handle GpgDisableVerify and ignore-signatures consistently

and be less verbose
2026-01-12 03:21:33 +00:00 · 2024-07-03 00:11:01 +02:00
parent d16110068c
commit c1f7e5fe96
12 changed files with 31 additions and 18 deletions
--- a/api/mirror.go
+++ b/api/mirror.go
@@ -23,7 +23,7 @@ func getVerifier(keyRings []string) (pgp.Verifier, error) {
 		verifier.AddKeyring(keyRing)
 	}

-	err := verifier.InitKeyring()
+	err := verifier.InitKeyring(false)
 	if err != nil {
 		return nil, err
 	}
--- a/cmd/mirror.go
+++ b/cmd/mirror.go
@@ -10,13 +10,17 @@ import (

 func getVerifier(flags *flag.FlagSet) (pgp.Verifier, error) {
 	keyRings := flags.Lookup("keyring").Value.Get().([]string)
+        ignoreSignatures := context.Config().GpgDisableVerify
+	if context.Flags().IsSet("ignore-signatures") {
+		ignoreSignatures = context.Flags().Lookup("ignore-signatures").Value.Get().(bool)
+	}

 	verifier := context.GetVerifier()
 	for _, keyRing := range keyRings {
 		verifier.AddKeyring(keyRing)
 	}

-	err := verifier.InitKeyring()
+	err := verifier.InitKeyring(ignoreSignatures == false)  // be verbose only if verifying signatures is requested
 	if err != nil {
 		return nil, err
 	}
--- a/cmd/mirror_create.go
+++ b/cmd/mirror_create.go
@@ -20,7 +20,10 @@ func aptlyMirrorCreate(cmd *commander.Command, args []string) error {
 	downloadSources := LookupOption(context.Config().DownloadSourcePackages, context.Flags(), "with-sources")
 	downloadUdebs := context.Flags().Lookup("with-udebs").Value.Get().(bool)
 	downloadInstaller := context.Flags().Lookup("with-installer").Value.Get().(bool)
-	ignoreSignatures := context.Flags().Lookup("ignore-signatures").Value.Get().(bool)
+        ignoreSignatures := context.Config().GpgDisableVerify
+	if context.Flags().IsSet("ignore-signatures") {
+		ignoreSignatures = context.Flags().Lookup("ignore-signatures").Value.Get().(bool)
+	}

 	var (
 		mirrorName, archiveURL, distribution string
--- a/cmd/mirror_edit.go
+++ b/cmd/mirror_edit.go
@@ -28,7 +28,7 @@ func aptlyMirrorEdit(cmd *commander.Command, args []string) error {
 	}

 	fetchMirror := false
-        ignoreSignatures := true
+        ignoreSignatures := context.Config().GpgDisableVerify
 	context.Flags().Visit(func(flag *flag.Flag) {
 		switch flag.Name {
 		case "filter":
--- a/cmd/mirror_update.go
+++ b/cmd/mirror_update.go
@@ -42,7 +42,10 @@ func aptlyMirrorUpdate(cmd *commander.Command, args []string) error {
 		}
 	}

-	ignoreSignatures := context.Flags().Lookup("ignore-signatures").Value.Get().(bool)
+        ignoreSignatures := context.Config().GpgDisableVerify
+	if context.Flags().IsSet("ignore-signatures") {
+		ignoreSignatures = context.Flags().Lookup("ignore-signatures").Value.Get().(bool)
+	}
 	ignoreChecksums := context.Flags().Lookup("ignore-checksums").Value.Get().(bool)

 	verifier, err := getVerifier(context.Flags())
--- a/cmd/repo_include.go
+++ b/cmd/repo_include.go
@@ -29,7 +29,10 @@ func aptlyRepoInclude(cmd *commander.Command, args []string) error {

 	forceReplace := context.Flags().Lookup("force-replace").Value.Get().(bool)
 	acceptUnsigned := context.Flags().Lookup("accept-unsigned").Value.Get().(bool)
-	ignoreSignatures := context.Flags().Lookup("ignore-signatures").Value.Get().(bool)
+        ignoreSignatures := context.Config().GpgDisableVerify
+	if context.Flags().IsSet("ignore-signatures") {
+		ignoreSignatures = context.Flags().Lookup("ignore-signatures").Value.Get().(bool)
+	}
 	noRemoveFiles := context.Flags().Lookup("no-remove-files").Value.Get().(bool)
 	repoTemplateString := context.Flags().Lookup("repo").Value.Get().(string)
 	collectionFactory := context.NewCollectionFactory()
--- a/deb/remote_test.go
+++ b/deb/remote_test.go
@@ -21,7 +21,7 @@ import (
 type NullVerifier struct {
 }

-func (n *NullVerifier) InitKeyring() error {
+func (n *NullVerifier) InitKeyring(_ bool) error {
 	return nil
 }

