From bdceee53d036671377da185c8c21833773e011e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexis=20M=C3=A9taireau?= <alexis@freedom.press>
Date: Mon, 3 Mar 2025 12:58:27 +0100
Subject: [PATCH] Add a `dangerzone-image store-signature` CLI command

This can be useful when signatures are missing from the system, for an
already present image, and can be used as a way to fix user issues.
---
 dangerzone/updater/cli.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/dangerzone/updater/cli.py b/dangerzone/updater/cli.py
index ede57d8..ee0915b 100644
--- a/dangerzone/updater/cli.py
+++ b/dangerzone/updater/cli.py
@@ -42,6 +42,17 @@ def upgrade(image: str, pubkey: str) -> None:
         raise click.Abort()
 
 
+@main.command()
+@click.argument("image", default=DEFAULT_IMAGE_NAME)
+@click.option("--pubkey", default=signatures.DEFAULT_PUBKEY_LOCATION)
+def store_signatures(image: str, pubkey: str) -> None:
+    manifest_digest = registry.get_manifest_digest(image)
+    sigs = signatures.get_remote_signatures(image, manifest_digest)
+    signatures.verify_signatures(sigs, manifest_digest, pubkey)
+    signatures.store_signatures(sigs, manifest_digest, pubkey, update_logindex=False)
+    click.echo(f"✅ Signatures has been verified and stored locally")
+
+
 @main.command()
 @click.argument("image_filename")
 @click.option("--pubkey", default=signatures.DEFAULT_PUBKEY_LOCATION)