diff options
| -rw-r--r-- | cmdline/apt-key.in | 32 | ||||
| -rw-r--r-- | test/integration/framework | 6 | ||||
| -rwxr-xr-x | test/integration/test-apt-key | 101 |
3 files changed, 96 insertions, 43 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 723af06ff..5bc5462d2 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -249,6 +249,34 @@ accessible_file_exists() { return 1 } +is_supported_keyring() { + # empty files are always supported + if ! test -s "$1"; then + return 0 + fi + local FILEEXT="${1##*.}" + if [ "$FILEEXT" = 'gpg' ]; then + # 0x98, 0x99 and 0xC6 via octal as hex isn't supported by dashs printf + if printf '\231' | cmp --silent --bytes=1 - "$1"; then + true + elif printf '\230' | cmp --silent --bytes=1 - "$1"; then + true + elif printf '\306' | cmp --silent --bytes=1 - "$1"; then + true + else + apt_warn "The key(s) in the keyring $1 are ignored as the file has an unsupported filetype." + return 1 + fi + elif [ "$FILEEXT" = 'asc' ]; then + true #dearmor_filename will deal with them + else + # most callers ignore unsupported extensions silently + apt_warn "The key(s) in the keyring $1 are ignored as the file has an unsupported filename extension." + return 1 + fi + return 0 +} + foreach_keyring_do() { local ACTION="$1" shift @@ -257,7 +285,7 @@ foreach_keyring_do() { $ACTION "$TRUSTEDFILE" "$@" else # otherwise all known keyrings are up for inspection - if accessible_file_exists "$TRUSTEDFILE"; then + if accessible_file_exists "$TRUSTEDFILE" && is_supported_keyring "$TRUSTEDFILE"; then $ACTION "$TRUSTEDFILE" "$@" fi local TRUSTEDPARTS="/etc/apt/trusted.gpg.d" @@ -266,7 +294,7 @@ foreach_keyring_do() { TRUSTEDPARTS="$(readlink -f "$TRUSTEDPARTS")" local TRUSTEDPARTSLIST="$(cd /; find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 \( -name '*.gpg' -o -name '*.asc' \))" for trusted in $(echo "$TRUSTEDPARTSLIST" | sort); do - if accessible_file_exists "$trusted"; then + if accessible_file_exists "$trusted" && is_supported_keyring "$trusted"; then $ACTION "$trusted" "$@" fi done diff --git a/test/integration/framework b/test/integration/framework index 391cc53a1..701aa60b0 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1497,6 +1497,10 @@ testempty() { aptautotest 'testempty' "$@" msggroup } +testwarningempty() { + testwarning "$@" + testfailure grep -v '^W:' "${ROOTDIR}/tmp/testwarning.output" +} testnotempty() { msggroup 'testnotempty' msgtest "Test for some output of" "$*" @@ -1967,7 +1971,7 @@ mapkeynametokeyid() { } testaptkeys() { local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/aptkeylist.output" - if ! aptkey list --with-colon | grep '^pub' | cut -d':' -f 5 > "$OUTPUT"; then + if ! aptkey list --with-colon 2>/dev/null | grep '^pub' | cut -d':' -f 5 > "$OUTPUT"; then echo -n > "$OUTPUT" fi testfileequal "$OUTPUT" "$(mapkeynametokeyid "$@")" diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 13afff995..1e2c8362b 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -33,14 +33,17 @@ testaptkeyskeyring() { local KEYRING="$1" shift local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/aptkeylistkeyring.output" - if ! aptkey --keyring "$KEYRING" list --with-colon | grep '^pub' | cut -d':' -f 5 > "$OUTPUT"; then + if ! aptkey --keyring "$KEYRING" list --with-colon 2>/dev/null | grep '^pub' | cut -d':' -f 5 > "$OUTPUT"; then echo -n > "$OUTPUT" fi testfileequal "$OUTPUT" "$(mapkeynametokeyid "$@")" } - +testsuccessempty() { + testempty "$@" +} testrun() { local EXT="${1:-gpg}" + local TESTSTATE="${2:-testsuccess}" echo "APT::Key::ArchiveKeyring \"${KEYDIR}/joesixpack.pub.gpg\"; APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub.gpg\";" > "${ROOTDIR}/etc/apt/apt.conf.d/aptkey.conf" @@ -48,40 +51,46 @@ APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub.gpg\";" > "${ROOTDIR}/etc/apt/a ln -sf "$(readlink -f "${KEYDIR}/joesixpack.pub.