--- a/pgp/gnupg.go
+++ b/pgp/gnupg.go
@@ -163,8 +163,8 @@ func NewGpgVerifier(finder GPGFinder) *GpgVerifier {
 }

 // InitKeyring verifies that gpg is installed and some keys are trusted
-func (g *GpgVerifier) InitKeyring() error {
-	if len(g.keyRings) == 0 {
+func (g *GpgVerifier) InitKeyring(verbose bool) error {
+	if len(g.keyRings) == 0 && verbose {
 		// using default keyring
 		output, err := exec.Command(g.gpg, "--no-default-keyring", "--no-auto-check-trustdb", "--keyring", "trustedkeys.gpg", "--list-keys").Output()
 		if err == nil && len(output) == 0 {
--- a/pgp/gnupg_test.go
+++ b/pgp/gnupg_test.go
@@ -94,7 +94,7 @@ func (s *Gnupg1VerifierSuite) SetUpTest(c *C) {
 	s.verifier = NewGpgVerifier(finder)
 	s.verifier.AddKeyring("./trusted.gpg")

-	c.Assert(s.verifier.InitKeyring(), IsNil)
+	c.Assert(s.verifier.InitKeyring(false), IsNil)
 }

 type Gnupg1SignerSuite struct {
@@ -122,7 +122,7 @@ func (s *Gnupg1SignerSuite) SetUpTest(c *C) {
 	s.verifier.AddKeyring("./keyrings/aptly.pub")
 	s.verifier.AddKeyring("./keyrings/aptly_passphrase.pub")

-	c.Assert(s.verifier.InitKeyring(), IsNil)
+	c.Assert(s.verifier.InitKeyring(false), IsNil)

 	s.SignerSuite.SetUpTest(c)
 }
@@ -143,7 +143,7 @@ func (s *Gnupg2VerifierSuite) SetUpTest(c *C) {
 	s.verifier = NewGpgVerifier(finder)
 	s.verifier.AddKeyring("./trusted.gpg")

-	c.Assert(s.verifier.InitKeyring(), IsNil)
+	c.Assert(s.verifier.InitKeyring(false), IsNil)
 }

 type Gnupg2SignerSuite struct {
@@ -210,7 +210,7 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
 	s.verifier = &GoVerifier{}
 	s.verifier.AddKeyring("./keyrings/aptly2_trusted.pub")

-	c.Assert(s.verifier.InitKeyring(), IsNil)
+	c.Assert(s.verifier.InitKeyring(false), IsNil)

 	s.skipDefaultKey = true

--- a/pgp/internal.go
+++ b/pgp/internal.go
@@ -283,7 +283,7 @@ type GoVerifier struct {
 }

 // InitKeyring verifies that gpg is installed and some keys are trusted
-func (g *GoVerifier) InitKeyring() error {
+func (g *GoVerifier) InitKeyring(verbose bool) error {
 	var err error

 	if len(g.keyRingFiles) == 0 {
@@ -304,7 +304,7 @@ func (g *GoVerifier) InitKeyring() error {
 		}
 	}

-	if len(g.trustedKeyring) == 0 {
+	if len(g.trustedKeyring) == 0 && verbose {
 		fmt.Printf("\nLooks like your keyring with trusted keys is empty. You might consider importing some keys.\n")
 		if len(g.keyRingFiles) == 0 {
 			// using default keyring
--- a/pgp/internal_test.go
+++ b/pgp/internal_test.go
@@ -14,7 +14,7 @@ func (s *GoVerifierSuite) SetUpTest(c *C) {
 	s.verifier = &GoVerifier{}
 	s.verifier.AddKeyring("./trusted.gpg")

-	c.Assert(s.verifier.InitKeyring(), IsNil)
+	c.Assert(s.verifier.InitKeyring(false), IsNil)
 }

 type GoSignerSuite struct {
@@ -36,7 +36,7 @@ func (s *GoSignerSuite) SetUpTest(c *C) {
 	s.verifier.AddKeyring("./keyrings/aptly.pub")
 	s.verifier.AddKeyring("./keyrings/aptly_passphrase.pub")

-	c.Assert(s.verifier.InitKeyring(), IsNil)
+	c.Assert(s.verifier.InitKeyring(false), IsNil)

 	s.SignerSuite.SetUpTest(c)
 }
--- a/pgp/pgp.go
+++ b/pgp/pgp.go
@@ -51,7 +51,7 @@ type Signer interface {

 // Verifier interface describes signature verification factility
 type Verifier interface {
-	InitKeyring() error
+	InitKeyring(verbose bool) error
 	AddKeyring(keyring string)
 	VerifyDetachedSignature(signature, cleartext io.Reader, showKeyTip bool) error
 	IsClearSigned(clearsigned io.Reader) (bool, error)