Allow auto import only for specific key

doc/zypper.8.txt

@@ -1787,8 +1787,8 @@ Repository Options: :: {nop}
 *--no-gpg-checks*::
 	Ignore GPG check failures and continue. If a GPG issue occurs when using this option zypper prints and logs a warning and automatically continues without interrupting the operation. Use this option with caution, as you can easily overlook security problems by using it. (see section *GPG checks*)
 
-*--gpg-auto-import-keys*::
-	If new repository signing key is found, do not ask what to do; trust and import it automatically. This option causes that the new key is imported also in non-interactive mode, where it would otherwise got rejected.
+*--gpg-auto-import-keys* _KEY_ID_::
+	If the specified repository signing key is found, do not ask what to do; trust and import it automatically. This option causes that the new key is imported also in non-interactive mode, where it would otherwise got rejected. The KEY_ID argument is optional; when left unspecified, any repository signing key which is found will be trusted and imported automatically. You can specify this option multiple times.
 
 *-p*, *--plus-repo* _URI_::
 	Use an additional repository for this operation. The repository aliased tmp# and named by the specified URI will be added for this operation and removed at the end. You can specify this option multiple times.

src/Config.cc

@@ -14,6 +14,7 @@ extern "C"
 #include <zypp/base/Logger.h>
 #include <zypp/base/Measure.h>
 #include <zypp/base/String.h>
+#include <zypp/base/StringV.h>
 #include <zypp/base/Exception.h>
 #include <zypp/ZConfig.h>
 
@@ -296,7 +297,6 @@ Config::Config()
   , non_interactive( false )
   , reboot_req_non_interactive( false )
   , no_gpg_checks( false )
-  , gpg_auto_import_keys( false )
   , machine_readable( false )
   , no_refresh( false )
   , no_cd( false )
@@ -559,16 +559,42 @@ std::vector<ZyppFlags::CommandGroup> Config::cliOptions()
               // translators: --no-gpg-checks
               _("Ignore GPG check failures and continue.")
         },
-        { "gpg-auto-import-keys", 0, ZyppFlags::NoArgument, std::move( ZyppFlags::BoolType( &gpg_auto_import_keys, ZyppFlags::StoreTrue ).
-              after( []() {
-                std::string warn = str::form(
-                  _("Turning on '%s'. New repository signing keys will be automatically imported!"),
-                  "--gpg-auto-import-keys");
-                Zypper::instance().out().warning( warn, Out::HIGH );
-                MIL << "gpg-auto-import-keys is on" << endl;
+        { "gpg-auto-import-keys", 0, ZyppFlags::OptionalArgument | ZyppFlags::Repeatable, std::move( ZyppFlags::GenericContainerType( gpg_auto_import_keys, ARG_KEY_ID, ",", "*" ).
+              after( [](const ZyppFlags::CommandOption &, const boost::optional<std::string> & arg) {
+                if (arg.has_value()) {
+                  std::vector<std::string> key_ids;
+                  strv::splitRx(*arg, ",", [&key_ids]( std::string_view key_id ) {
+                    if ( ! key_id.empty() )
+                      key_ids.push_back( std::string(key_id) );
+                  });
+
+                  for (const std::string& key_id : key_ids) {
+                    std::string warn = str::form(
+                        _("Turning on '%s' for key id '%s'. This signing key will be automatically imported if present!"),
+                        "--gpg-auto-import-keys",
+                        key_id.c_str());
+                    Zypper::instance().out().warning( warn, Out::HIGH );
+
+                    if (!PublicKeyData::isSafeKeyId(key_id)) {
+                      warn = str::form(
+                          _("Key id '%s' is not a secure key ID."),
+                          key_id.c_str());
+                      Zypper::instance().out().warning( warn, Out::NORMAL );
+                    }
+
+                    MIL << "gpg-auto-import-keys is on for " << key_id << endl;
+                  }
+                }
+                else {
+                  std::string warn = str::form(
+                      _("Turning on '%s'. New repository signing keys will be automatically imported!"),
+                      "--gpg-auto-import-keys");
+                  Zypper::instance().out().warning( warn, Out::HIGH );
+                  MIL << "gpg-auto-import-keys is on" << endl;
+                }
               })),
               // translators: --gpg-auto-import-keys
-              _("Automatically trust and import new repository signing keys.")
+              _("Automatically trust and import new repository signing keys. If one or more key IDs are provided, only those keys will be allowed to be trusted and imported. Note that 8-byte short IDs are considered insecure, but will be accepted for convenience.")
         },
         { "plus-repo", 'p', ZyppFlags::Repeatable | ZyppFlags::RequiredArgument, ZyppFlags::GenericContainerType( plusRepoFromCLI, ARG_URI ),
               // translators: --plus-repo, -p <URI>

