@@ -35,6 +35,14 @@ import (
3535)
3636
3737func cmdInit (ctx context.Context , bucket * blob.Bucket , dist distribution , keyID string ) error {
38+ if keyID == "" {
39+ if signed , err := isDistributionSigned (ctx , bucket , dist ); err != nil {
40+ return err
41+ } else if signed {
42+ return errors .New ("distribution is signed but key ID not provided" )
43+ }
44+ }
45+
3846 fmt .Fprintln (os .Stderr , "aptblob: reading Release from stdin..." )
3947 newRelease , err := deb .ParseReleaseIndex (os .Stdin )
4048 if err != nil {
@@ -76,6 +84,14 @@ func downloadReleaseIndex(ctx context.Context, bucket *blob.Bucket, dist distrib
7684}
7785
7886func cmdUpload (ctx context.Context , bucket * blob.Bucket , comp component , keyID string , paths []string ) error {
87+ if keyID == "" {
88+ if signed , err := isDistributionSigned (ctx , bucket , comp .dist ); err != nil {
89+ return err
90+ } else if signed {
91+ return errors .New ("distribution is signed but key ID not provided" )
92+ }
93+ }
94+
7995 release , err := downloadReleaseIndex (ctx , bucket , comp .dist )
8096 if err != nil {
8197 return err
@@ -301,6 +317,21 @@ func updateSignature(para *deb.Paragraph, key string, newSigs ...deb.IndexSignat
301317 return nil
302318}
303319
320+ func isDistributionSigned (ctx context.Context , bucket * blob.Bucket , dist distribution ) (bool , error ) {
321+ exists , err := bucket .Exists (ctx , dist .indexSignaturePath ())
322+ if err != nil {
323+ return false , fmt .Errorf ("check distribution signature: %w" , err )
324+ }
325+ if exists {
326+ return true , nil
327+ }
328+ exists , err = bucket .Exists (ctx , dist .signedIndexPath ())
329+ if err != nil {
330+ return false , err
331+ }
332+ return exists , nil
333+ }
334+
304335func main () {
305336 rootCmd := & cobra.Command {
306337 Use : "aptblob" ,
0 commit comments