1 files changed, 18 insertions, 12 deletions

diff --git a/src/trust.c b/src/trust.c
index 5e2a956..c65377d 100644
--- a/src/trust.c
+++ b/src/trust.c
@@ -32,21 +32,19 @@ static int __apk_trust_load_pubkey(void *pctx, int dirfd, const char *filename)
 	return 0;
 }
 
-int apk_trust_init(struct apk_trust *trust, int dirfd, struct apk_string_array *pkey_files)
+void apk_trust_init(struct apk_trust *trust)
 {
-	char **fn;
-
 	*trust = (struct apk_trust){};
 	apk_digest_ctx_init(&trust->dctx, APK_DIGEST_NONE);
 	list_init(&trust->trusted_key_list);
 	list_init(&trust->private_key_list);
-	trust->initialized = 1;
-	apk_dir_foreach_file(dirfd, __apk_trust_load_pubkey, trust);
+}
 
-	foreach_array_item(fn, pkey_files) {
-		struct apk_trust_key *key = apk_trust_load_key(AT_FDCWD, *fn);
-		if (IS_ERR(key)) return PTR_ERR(key);
-		list_add_tail(&key->key_node, &trust->private_key_list);
+int apk_trust_load_keys(struct apk_trust *trust, int dirfd)
+{
+	if (!trust->keys_loaded) {
+		trust->keys_loaded = 1;
+		apk_dir_foreach_file(dirfd, __apk_trust_load_pubkey, trust);
 	}
 
 	return 0;
@@ -66,8 +64,6 @@ static void __apk_trust_free_keys(struct list_head *h)
 
 void apk_trust_free(struct apk_trust *trust)
 {
-	if (!trust->initialized) return;
-	trust->initialized = 0;
 	__apk_trust_free_keys(&trust->trusted_key_list);
 	__apk_trust_free_keys(&trust->private_key_list);
 	apk_digest_ctx_free(&trust->dctx);
@@ -95,9 +91,19 @@ APK_OPT_GROUP(options_signing, "Signing", SIGNING_OPTIONS);
 
 static int option_parse_signing(void *ctx, struct apk_ctx *ac, int optch, const char *optarg)
 {
+	struct apk_trust *trust = &ac->trust;
+	struct apk_out *out = &ac->out;
+	struct apk_trust_key *key;
+
 	switch (optch) {
 	case OPT_SIGN_sign_key:
-		*apk_string_array_add(&ac->private_keys) = (char*) optarg;
+		key = apk_trust_load_key(AT_FDCWD, optarg);
+		if (IS_ERR(key)) {
+			apk_err(out, "Failed to load signing key: %s: %s",
+				optarg, apk_error_str(PTR_ERR(key)));
+			return PTR_ERR(key);
+		}
+		list_add_tail(&key->key_node, &trust->private_key_list);
 		break;
 	default:
 		return -ENOTSUP;