diff --git a/api/mirror.go b/api/mirror.go index 4407bbb4..4c4adf7f 100644 --- a/api/mirror.go +++ b/api/mirror.go @@ -23,7 +23,7 @@ func getVerifier(keyRings []string) (pgp.Verifier, error) { verifier.AddKeyring(keyRing) } - err := verifier.InitKeyring() + err := verifier.InitKeyring(false) if err != nil { return nil, err } diff --git a/cmd/mirror.go b/cmd/mirror.go index 156b4e83..a246d23a 100644 --- a/cmd/mirror.go +++ b/cmd/mirror.go @@ -10,13 +10,17 @@ import ( func getVerifier(flags *flag.FlagSet) (pgp.Verifier, error) { keyRings := flags.Lookup("keyring").Value.Get().([]string) + ignoreSignatures := context.Config().GpgDisableVerify + if context.Flags().IsSet("ignore-signatures") { + ignoreSignatures = context.Flags().Lookup("ignore-signatures").Value.Get().(bool) + } verifier := context.GetVerifier() for _, keyRing := range keyRings { verifier.AddKeyring(keyRing) } - err := verifier.InitKeyring() + err := verifier.InitKeyring(ignoreSignatures == false) // be verbose only if verifying signatures is requested if err != nil { return nil, err } diff --git a/cmd/mirror_create.go b/cmd/mirror_create.go index 7b6da641..9964e635 100644 --- a/cmd/mirror_create.go +++ b/cmd/mirror_create.go @@ -20,7 +20,10 @@ func aptlyMirrorCreate(cmd *commander.Command, args []string) error { downloadSources := LookupOption(context.Config().DownloadSourcePackages, context.Flags(), "with-sources") downloadUdebs := context.Flags().Lookup("with-udebs").Value.Get().(bool) downloadInstaller := context.Flags().Lookup("with-installer").Value.Get().(bool) - ignoreSignatures := context.Flags().Lookup("ignore-signatures").Value.Get().(bool) + ignoreSignatures := context.Config().GpgDisableVerify + if context.Flags().IsSet("ignore-signatures") { + ignoreSignatures = context.Flags().Lookup("ignore-signatures").Value.Get().(bool) + } var ( mirrorName, archiveURL, distribution string diff --git a/cmd/mirror_edit.go b/cmd/mirror_edit.go index 2ee9398b..a5d5376c 100644 --- a/cmd/mirror_edit.go +++ b/cmd/mirror_edit.go @@ -28,7 +28,7 @@ func aptlyMirrorEdit(cmd *commander.Command, args []string) error { } fetchMirror := false - ignoreSignatures := true + ignoreSignatures := context.Config().GpgDisableVerify context.Flags().Visit(func(flag *flag.Flag) { switch flag.Name { case "filter": diff --git a/cmd/mirror_update.go b/cmd/mirror_update.go index f9389bd9..504fb6d1 100644 --- a/cmd/mirror_update.go +++ b/cmd/mirror_update.go @@ -42,7 +42,10 @@ func aptlyMirrorUpdate(cmd *commander.Command, args []string) error { } } - ignoreSignatures := context.Flags().Lookup("ignore-signatures").Value.Get().(bool) + ignoreSignatures := context.Config().GpgDisableVerify + if context.Flags().IsSet("ignore-signatures") { + ignoreSignatures = context.Flags().Lookup("ignore-signatures").Value.Get().(bool) + } ignoreChecksums := context.Flags().Lookup("ignore-checksums").Value.Get().(bool) verifier, err := getVerifier(context.Flags()) diff --git a/cmd/repo_include.go b/cmd/repo_include.go index b84b96a3..2e45aec7 100644 --- a/cmd/repo_include.go +++ b/cmd/repo_include.go @@ -29,7 +29,10 @@ func aptlyRepoInclude(cmd *commander.Command, args []string) error { forceReplace := context.Flags().Lookup("force-replace").Value.Get().(bool) acceptUnsigned := context.Flags().Lookup("accept-unsigned").Value.Get().(bool) - ignoreSignatures := context.Flags().Lookup("ignore-signatures").Value.Get().(bool) + ignoreSignatures := context.Config().GpgDisableVerify + if context.Flags().IsSet("ignore-signatures") { + ignoreSignatures = context.Flags().Lookup("ignore-signatures").Value.Get().(bool) + } noRemoveFiles := context.Flags().Lookup("no-remove-files").Value.Get().(bool) repoTemplateString := context.Flags().Lookup("repo").Value.Get().