\ey(dZddlZddlZddlZddlZddlZddlZddlZddlZddlm Z Gdde Z Gdde Z Gdd Zd ed edzd efd Zded dfdZdeded dfdZdededed dfdZded dfdZded dfdZded efdZd efdZd efdZd eefdZedk(r,ddej8eD] Zee yy) z4Handle GnuPG keys used to trust signed repositories.N)gettextc eZdZy) AptKeyErrorN)__name__ __module__ __qualname__*/usr/lib/python3/dist-packages/apt/auth.pyrr&sr rceZdZdZy)AptKeyIDTooShortErrorz!Internal class do not rely on it.N)rrr__doc__r r r r r *s+r r c4eZdZdZdedededdfdZdefdZy) TrustedKeyzRepresents a trusted key.namekeyiddatereturnNcN||_t||_||_||_y)N)raw_name_rrr)selfrrrs r __init__zTrustedKey.__init__2s" dG   r cR|jd|jd|jS)N  )rrr)rs r __str__zTrustedKey.__str__9s%))Btzzl!DII;77r )rrrrstrrrr r r rr.s2#SCD88r rargskwargsrc d}tjjddg}|j|tj j }d|d<d|d< tjjdd k7rrtjd d }|jtjjjd |j|j|d<tj ||dtj"tj"tj"}|j%dd}|j'|\}}|j(r0t+d|j(ddj-|d|d||rt.j0j||j3||j5SS#||j5wwxYw)z0Run the apt-key script with the given arguments.NzDir::Bin::Apt-Keyz/usr/bin/apt-keyCLANG1$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGEDir/zapt-keyz.conf)prefixsuffixzUTF-8 APT_CONFIGT)envuniversal_newlinesstdinstdoutstderrr-z+The apt-key script failed with return code z: rz stdout: z stderr: )apt_pkgconfig find_fileextendosenvironcopyfind_dirtempfileNamedTemporaryFilewritedumpencodeflushr subprocessPopenPIPEget communicate returncoderjoinsysr/stripclose) rr confcmdr+procr-outputr/s r _call_apt_key_scriptrL=s D >> # #$79K L MCJJt **// CCK25C./$ >> " "5 )S 0 ..iPD JJw~~**,33G< = JJL $ C  #//????   7D)))%0 ??!%#P   JJ  V $||~   JJL 4  JJL s E+GG2filenamectjj|std|ztj|tj std|zt d|y)zImport a GnuPG key file to trust repositores signed by it. Keyword arguments: filename -- the absolute path to the public GnuPG key file z An absolute path is required: %szKey file cannot be accessed: %saddN)r4pathabspathraccessR_OKrL)rMs r add_key_from_filerTlsR 77??8 $.onerrors-(1+w/HQK4E4E4U r )r_) r8mkdtemp_add_key_from_keyserver Exceptionobjectrtupletypeshutilrmtree)rrUtmp_keyring_dirr_s r add_key_from_keyserverriys&&(O8y/B    # /4T9f5L/M     ow7      # /4T9f5L/M     ow7s A&& A11A44AB7rhc t|jddjdddkr tdtjj |d}tjj |d}dd d d |g}t j|d |d |d|d|gz}|dk7rtd|d|dtjj |d}t j|d |d|d|gz}|dk7r td|t j|d |ddddgzt jdjd}d} |jD])} | jds| jdd } n|jddj} | | k7rtd|d| dt!|y)!Nr0xgD@z,Only fingerprints (v4, 160bit) are supportedz secring.gpgz pubring.gpggpgz--no-default-keyringz --no-optionsz --homedirz--secret-keyringz --keyringz --keyserverz--recvrz recv from 'z' failed for ''zexport-keyring.gpgz--outputz--exportzexport of '%s' failedz --fingerprint--batch--fixed-list-mode --with-colonsT)r.r,zfpr:: )lenreplacer r4rPrDr>callrr?r@rB splitlines startswithsplitupperrT) rrUrhtmp_secret_keyring tmp_keyringgpg_default_optionsrestmp_export_keyringrKgot_fingerprintlinesigning_key_fingerprints r raras  5==b ! ) )$ 34@#$RSSo}E'',, >K   //           C axK {.qIJJo7KL //          C ax1599            kmA FO!!# ??6 ""jjoa0O  $mmD"5;;=11)N3J2K1 M  ()r contentc&tddddd|y)zImport a GnuPG key to trust repositores signed by it. Keyword arguments: content -- the content of the GnuPG public key advz--quietroz--import-)r-NrL)rs r add_keyrs  9j#WUr fingerprintctd|y)zRemove a GnuPG key to no longer trust repositores signed by it. Keyword arguments: fingerprint -- the fingerprint identifying the key rmNrrs r remove_keyrs {+r ctd|S)zxReturn the GnuPG key in text format. Keyword arguments: fingerprint -- the fingerprint identifying the key exportrrs r export_keyrs + 66r ctdS)aUpdate the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The archive keyring is shipped in the archive-keyring package of your distribution, e.g. the debian-archive-keyring package in Debian. updaterr r r rrs  ))r ctdS)ayWork similar to the update command above, but get the archive keyring from an URI instead and validate it against a master key. This requires an installed wget(1) and an APT build configured to have a server to fetch from and a master keyring to validate. APT in Debian does not support this command and relies on update instead, but Ubuntu's APT does. z net-updaterr r r net_updaters --r ctddddd}g}|jdD]Q}|jd}|dd k(r|d }|dd k(s*|d }|d }t||}|j|S|S)zaReturns a list of TrustedKey instances for each key which is used to trust repositories. rrqrorpz --list-keysrrrrpubuidrs)rLryrappend)rKr~rfieldsrr creation_datekeys r list_keysrs "  +> F C T"C !9 1IE !9 )C"1IMS%7C JJsO Jr __main__ctdS)Nz;Ubuntu Archive Automatic Signing Key rr r r r2s AK Lr ctdS)Nz:Ubuntu CD Image Automatic Signing Key rr r r rr3s AJ Kr )rr]r4os.pathrfr>rEr8r0rrrbrr rrrLrTrirarrrrrlistrrinit trusted_keyprintr r r rs\0;     ) ,K, 8 8,,sTz,c,^ * * *8#8#8$84T*3T*3T*T*QUT*nVSVTV,C,D,7C7C7**.C.4 #, zMKGLLN {  kr