vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-05-08 22:30:41 +00:00
Code Issues Projects Releases Wiki Activity

Verifying and signing releases with GPG, new flags.

Browse Source
This commit is contained in:
Andrey Smirnov
2014-02-07 01:22:53 +04:00
parent f5ee710098
commit b532cb19ee
2 changed files with 81 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd_mirror.go
+54 -2
View File
@@ -10,6 +10,43 @@ import (
"strings" "strings"
) )
func getVerifier(cmd *commander.Command) (utils.Verifier, error) {
if utils.Config.GpgDisableVerify || cmd.Flag.Lookup("ignore-signatures").Value.Get().(bool) {
return nil, nil
}
verifier := &utils.GpgVerifier{}
for _, keyRing := range keyRings.keyRings {
verifier.AddKeyring(keyRing)
}
err := verifier.InitKeyring()
if err != nil {
return nil, err
}
return verifier, nil
}
type keyRingsFlag struct {
keyRings []string
}
func (k *keyRingsFlag) Set(value string) error {
k.keyRings = append(k.keyRings, value)
return nil
}
func (k *keyRingsFlag) Get() interface{} {
return k.keyRings
}
func (k *keyRingsFlag) String() string {
return strings.Join(k.keyRings, ",")
}
var keyRings = keyRingsFlag{}
func aptlyMirrorList(cmd *commander.Command, args []string) error { func aptlyMirrorList(cmd *commander.Command, args []string) error {
var err error var err error
if len(args) != 0 { if len(args) != 0 {
@@ -53,7 +90,12 @@ func aptlyMirrorCreate(cmd *commander.Command, args []string) error {
return fmt.Errorf("unable to create mirror: %s", err) return fmt.Errorf("unable to create mirror: %s", err)
} }
err = repo.Fetch(context.downloader) verifier, err := getVerifier(cmd)
if err != nil {
return fmt.Errorf("unable to initialize GPG verifier: %s", err)
}
err = repo.Fetch(context.downloader, verifier)
if err != nil { if err != nil {
return fmt.Errorf("unable to fetch mirror: %s", err) return fmt.Errorf("unable to fetch mirror: %s", err)
} }
@@ -140,7 +182,12 @@ func aptlyMirrorUpdate(cmd *commander.Command, args []string) error {
ignoreMismatch := cmd.Flag.Lookup("ignore-checksums").Value.Get().(bool) ignoreMismatch := cmd.Flag.Lookup("ignore-checksums").Value.Get().(bool)
err = repo.Fetch(context.downloader) verifier, err := getVerifier(cmd)
if err != nil {
return fmt.Errorf("unable to initialize GPG verifier: %s", err)
}
err = repo.Fetch(context.downloader, verifier)
if err != nil { if err != nil {
return fmt.Errorf("unable to update: %s", err) return fmt.Errorf("unable to update: %s", err)
} }
@@ -215,6 +262,9 @@ ex:
Flag: *flag.NewFlagSet("aptly-mirror-create", flag.ExitOnError), Flag: *flag.NewFlagSet("aptly-mirror-create", flag.ExitOnError),
} }
cmd.Flag.Bool("ignore-signatures", false, "disable verification of Release file signatures")
cmd.Flag.Var(&keyRings, "keyring", "gpg keyring to use when verifying Release file (could be specified multiple times)")
return cmd return cmd
} }
@@ -270,6 +320,8 @@ ex:
} }
cmd.Flag.Bool("ignore-checksums", false, "ignore checksum mismatches while downloading package files and metadata") cmd.Flag.Bool("ignore-checksums", false, "ignore checksum mismatches while downloading package files and metadata")
cmd.Flag.Bool("ignore-signatures", false, "disable verification of Release file signatures")
cmd.Flag.Var(&keyRings, "keyring", "gpg keyring to use when verifying Release file (could be specified multiple times)")
return cmd return cmd
} }
cmd_publish.go
+27 -3
View File
@@ -10,6 +10,27 @@ import (
"strings" "strings"
) )
func getSigner(cmd *commander.Command) (utils.Signer, error) {
if cmd.Flag.Lookup("skip-signing").Value.Get().(bool) || utils.Config.GpgDisableSign {
return nil, nil
}
signer := &utils.GpgSigner{}
key := cmd.Flag.Lookup("gpg-key").Value.String()
if key != "" {
signer.SetKey(key)
}
err := signer.Init()
if err != nil {
return nil, err
}
return signer, nil
}
func aptlyPublishSnapshot(cmd *commander.Command, args []string) error { func aptlyPublishSnapshot(cmd *commander.Command, args []string) error {
var err error var err error
if len(args) < 1 || len(args) > 2 { if len(args) < 1 || len(args) > 2 {
@@ -65,9 +86,6 @@ func aptlyPublishSnapshot(cmd *commander.Command, args []string) error {
} }
} }
signer := &utils.GpgSigner{}
signer.SetKey(cmd.Flag.Lookup("gpg-key").Value.String())
published, err := debian.NewPublishedRepo(prefix, distribution, component, context.architecturesList, snapshot) published, err := debian.NewPublishedRepo(prefix, distribution, component, context.architecturesList, snapshot)
if err != nil { if err != nil {
return fmt.Errorf("unable to publish: %s", err) return fmt.Errorf("unable to publish: %s", err)
@@ -79,6 +97,11 @@ func aptlyPublishSnapshot(cmd *commander.Command, args []string) error {
return fmt.Errorf("prefix/distribution already used by another published repo: %s", duplicate) return fmt.Errorf("prefix/distribution already used by another published repo: %s", duplicate)
} }
signer, err := getSigner(cmd)
if err != nil {
return fmt.Errorf("unable to initialize GPG signer: %s", err)
}
packageCollection := debian.NewPackageCollection(context.database) packageCollection := debian.NewPackageCollection(context.database)
err = published.Publish(context.packageRepository, packageCollection, signer) err = published.Publish(context.packageRepository, packageCollection, signer)
if err != nil { if err != nil {
@@ -188,6 +211,7 @@ ex.
cmd.Flag.String("distribution", "", "distribution name to publish") cmd.Flag.String("distribution", "", "distribution name to publish")
cmd.Flag.String("component", "", "component name to publish") cmd.Flag.String("component", "", "component name to publish")
cmd.Flag.String("gpg-key", "", "GPG key ID to use when signing the release") cmd.Flag.String("gpg-key", "", "GPG key ID to use when signing the release")
cmd.Flag.Bool("skip-signing", false, "don't sign Release files with GPG")
return cmd return cmd
} }