(string) collectionFactory := context.NewCollectionFactory() diff --git a/deb/remote_test.go b/deb/remote_test.go index c331579f..4b55c02b 100644 --- a/deb/remote_test.go +++ b/deb/remote_test.go @@ -21,7 +21,7 @@ import ( type NullVerifier struct { } -func (n *NullVerifier) InitKeyring() error { +func (n *NullVerifier) InitKeyring(_ bool) error { return nil } diff --git a/pgp/gnupg.go b/pgp/gnupg.go index 1e7896b4..63076c3e 100644 --- a/pgp/gnupg.go +++ b/pgp/gnupg.go @@ -163,8 +163,8 @@ func NewGpgVerifier(finder GPGFinder) *GpgVerifier { } // InitKeyring verifies that gpg is installed and some keys are trusted -func (g *GpgVerifier) InitKeyring() error { - if len(g.keyRings) == 0 { +func (g *GpgVerifier) InitKeyring(verbose bool) error { + if len(g.keyRings) == 0 && verbose { // using default keyring output, err := exec.Command(g.gpg, "--no-default-keyring", "--no-auto-check-trustdb", "--keyring", "trustedkeys.gpg", "--list-keys").Output() if err == nil && len(output) == 0 { diff --git a/pgp/gnupg_test.go b/pgp/gnupg_test.go index e1a30a0b..afc11d2d 100644 --- a/pgp/gnupg_test.go +++ b/pgp/gnupg_test.go @@ -94,7 +94,7 @@ func (s *Gnupg1VerifierSuite) SetUpTest(c *C) { s.verifier = NewGpgVerifier(finder) s.verifier.AddKeyring("./trusted.gpg") - c.Assert(s.verifier.InitKeyring(), IsNil) + c.Assert(s.verifier.InitKeyring(false), IsNil) } type Gnupg1SignerSuite struct { @@ -122,7 +122,7 @@ func (s *Gnupg1SignerSuite) SetUpTest(c *C) { s.verifier.AddKeyring("./keyrings/aptly.pub") s.verifier.AddKeyring("./keyrings/aptly_passphrase.pub") - c.Assert(s.verifier.InitKeyring(), IsNil) + c.Assert(s.verifier.InitKeyring(false), IsNil) s.SignerSuite.SetUpTest(c) } @@ -143,7 +143,7 @@ func (s *Gnupg2VerifierSuite) SetUpTest(c *C) { s.verifier = NewGpgVerifier(finder) s.verifier.AddKeyring("./trusted.gpg") - c.Assert(s.verifier.InitKeyring(), IsNil) + c.Assert(s.verifier.InitKeyring(false), IsNil) } type Gnupg2SignerSuite struct { @@ -210,7 +210,7 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) { s.verifier = &GoVerifier{} s.verifier.AddKeyring("./keyrings/aptly2_trusted.pub") - c.Assert(s.verifier.InitKeyring(), IsNil) + c.Assert(s.verifier.InitKeyring(false), IsNil) s.skipDefaultKey = true diff --git a/pgp/internal.go b/pgp/internal.go index ca60cfdd..9796295c 100644 --- a/pgp/internal.go +++ b/pgp/internal.go @@ -283,7 +283,7 @@ type GoVerifier struct { } // InitKeyring verifies that gpg is installed and some keys are trusted -func (g *GoVerifier) InitKeyring() error { +func (g *GoVerifier) InitKeyring(verbose bool) error { var err error if len(g.keyRingFiles) == 0 { @@ -304,7 +304,7 @@ func (g *GoVerifier) InitKeyring() error { } } - if len(g.trustedKeyring) == 0 { + if len(g.trustedKeyring) == 0 && verbose { fmt.Printf("\nLooks like your keyring with trusted keys is empty. You might consider importing some keys.\n") if len(g.keyRingFiles) == 0 { // using default keyring diff --git a/pgp/internal_test.go b/pgp/internal_test.go index 1780e73d..0e31b6ba 100644 --- a/pgp/internal_test.go +++ b/pgp/internal_test.go @@ -14,7 +14,7 @@ func (s *GoVerifierSuite) SetUpTest(c *C) { s.verifier = &GoVerifier{} s.verifier.AddKeyring("./trusted.gpg") - c.Assert(s.verifier.InitKeyring(), IsNil) + c.Assert(s.verifier.InitKeyring(false), IsNil) } type GoSignerSuite struct { @@ -36,7 +36,7 @@ func (s *GoSignerSuite) SetUpTest(c *C) { s.verifier.AddKeyring("./keyrings/aptly.pub") s.verifier.AddKeyring("./keyrings/aptly_passphrase.pub") - c.Assert(s.verifier.InitKeyring(), IsNil) + c.Assert(s.verifier.InitKeyring(false), IsNil) s.SignerSuite.SetUpTest(c) } diff --git a/pgp/pgp.go b/pgp/pgp.go index 37ef497c..228dbaaa 100644 --- a/pgp/pgp.go +++ b/pgp/pgp.go @@ -51,7 +51,7 @@ type Signer interface { // Verifier interface describes signature verification factility type Verifier interface { - InitKeyring() error + InitKeyring(verbose bool) error AddKeyring(keyring string) VerifyDetachedSignature(signature, cleartext io.Reader, showKeyTip bool) error IsClearSigned(clearsigned io.Reader) (bool, error)