xkd)pdZddlmZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZmZmZGddeZGdd eZGd d eZd Zd ZdZdZdZdZdZdZdZdZe dkr-dde j!eD]Z"e#e"dSdS)z4Handle GnuPG keys used to trust signed repositories.)print_functionN)gettext)ListOptionalTupleceZdZdS) AptKeyErrorN)__name__ __module__ __qualname__*/usr/lib/python3/dist-packages/apt/auth.pyr r +sDrr ceZdZdZdS)AptKeyIDTooShortErrorz!Internal class do not rely on it.N)r r r __doc__r rrrr/s++++rrceZdZdZdZdZdS) TrustedKeyzRepresents a trusted key.cX||_t||_||_||_dS)N)raw_name_namekeyiddate)selfrrrs r__init__zTrustedKey.__init__7s( dGG   rc4|jd|jd|jS)N  )rrr)rs r__str__zTrustedKey.__str__?s"iiiTYY??rN)r r r rrr r rrrr3s=##@@@@@rrc  d}tjddg}||tj}d|d<d|d< tjdd krxtj d d }| tj d | |j|d<tj||dtjtjtj}|dd}||\}}|jr3t+d|jdd|d|d||rt.j ||||SS#||wwxYw)z0Run the apt-key script with the given arguments.NzDir::Bin::Apt-Keyz/usr/bin/apt-keyCLANG1$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGEDir/zapt-keyz.conf)prefixsuffixzUTF-8 APT_CONFIGT)envuniversal_newlinesstdinstdoutstderrr-z+The apt-key script failed with return code z: rz stdout: z stderr: )apt_pkgconfig find_fileextendosenvironcopyfind_dirtempfileNamedTemporaryFilewritedumpencodeflushr subprocessPopenPIPEget communicate returncoder joinsysr/stripclose) argskwargsconfcmdr+procr-outputr/s r_call_apt_key_scriptrNDs D > # #$79K L L MCJJt *//  CCK25C./$ > " "5 ) )S 0 0 .iPPPD JJw~**,,33G<< = = = JJLLL $ C  #/??     7D))))%00 ? %+!%#P   % J  V $ $ $||~~   JJLLLL 4  JJLLLL s "E/G))Hctj|std|ztj|tjstd|zt d|dS)zImport a GnuPG key file to trust repositores signed by it. Keyword arguments: filename -- the absolute path to the public GnuPG key file z An absolute path is required: %szKey file cannot be accessed: %saddN)r4pathabspathr accessR_OKrN)filenames radd_key_from_filerVtsp 7??8 $ $I.onerrors3(1+w// HQK4E4U4U r)r`N)r8mkdtemp_add_key_from_keyserver Exceptionshutilrmtree)r keyservertmp_keyring_dirr`s radd_key_from_keyserverrhs&((O 8y/BBBB   C      ow777777      ow77777s'A 3AA-c t|dddddkrtdtj|d}tj|d}dd d d |g}t j|d |d |d|d|gz}|dkrtd|d|dtj|d}t j|d |d|d|gz}|dkrtd|t j |d |ddddgzt j d d}d} | D]4} | dr| dd } n5|dd} | | krtd|d| dt!|dS)!Nr0xgD@z,Only fingerprints (v4, 160bit) are supportedz secring.gpgz pubring.gpggpgz--no-default-keyringz --no-optionsz --homedirz--secret-keyringz --keyringz --keyserverz--recvrz recv from 'z' failed for ''zexport-keyring.gpgz--outputz--exportzexport of '%s' failedz --fingerprint--batch--fixed-list-mode --with-colonsT)r.r,zfpr:: )lenreplacerr4rQrDr>callr r?r@rB splitlines startswithsplitupperrV) rrfrgtmp_secret_keyring tmp_keyringgpg_default_optionsrestmp_export_keyringrMgot_fingerprintlinesigning_key_fingerprints rrbrbsa 5==b ! ! ) )$ 3 344@@#$RSSSo}EE',, >>K   /            C axxkiiiOPPPo7KLL /           C axx15999             kmmA FO!!## ??6 " " "jjooa0O E  $mmD"55;;==111k09 ;R;R;R S   ()))))rc0tddddd|dS)zImport a GnuPG key to trust repositores signed by it. Keyword arguments: content -- the content of the GnuPG public key advz--quietrnz--import-)r-NrN)contents radd_keyrs% 9j#WUUUUUUrc&td|dS)zRemove a GnuPG key to no longer trust repositores signed by it. Keyword arguments: fingerprint -- the fingerprint identifying the key rmNr fingerprints r remove_keyrs{+++++rc"td|S)zxReturn the GnuPG key in text format. Keyword arguments: fingerprint -- the fingerprint identifying the key exportrrs r export_keyrs + 6 66rc tdS)aUpdate the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The archive keyring is shipped in the archive-keyring package of your distribution, e.g. the debian-archive-keyring package in Debian. updaterr rrrrs  ) ))rc tdS)ayWork similar to the update command above, but get the archive keyring from an URI instead and validate it against a master key. This requires an installed wget(1) and an APT build configured to have a server to fetch from and a master keyring to validate. APT in Debian does not support this command and relies on update instead, but Ubuntu's APT does. z net-updaterr rr net_updaters - --rc6tddddd}g}|dD]m}|d}|dd kr|d }|dd kr6|d }|d }t|||}||n|S)zaReturns a list of TrustedKey instances for each key which is used to trust repositories. rrprnroz --list-keysrrqrpubuidrr)rNrxrappend)rMr}rfieldsrr creation_datekeys r list_keysr(s"  +> F C T""C !9  1IE !9  )C"1IMS%77C JJsOOO Jr__main__c tdS)Nz;Ubuntu Archive Automatic Signing Key rr rrrBsAK L Lrc tdS)Nz:Ubuntu CD Image Automatic Signing Key rr rrrrCsAJ K Kr)$r __future__rr\r4os.pathrdr>rEr8r0rrtypingrrrrcr robjectrrNrVrhrbrrrrrrr init trusted_keyprintr rrrs'2;:%%%%%%    ((((((((((     )   ,,,,,K,,,@@@@@@@@"---` * * *8884U*U*U*pVVV,,,777*** . . .. zMLLKKKGLNNN y{{  kr