src/Config.h

@@ -94,7 +94,7 @@ struct Config
   bool non_interactive;
   bool reboot_req_non_interactive;
   bool no_gpg_checks;
-  bool gpg_auto_import_keys;
+  std::vector<std::string> gpg_auto_import_keys;
   bool machine_readable;
   /** Whether to disable autorefresh. */
   bool no_refresh;

src/callbacks/keyring.h

@@ -261,27 +261,39 @@ namespace zypp
       {
         Zypper & zypper = Zypper::instance();
 
+        // if --gpg-auto-import-keys,  "*" is in _gopts.gpg_auto_import_keys. In this case, allow any key.
+        bool autoImportKey = std::find(_gopts.gpg_auto_import_keys.begin(), _gopts.gpg_auto_import_keys.end(), "*") != _gopts.gpg_auto_import_keys.end();
+
+        // if --gpg-auto-import-keys <KEY_ID>, acceptable key IDs are in _gopts.gpg_auto_import_keys.
+        if (!autoImportKey) {
+          autoImportKey = std::any_of(_gopts.gpg_auto_import_keys.begin(), _gopts.gpg_auto_import_keys.end(), [&key_r](const std::string& keyId) {
+            return key_r.providesKey(keyId);
+          });
+        }
+
+        bool autoTrustKey = _gopts.no_gpg_checks && canTrustTemporarily_r;
+
         std::ostringstream s;
         s << std::endl;
-        if (_gopts.gpg_auto_import_keys)
+        if (autoImportKey)
           s << _("Automatically importing the following key:") << std::endl;
-        else if ( _gopts.no_gpg_checks && canTrustTemporarily_r  )
+        else if (autoTrustKey)
           s << _("Automatically trusting the following key:") << std::endl;
         else
           s << _("New repository or package signing key received:") << std::endl;
 
         // gpg key info
         dumpKeyInfo( s << std::endl, key_r, context_r )  << std::endl;
 
-        // if --gpg-auto-import-keys or --no-gpg-checks print info and don't ask
-        if (_gopts.gpg_auto_import_keys)
+        // if --no-gpg-check enabled or --gpg-auto-import-keys enabled and applicable, print info and don't ask.
+        if (autoImportKey)
         {
           MIL << "Automatically importing key " << key_r << std::endl;
           zypper.out().info(s.str());
           hintFingerprint();
           return KeyRingReport::KEY_TRUST_AND_IMPORT;
         }
-        else if (_gopts.no_gpg_checks && canTrustTemporarily_r )
+        else if (autoTrustKey)
         {
           MIL << "Automatically trusting key " << key_r << std::endl;
           zypper.out().info(s.str());

src/utils/flags/flagtypes.h

@@ -112,9 +112,16 @@ template <>
 int argValueConvert ( const CommandOption &, const boost::optional<std::string> &in );
 
 template <template<typename ...> class Container, typename T >
-Value GenericContainerType  ( Container<T> &target_r, std::string hint = std::string(), const std::string sep = "" ) {
+Value GenericContainerType  ( Container<T> &target_r, std::string hint = std::string(), const std::string &sep = "", const std::string &defaultVal = std::string() ) {
+  DefValueFun defValueFun;
+  if (!defaultVal.empty()) {
+    defValueFun = [defaultVal]() { return boost::optional<std::string>(defaultVal); };
+  }
+  else {
+    defValueFun = noDefaultValue;
+  }
   return Value (
-    noDefaultValue,
+    std::move( defValueFun ),
     [ &target_r, sep ] ( const CommandOption &opt, const boost::optional<std::string> &in ) {
       if ( !in ) ZYPP_THROW(MissingArgumentException(opt.name)); //value required
 

src/utils/flags/zyppflags.h

@@ -48,6 +48,8 @@
 // translator: Option argument like '--export <FILE.repo>'. Do do not translate lowercase wordparts
 #define ARG_URI                _( "URI" )
 // translator: Option argument like '--export <FILE.repo>'. Do do not translate lowercase wordparts
+#define ARG_KEY_ID             _( "KEY_ID" )
+// translator: Option argument like '--export <FILE.repo>'. Do do not translate lowercase wordparts
 #define ARG_YYYY_MM_DD         _( "YYYY-MM-DD" )
 // translator: Option argument like '--export <FILE.repo>'. Do do not translate lowercase wordparts
 #define ARG_MODE               _( "MODE" )