2019-05-25 13:58:39 +00:00
|
|
|
#!/bin/sh -e
|
|
|
|
|
|
|
|
__package gnupg
|
|
|
|
|
2021-05-10 10:08:22 +00:00
|
|
|
state_should="$(cat "${__object}/parameter/state")"
|
|
|
|
|
|
|
|
incompatible_args()
|
|
|
|
{
|
|
|
|
cat >> /dev/stderr <<-EOF
|
|
|
|
This type does not support --${1} and --${method} simultaneously.
|
|
|
|
EOF
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
if [ -f "${__object}/parameter/source" ]; then
|
|
|
|
method="source"
|
|
|
|
src="$(cat "${__object}/parameter/source")"
|
|
|
|
if [ "${src}" = "-" ]; then
|
|
|
|
src="${__object}/stdin"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ -f "${__object}/parameter/uri" ]; then
|
|
|
|
if [ -n "${method}" ]; then
|
|
|
|
incompatible_args uri
|
|
|
|
fi
|
|
|
|
method="uri"
|
|
|
|
src="$(cat "${__object}/parameter/uri")"
|
|
|
|
fi
|
|
|
|
if [ -f "${__object}/parameter/keyid" ]; then
|
|
|
|
if [ -n "${method}" ]; then
|
|
|
|
incompatible_args keyid
|
|
|
|
fi
|
|
|
|
method="keyid"
|
|
|
|
fi
|
|
|
|
# Keep old default
|
|
|
|
if [ -z "${method}" ]; then
|
|
|
|
method="keyid"
|
|
|
|
fi
|
|
|
|
# Save this for later in gencode-remote
|
|
|
|
echo "${method}" > "${__object}/key_method"
|
|
|
|
|
|
|
|
# Required remotely (most likely already installed)
|
|
|
|
__package dirmngr
|
|
|
|
# We need this in case a key has to be dearmor'd
|
|
|
|
__package gnupg
|
|
|
|
export require="__package/gnupg"
|
|
|
|
|
|
|
|
if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then
|
|
|
|
# This is required if apt-key(8) is to be used
|
|
|
|
if [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
|
|
|
|
incompatible_args use-deprecated-apt-key
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
if [ "${state_should}" = "absent" ] && \
|
|
|
|
[ -f "${__object}/parameter/keyid" ]; then
|
|
|
|
cat >> /dev/stderr <<EOF
|
|
|
|
You can't reliably remove by keyid without --use-deprecated-apt-key.
|
|
|
|
This would very likely do something you do not intend.
|
|
|
|
EOF
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
keydir="$(cat "${__object}/parameter/keydir")"
|
|
|
|
keyfile="${keydir}/${__object_id}.gpg"
|
|
|
|
keyfilecdist="${keyfile}.cdist"
|
|
|
|
if [ "${state_should}" != "absent" ]; then
|
|
|
|
# Ensure keydir exists
|
|
|
|
__directory "${keydir}" --state exists --mode 0755
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "${state_should}" = "absent" ]; then
|
|
|
|
__file "${keyfile}" --state "absent"
|
|
|
|
__file "${keyfilecdist}" --state "absent"
|
|
|
|
elif [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then
|
|
|
|
dearmor="$(cat <<-EOF
|
|
|
|
if [ '${state_should}' = 'present' ]; then
|
|
|
|
# Dearmor if necessary
|
|
|
|
if grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK' '${keyfilecdist}'; then
|
|
|
|
gpg --dearmor < '${keyfilecdist}' > '${keyfile}'
|
|
|
|
else
|
|
|
|
cp '${keyfilecdist}' '${keyfile}'
|
|
|
|
fi
|
|
|
|
# Ensure permissions
|
|
|
|
chown root '${keyfile}'
|
|
|
|
chmod 0444 '${keyfile}'
|
|
|
|
fi
|
|
|
|
EOF
|
|
|
|
)"
|
|
|
|
|
|
|
|
if [ "${method}" = "uri" ]; then
|
|
|
|
__download "${keyfilecdist}" \
|
|
|
|
--url "${src}" \
|
|
|
|
--onchange "${dearmor}"
|
|
|
|
require="__download${keyfilecdist}" \
|
|
|
|
__file "${keyfile}" \
|
|
|
|
--owner root \
|
|
|
|
--mode 0444 \
|
|
|
|
--state pre-exists
|
|
|
|
else
|
|
|
|
__file "${keyfilecdist}" --state "${state_should}" \
|
|
|
|
--mode 0444 \
|
|
|
|
--source "${src}" \
|
|
|
|
--onchange "${dearmor}"
|
|
|
|
fi
|
2019-05-25 13:58:39 +00:00
|
|
|
fi
|