o rag)@s,dZddlmZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZmZmZGdddeZGdd d eZGd d d eZd d ZddZddZddZddZddZddZddZddZddZe d krd!d"d#d"e !eD]Z"e#e"qdSdS)$z4Handle GnuPG keys used to trust signed repositories.)print_functionN)gettext)ListOptionalTuplec@s eZdZdS) AptKeyErrorN)__name__ __module__ __qualname__r r */usr/lib/python3/dist-packages/apt/auth.pyr+src@seZdZdZdS)AptKeyIDTooShortErrorz!Internal class do not rely on it.N)rr r __doc__r r r r r /sr c@s eZdZdZddZddZdS) TrustedKeyzRepresents a trusted key.cCs ||_t||_||_||_dS)N)Zraw_name_namekeyiddate)selfrrrr r r __init__7s  zTrustedKey.__init__cCsd|j|j|jfS)Nz%s %s %s)rrr)rr r r __str__?szTrustedKey.__str__N)rr r rrrr r r r r3s rc Osd}tjddg}||tj}d|d<d|d<zetjdd kr@tj d d d }| tj d | |j|d<tj||dtjtjtjd}|dd}||\}}|jrltd|jd|||f|rttj ||W|dur|SS|dur|ww)z0Run the apt-key script with the given arguments.NzDir::Bin::Apt-Keyz/usr/bin/apt-keyCLANG1Z$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGEZDir/zapt-keyz.conf)prefixsuffixzUTF-8Z APT_CONFIGT)envuniversal_newlinesstdinstdoutstderrrzGThe apt-key script failed with return code %s: %s stdout: %s stderr: %s )apt_pkgZconfigZ find_fileextendosenvironcopyZfind_dirtempfileZNamedTemporaryFilewritedumpencodeflushr subprocessPopenPIPEget communicate returncoderjoinsysr!stripclose) argskwargsconfcmdrprocroutputr!r r r _call_apt_key_scriptDsH        r=cCs@tj|s td|t|tjstd|td|dS)zImport a GnuPG key file to trust repositores signed by it. Keyword arguments: filename -- the absolute path to the public GnuPG key file z An absolute path is required: %szKey file cannot be accessed: %saddN)r%pathabspathraccessR_OKr=)filenamer r r add_key_from_fileqs   rDc Cs`t}zzt|||WntywWdd}tj||ddSdd}tj||dw)zImport a GnuPG key file to trust repositores signed by it. Keyword arguments: keyid -- the long keyid (fingerprint) of the key, e.g. A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553 keyserver -- the URL or hostname of the key server cSs$t|dtr|djtjkrdS)N) isinstanceOSErrorerrnoENOENT)funcr?exc_infor r r onerrors z'add_key_from_keyserver..onerror)rLN)r(Zmkdtemp_add_key_from_keyserver Exceptionshutilrmtree)r keyservertmp_keyring_dirrLr r r add_key_from_keyservers  rSc CsJt|dddddkrtdtj|d}tj|d}dd d d |g}t|d |d |d|d|g}|dkrBtd||ftj|d}t|d |d|d|g}|dkr_td|tj |d |ddddgtj dd d}d} | D]} | dr| dd} nqz|dd} | | krtd|| ft|dS)Nr"0xgD@z,Only fingerprints (v4, 160bit) are supportedz secring.gpgz pubring.gpgZgpgz--no-default-keyringz --no-optionsz --homedirz--secret-keyringz --keyringz --keyserverz--recvrzrecv from '%s' failed for '%s'zexport-keyring.gpgz--outputz--exportzexport of '%s' failedz --fingerprint--batch--fixed-list-mode --with-colonsT)r rzfpr:: )lenreplacer r%r?r3r-callrr.r/r1 splitlines startswithsplitupperrD) rrQrRZtmp_secret_keyringZ tmp_keyringZgpg_default_optionsresZtmp_export_keyringr<Zgot_fingerprintlineZsigning_key_fingerprintr r r rMsn      rMcCstddddd|ddS)zImport a GnuPG key to trust repositores signed by it. Keyword arguments: content -- the content of the GnuPG public key advz--quietrVz--import-)rNr=)Zcontentr r r add_keys rgcCstd|dS)zRemove a GnuPG key to no longer trust repositores signed by it. Keyword arguments: fingerprint -- the fingerprint identifying the key ZrmNrfZ fingerprintr r r remove_keysricCs td|S)zxReturn the GnuPG key in text format. Keyword arguments: fingerprint -- the fingerprint identifying the key Zexportrfrhr r r export_keys rjcCtdS)aUpdate the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The archive keyring is shipped in the archive-keyring package of your distribution, e.g. the debian-archive-keyring package in Debian. updaterfr r r r rlsrlcCrk)ayWork similar to the update command above, but get the archive keyring from an URI instead and validate it against a master key. This requires an installed wget(1) and an APT build configured to have a server to fetch from and a master keyring to validate. APT in Debian does not support this command and relies on update instead, but Ubuntu's APT does. z net-updaterfr r r r net_update s rmcCsxtddddd}g}|dD]*}|d}|dd kr |d }|dd kr9|d }|d }t|||}||q|S)zaReturns a list of TrustedKey instances for each key which is used to trust repositories. rdrXrVrWz --list-keys rYrZpubuidrZ)r=r`rappend)r<rbrcZfieldsrrpZ creation_datekeyr r r list_keyss     rt__main__cCrk)Nz;Ubuntu Archive Automatic Signing Key rr r r r 0rwcCrk)Nz:Ubuntu CD Image Automatic Signing Key rvr r r r rw1rx)$rZ __future__rrHr%os.pathrOr-r4r(r#rrtypingrrrrNrr objectrr=rDrSrMrgrirjrlrmrtrZinitZ trusted_keyprintr r r r sB  -H