a ?ig)@s,dZddlmZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZmZmZGdddeZGdd d eZGd d d eZd d ZddZddZddZddZddZddZddZddZddZe d kr(d!d"d#d"e !eD]Z"e#e"qdS)$z4Handle GnuPG keys used to trust signed repositories.)print_functionN)gettext)ListOptionalTuplec@s eZdZdS) AptKeyErrorN)__name__ __module__ __qualname__r r */usr/lib/python3/dist-packages/apt/auth.pyr+src@seZdZdZdS)AptKeyIDTooShortErrorz!Internal class do not rely on it.N)rr r __doc__r r r r r /sr c@s eZdZdZddZddZdS) TrustedKeyzRepresents a trusted key.cCs ||_t||_||_||_dS)N)Zraw_name_namekeyiddate)selfrrrr r r __init__7s zTrustedKey.__init__cCsd|j|j|jfS)Nz%s %s %s)rrr)rr r r __str__?szTrustedKey.__str__N)rr r rrrr r r r r3src Os d}tjddg}||tj}d|d<d|d<ztjdd krtj d d d }| tj d | |j|d<tj||dtjtjtjd}|dd}||\}}|jrtd|jd|||fn|rtj ||W|dur|Sn|dur|0dS)z0Run the apt-key script with the given arguments.NzDir::Bin::Apt-Keyz/usr/bin/apt-keyCZLANG1Z$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGEZDir/zapt-keyz.conf)prefixsuffixzUTF-8Z APT_CONFIGT)envuniversal_newlinesstdinstdoutstderrrzGThe apt-key script failed with return code %s: %s stdout: %s stderr: %s )apt_pkgZconfigZ find_fileextendosenvironcopyZfind_dirtempfileZNamedTemporaryFilewritedumpencodeflushr subprocessPopenPIPEget communicate returncoderjoinsysr stripclose) argskwargsZconfcmdrprocroutputr r r r _call_apt_key_scriptDsL        r;cCs@tj|std|t|tjs2td|td|dS)zImport a GnuPG key file to trust repositores signed by it. Keyword arguments: filename -- the absolute path to the public GnuPG key file z An absolute path is required: %szKey file cannot be accessed: %saddN)r$pathabspathraccessR_OKr;)filenamer r r add_key_from_fileqs    rBc Csft}z@zt|||Wnty.Yn0Wdd}tj||dndd}tj||d0dS)zImport a GnuPG key file to trust repositores signed by it. Keyword arguments: keyid -- the long keyid (fingerprint) of the key, e.g. A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553 keyserver -- the URL or hostname of the key server cSs(t|dtr"|djtjkr"dSdS)N) isinstanceOSErrorerrnoZENOENT)funcr=exc_infor r r onerrors z'add_key_from_keyserver..onerror)rIN)r'Zmkdtemp_add_key_from_keyserver ExceptionshutilZrmtree)r keyservertmp_keyring_dirrIr r r add_key_from_keyservers   rOc CsNt|dddddkr$tdtj|d}tj|d}dd d d |g}t|d |d |d|d|g}|dkrtd||ftj|d}t|d |d|d|g}|dkrtd|tj |d |ddddgtj dd d}d} | D]"} | dr| dd} qq|dd} | | krBtd|| ft|dS)Nr!Z0xgD@z,Only fingerprints (v4, 160bit) are supportedz secring.gpgz pubring.gpgZgpgz--no-default-keyringz --no-optionsz --homedirz--secret-keyringz --keyringz --keyserverz--recvrzrecv from '%s' failed for '%s'zexport-keyring.gpgz--outputz--exportzexport of '%s' failedz --fingerprint--batch--fixed-list-mode --with-colonsT)rrzfpr:: )lenreplacer r$r=r2r,Zcallrr-r.r0 splitlines startswithsplitupperrB) rrMrNZtmp_secret_keyringZ tmp_keyringZgpg_default_optionsresZtmp_export_keyringr:Zgot_fingerprintlineZsigning_key_fingerprintr r r rJsl       rJcCstddddd|ddS)zImport a GnuPG key to trust repositores signed by it. Keyword arguments: content -- the content of the GnuPG public key advz--quietrQz--import-)rNr;)Zcontentr r r add_keysracCstd|dS)zRemove a GnuPG key to no longer trust repositores signed by it. Keyword arguments: fingerprint -- the fingerprint identifying the key ZrmNr`Z fingerprintr r r remove_keysrccCs td|S)zxReturn the GnuPG key in text format. Keyword arguments: fingerprint -- the fingerprint identifying the key Zexportr`rbr r r export_keysrdcCstdS)aUpdate the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The archive keyring is shipped in the archive-keyring package of your distribution, e.g. the debian-archive-keyring package in Debian. updater`r r r r resrecCstdS)ayWork similar to the update command above, but get the archive keyring from an URI instead and validate it against a master key. This requires an installed wget(1) and an APT build configured to have a server to fetch from and a master keyring to validate. APT in Debian does not support this command and relies on update instead, but Ubuntu's APT does. z net-updater`r r r r net_update s rfcCsxtddddd}g}|dD]T}|d}|dd kr@|d }|dd kr|d }|d }t|||}||q|S)zaReturns a list of TrustedKey instances for each key which is used to trust repositories. r^rSrQrRz --list-keys rTrZpubuidrU)r;rZrappend)r:r\r]fieldsrriZ creation_datekeyr r r list_keyss     rn__main__cCstdS)Nz;Ubuntu Archive Automatic Signing Key rr r r r 0rqcCstdS)Nz:Ubuntu CD Image Automatic Signing Key rpr r r r rq1rr)$rZ __future__rrFr$os.pathrLr,r3r'r"rrtypingrrrrKrr objectrr;rBrOrJrarcrdrerfrnrZinitZ trusted_keyprintr r r r s<  -H