args...)
+	cmd.Stdout = os.Stdout
+	if err = cmd.Run(); err != nil {
+		c.AbortWithError(400, err)
+		return
+	}
+
+	c.JSON(200, gin.H{})
+}

api/router.go

@@ -87,6 +87,10 @@ func Router(c *ctx.AptlyContext) http.Handler {
 		root.DELETE("/mirrors/:name", apiMirrorsDrop)
 	}
 
+	{
+		root.POST("/gpg/key", apiGPGAddKey)
+	}
+
 	{
 		root.GET("/files", apiFilesListDirs)
 		root.POST("/files/:dir", apiFilesUpload)

system/t12_api/gpg.py

@@ -0,0 +1,53 @@
+import inspect
+import os
+import subprocess
+import tempfile
+
+from api_lib import APITest
+
+
+def check_gpgkey_exists(gpg_key, keyring):
+    subprocess.check_call([
+        "gpg", "--no-default-keyring",
+        "--keyring", keyring,
+        "--fingerprint", gpg_key,
+    ])
+
+
+class GPGAPITestAddKey(APITest):
+    """
+    POST /gpg/key
+    """
+    def check(self):
+        with tempfile.NamedTemporaryFile(suffix=".pub") as keyring:
+            gpgkeyid = "9E3E53F19C7DE460"
+            resp = self.post("/api/gpg/key", json={
+                "Keyserver": "keys.gnupg.net",
+                "Keyring": keyring.name,
+                "GpgKeyID": gpgkeyid
+            })
+
+            self.check_equal(resp.status_code, 200)
+            check_gpgkey_exists(gpgkeyid, keyring.name)
+
+
+class GPGAPITestAddKeyArmor(APITest):
+    """
+    POST /gpg/key
+    """
+    def check(self):
+        keyfile = os.path.join(os.path.dirname(inspect.getsourcefile(APITest)),
+                               "files") + "/launchpad.key"
+        gpgkeyid = "3B1F56C0"
+
+        with open(keyfile, 'r') as keyf:
+            gpgkeyarmor = keyf.read()
+
+        with tempfile.NamedTemporaryFile(suffix=".pub") as keyring:
+            resp = self.post("/api/gpg/key", json={
+                "Keyring": keyring.name,
+                "GpgKeyArmor": gpgkeyarmor
+            })
+
+            self.check_equal(resp.status_code, 200)
+            check_gpgkey_exists(gpgkeyid, keyring.name)