diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2017-08-01 15:22:09 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2017-10-05 17:30:25 +0200 |
| commit | 012932793ba0ea9398a9acd80593bed8e77cfbfc (patch) | |
| tree | dadc8fac126a1e23a5e81b9a4a0d2bbce0a17922 /cmdline/apt-key.in | |
| parent | 19e525aac9a802f452100884fa142c5dc68b2db6 (diff) | |
ignore unsupported key formats in apt-key
gpg2 generates keyboxes by default and users end up putting either those
or armored files into the trusted.gpg.d directory which apt tools
neither expect nor can really work with without fortifying backward
compatibility (at least under the ".gpg" extension).
A (short) discussion about how to deal with keyboxes happened in
https://lists.debian.org/deity/2017/07/msg00083.html
As the last message in that thread is this changeset lets go ahead
with it and see how it turns out.
The idea is here simply that we check the first octal of a gpg file to
have one of three accepted values. Testing on my machines has always
produced just one of these, but running into those values on invalid
files is reasonabily unlikely to not worry too much.
Closes: #876508
Diffstat (limited to 'cmdline/apt-key.in')
| -rw-r--r-- | cmdline/apt-key.in | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 723af06ff..5bc5462d2 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -249,6 +249,34 @@ accessible_file_exists() { return 1 } +is_supported_keyring() { + # empty files are always supported + if ! test -s "$1"; then + return 0 + fi + local FILEEXT="${1##*.}" + if [ "$FILEEXT" = 'gpg' ]; then + # 0x98, 0x99 and 0xC6 via octal as hex isn't supported by dashs printf + if printf '\231' | cmp --silent --bytes=1 - "$1"; then + true + elif printf '\230' | cmp --silent --bytes=1 - "$1"; then + true + elif printf '\306' | cmp --silent --bytes=1 - "$1"; then + true + else + apt_warn "The key(s) in the keyring $1 are ignored as the file has an unsupported filetype." + return 1 + fi + elif [ "$FILEEXT" = 'asc' ]; then + true #dearmor_filename will deal with them + else + # most callers ignore unsupported extensions silently + apt_warn "The key(s) in the keyring $1 are ignored as the file has an unsupported filename extension." + return 1 + fi + return 0 +} + foreach_keyring_do() { local ACTION="$1" shift @@ -257,7 +285,7 @@ foreach_keyring_do() { $ACTION "$TRUSTEDFILE" "$@" else # otherwise all known keyrings are up for inspection - if accessible_file_exists "$TRUSTEDFILE"; then + if accessible_file_exists "$TRUSTEDFILE" && is_supported_keyring "$TRUSTEDFILE"; then $ACTION "$TRUSTEDFILE" "$@" fi local TRUSTEDPARTS="/etc/apt/trusted.gpg.d" @@ -266,7 +294,7 @@ foreach_keyring_do() { TRUSTEDPARTS="$(readlink -f "$TRUSTEDPARTS")" local TRUSTEDPARTSLIST="$(cd /; find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 \( -name '*.gpg' -o -name '*.asc' \))" for trusted in $(echo "$TRUSTEDPARTSLIST" | sort); do - if accessible_file_exists "$trusted"; then + if accessible_file_exists "$trusted" && is_supported_keyring "$trusted"; then $ACTION "$trusted" "$@" fi done |