o 4fg)@s,dZddlmZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZmZmZGdddeZGdd d eZGd d d eZd d ZddZddZddZddZddZddZddZddZddZe d krd!d"d#d"e !eD]Z"e#e"qdSdS)$z4Handle GnuPG keys used to trust signed repositories.)print_functionN)gettext)ListOptionalTuplec@s eZdZdS) AptKeyErrorN)__name__ __module__ __qualname__r r */usr/lib/python3/dist-packages/apt/auth.pyr+src@seZdZdZdS)AptKeyIDTooShortErrorz!Internal class do not rely on it.N)rr r __doc__r r r r r /sr c@s eZdZdZddZddZdS) TrustedKeyzRepresents a trusted key.cCs ||_t||_||_||_dS)N)raw_name_namekeyiddate)selfrrrr r r __init__7s  zTrustedKey.__init__cCsd|j|j|jfS)Nz%s %s %s)rrr)rr r r __str__?szTrustedKey.__str__N)rr r rrrr r r r r3s rc Osd}tjddg}||tj}d|d<d|d<zetjdd kr@tj d d d }| tj d | |j|d<tj||dtjtjtjd}|dd}||\}}|jrltd|jd|||f|rttj ||W|dur|SS|dur|ww)z0Run the apt-key script with the given arguments.NzDir::Bin::Apt-Keyz/usr/bin/apt-keyCLANG1$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGEDir/zapt-keyz.conf)prefixsuffixzUTF-8 APT_CONFIGT)envuniversal_newlinesstdinstdoutstderrr#zGThe apt-key script failed with return code %s: %s stdout: %s stderr: %s )apt_pkgconfig find_fileextendosenvironcopyfind_dirtempfileNamedTemporaryFilewritedumpencodeflushr subprocessPopenPIPEget communicate returncoderjoinsysr%stripclose) argskwargsconfcmdr!procr#outputr%r r r _call_apt_key_scriptDsH        rEcCs@tj|s td|t|tjstd|td|dS)zImport a GnuPG key file to trust repositores signed by it. Keyword arguments: filename -- the absolute path to the public GnuPG key file z An absolute path is required: %szKey file cannot be accessed: %saddN)r+pathabspathraccessR_OKrE)filenamer r r add_key_from_fileqs   rLc Cs`t}zzt|||WntywWdd}tj||ddSdd}tj||dw)zImport a GnuPG key file to trust repositores signed by it. Keyword arguments: keyid -- the long keyid (fingerprint) of the key, e.g. A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553 keyserver -- the URL or hostname of the key server cSs$t|dtr|djtjkrdS)N) isinstanceOSErrorerrnoENOENT)funcrGexc_infor r r onerrorsz'add_key_from_keyserver..onerror)rTN)r/mkdtemp_add_key_from_keyserver Exceptionshutilrmtree)r keyservertmp_keyring_dirrTr r r add_key_from_keyservers  r\c CsJt|dddddkrtdtj|d}tj|d}dd d d |g}t|d |d |d|d|g}|dkrBtd||ftj|d}t|d |d|d|g}|dkr_td|tj |d |ddddgtj dd d}d} | D]} | dr| dd} nqz|dd} | | krtd|| ft|dS)Nr&0xgD@z,Only fingerprints (v4, 160bit) are supportedz secring.gpgz pubring.gpggpgz--no-default-keyringz --no-optionsz --homedirz--secret-keyringz --keyringz --keyserverz--recvrzrecv from '%s' failed for '%s'zexport-keyring.gpgz--outputz--exportzexport of '%s' failedz --fingerprint--batch--fixed-list-mode --with-colonsT)r$r"zfpr:: )lenreplacer r+rGr;r5callrr6r7r9 splitlines startswithsplitupperrL) rrZr[tmp_secret_keyring tmp_keyringgpg_default_optionsrestmp_export_keyringrDgot_fingerprintlinesigning_key_fingerprintr r r rVsn      rVcCstddddd|ddS)zImport a GnuPG key to trust repositores signed by it. Keyword arguments: content -- the content of the GnuPG public key advz--quietr`z--import-)r#NrE)contentr r r add_keys rxcCstd|dS)zRemove a GnuPG key to no longer trust repositores signed by it. Keyword arguments: fingerprint -- the fingerprint identifying the key rmNrv fingerprintr r r remove_keysr|cCs td|S)zxReturn the GnuPG key in text format. Keyword arguments: fingerprint -- the fingerprint identifying the key exportrvrzr r r export_keys r~cCtdS)aUpdate the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The archive keyring is shipped in the archive-keyring package of your distribution, e.g. the debian-archive-keyring package in Debian. updatervr r r r rsrcCr)ayWork similar to the update command above, but get the archive keyring from an URI instead and validate it against a master key. This requires an installed wget(1) and an APT build configured to have a server to fetch from and a master keyring to validate. APT in Debian does not support this command and relies on update instead, but Ubuntu's APT does. z net-updatervr r r r net_update s rcCsxtddddd}g}|dD]*}|d}|dd kr |d }|dd kr9|d }|d }t|||}||q|S)zaReturns a list of TrustedKey instances for each key which is used to trust repositories. rtrbr`raz --list-keys rcrpubuidrd)rErjrappend)rDrorrfieldsrr creation_datekeyr r r list_keyss     r__main__cCr)Nz;Ubuntu Archive Automatic Signing Key rr r r r 0rcCr)Nz:Ubuntu CD Image Automatic Signing Key rr r r r r1r)$r __future__rrPr+os.pathrXr5r<r/r'rrtypingrrrrWrr objectrrErLr\rVrxr|r~rrrrinit trusted_keyprintr r r r sB  -H