3 `%* @sVdZddlmZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ej jdkrleZyddlmZeWnek rYnXGdddeZGd d d eZGd d d eZd dZddZddZddZddZddZddZddZ ddZ!dd Z"e#d!krRd"d#d$d#e j$xe"D]Z%e&e%q@WdS)%z4Handle GnuPG keys used to trust signed repositories.)print_functionN)gettext)Listc@s eZdZdS) AptKeyErrorN)__name__ __module__ __qualname__r r */usr/lib/python3/dist-packages/apt/auth.pyr2src@seZdZdZdS)AptKeyIDTooShortErrorz!Internal class do not rely on it.N)rrr __doc__r r r r r 6sr c@s eZdZdZddZddZdS) TrustedKeyzRepresents a trusted key.cCs ||_t||_||_||_dS)N)Zraw_name_namekeyiddate)selfrrrr r r __init__>s zTrustedKey.__init__cCsd|j|j|jfS)Nz%s %s %s)rrr)rr r r __str__FszTrustedKey.__str__N)rrr r rrr r r r r:src Os0d}tjjddg}|j|tjj}d|d<d|d<ztjjdd krtj d d d }|j tjj j d |j |j|d<tj||dtjtjtjd}|jdd}t|t}tjjdkr|r|j d}|j|\}} |jrtd|jdj||| fn| rtjj | |jS|dk r*|jXdS)z0Run the apt-key script with the given arguments.NzDir::Bin::Apt-Keyz/usr/bin/apt-keyCZLANG1Z$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGEZDir/zapt-keyz.conf)prefixsuffixzUTF-8Z APT_CONFIGT)envuniversal_newlinesstdinstdoutstderrrzutf-8zGThe apt-key script failed with return code %s: %s stdout: %s stderr: %s )apt_pkgconfigZ find_fileextendosenvironcopyZfind_dirtempfileZNamedTemporaryFilewritedumpencodeflushr subprocessPopenPIPEget isinstanceunicodesys version_infomajor communicate returncoderjoinrstripclose) argskwargsconfcmdrproccontentZ isunicodeoutputrr r r _call_apt_key_scriptJs>           rBcCs@tjj|std|tj|tjs2td|td|dS)zImport a GnuPG key file to trust repositores signed by it. Keyword arguments: filename -- the absolute path to the public GnuPG key file z An absolute path is required: %szKey file cannot be accessed: %saddN)r%pathabspathraccessR_OKrB)filenamer r r add_key_from_file{s    rIcCsRtj}z,yt|||Wntk r0YnXWddd}tj||dXdS)zImport a GnuPG key file to trust repositores signed by it. Keyword arguments: keyid -- the long keyid (fingerprint) of the key, e.g. A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553 keyserver -- the URL or hostname of the key server NcSs(t|dtr"|djtjkr"dSdS)N)r1OSErrorerrnoENOENT)funcrDexc_infor r r onerrorsz'add_key_from_keyserver..onerror)rP)r(Zmkdtemp_add_key_from_keyserver ExceptionshutilZrmtree)r keyservertmp_keyring_dirrPr r r add_key_from_keyservers  rVc CsNt|jddjddd kr$tdtjj|d}tjj|d}d d d d |g}tj|d |d|d|d|g}|dkrtd||ftjj|d}tj|d|d|d|g}|dkrtd|tj |d|ddddgtj ddj d}d} x*|j D]} | j dr| jdd} PqW|jddj} | | krBtd|| ft|dS)!Nr!Z0xz,Only fingerprints (v4, 160bit) are supportedz secring.gpgz pubring.gpgZgpgz--no-default-keyringz --no-optionsz --homedirz--secret-keyringz --keyringz --keyserverz--recvrzrecv from '%s' failed for '%s'zexport-keyring.gpgz--outputz--exportzexport of '%s' failedz --fingerprintz--batchz--fixed-list-modez --with-colonsT)rrzfpr:: gD@)lenreplacer r%rDr8r-callrr.r/r6 splitlines startswithsplitupperrI) rrTrUZtmp_secret_keyringZ tmp_keyringZgpg_default_optionsresZtmp_export_keyringrAZgot_fingerprintlineZsigning_key_fingerprintr r r rQsV       rQcCstddddd|ddS)zImport a GnuPG key to trust repositores signed by it. Keyword arguments: content -- the content of the GnuPG public key advz--quietz--batchz--import-)rN)rB)r@r r r add_keysrgcCstd|dS)zRemove a GnuPG key to no longer trust repositores signed by it. Keyword arguments: fingerprint -- the fingerprint identifying the key ZrmN)rB) fingerprintr r r remove_keysricCs td|S)zxReturn the GnuPG key in text format. Keyword arguments: fingerprint -- the fingerprint identifying the key Zexport)rB)rhr r r export_keysrjcCstdS)aUpdate the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The archive keyring is shipped in the archive-keyring package of your distribution, e.g. the debian-archive-keyring package in Debian. update)rBr r r r rk srkcCstdS)ayWork similar to the update command above, but get the archive keyring from an URI instead and validate it against a master key. This requires an installed wget(1) and an APT build configured to have a server to fetch from and a master keyring to validate. APT in Debian does not support this command and relies on update instead, but Ubuntu's APT does. z net-update)rBr r r r net_updates rlcCs|tddddd}g}xb|jdD]T}|jd}|dd krB|d }|dd kr |d }|d }t|||}|j|q W|S)zaReturns a list of TrustedKey instances for each key which is used to trust repositories. rez --with-colonsz--batchz--fixed-list-modez --list-keys rZrZpubrYuidr[)rBrarappend)rArcrdZfieldsrrnZ creation_datekeyr r r list_keys s    rr__main__cCstdS)Nz;Ubuntu Archive Automatic Signing Key )rr r r r 9srtcCstdS)Nz:Ubuntu CD Image Automatic Signing Key )rr r r r rt:s)'r Z __future__rrLr%os.pathrSr-r3r(r"rrr4r5strr2Ztypingr ImportErrorrRrr objectrrBrIrVrQrgrirjrkrlrrrZinitZ trusted_keyprintr r r r sH    1H