${EXT}")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" testaptkeys 'Joe Sixpack' - testsuccess aptkey list + ${TESTSTATE} aptkey list msgtest 'Check that paths in list output are not' 'double-slashed' - testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output" + testfailure --nomsg grep '//' "${ROOTDIR}/tmp/${TESTSTATE}.output" - testsuccess aptkey finger + ${TESTSTATE} aptkey finger msgtest 'Check that paths in finger output are not' 'double-slashed' - testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output" + testfailure --nomsg grep '//' "${ROOTDIR}/tmp/${TESTSTATE}.output" cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${KEYDIR}/joesixpack.pub.${EXT}.bak" - testequalor2 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed + if [ "$TESTSTATE" = 'testwarning' ]; then + testwarning aptkey --fakeroot update + testsuccess grep '^gpg: key .*DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed$' "${ROOTDIR}/tmp/testwarning.output" + testsuccess grep '^W: .* are ignored as the file has an unsupported filetype' "${ROOTDIR}/tmp/testwarning.output" + else + testequalor2 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1' 'gpg: key 5A90D141DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1' aptkey --fakeroot update + fi testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${KEYDIR}/joesixpack.pub.${EXT}.bak" testaptkeys 'Joe Sixpack' testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg" - testsuccess aptkey --fakeroot add "${KEYDIR}/rexexpired.pub.${EXT}" + ${TESTSTATE} aptkey --fakeroot add "${KEYDIR}/rexexpired.pub.${EXT}" testfilestats "${ROOTDIR}/etc/apt/trusted.gpg" '%a' '=' '644' testaptkeys 'Rex Expired' 'Joe Sixpack' msgtest 'Check that Sixpack key can be' 'exported' - aptkey export 'Sixpack' > "${TMPWORKINGDIRECTORY}/aptkey.export" + aptkey export 'Sixpack' > "${TMPWORKINGDIRECTORY}/aptkey.export" 2>/dev/null aptkey --keyring "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" exportall > "${TMPWORKINGDIRECTORY}/aptkey.exportall" testsuccess --nomsg cmp "${TMPWORKINGDIRECTORY}/aptkey.export" "${TMPWORKINGDIRECTORY}/aptkey.exportall" testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.export" testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.exportall" msgtest 'Execute update again to trigger removal of' 'Rex Expired key' - testsuccess --nomsg aptkey --fakeroot update + ${TESTSTATE} --nomsg aptkey --fakeroot update testaptkeys 'Joe Sixpack' @@ -90,27 +99,27 @@ gpg: unchanged: 1' aptkey --fakeroot update testaptkeys 'Joe Sixpack' - testsuccess aptkey --fakeroot del DBAC8DAE - testempty aptkey list + ${TESTSTATE} aptkey --fakeroot del DBAC8DAE + "${TESTSTATE}empty" aptkey list ln -sf "$(readlink -f "${KEYDIR}/joesixpack.pub.${EXT}")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" testaptkeys 'Joe Sixpack' msgtest "Remove a key from" 'forced keyring in trusted.d.gpg' testsuccess --nomsg aptkey --fakeroot --keyring "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" del DBAC8DAE testsuccess cmp -s "$(readlink -f "${KEYDIR}/joesixpack.pub.${EXT}")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~" - testempty aptkey list + "${TESTSTATE}empty" aptkey list cp -a "${KEYDIR}/marvinparanoid.pub.asc" "${ROOTDIR}/etc/foobar.pub" testsuccess aptkey --fakeroot --keyring "${ROOTDIR}/etc/foobar.pub" add "${KEYDIR}/rexexpired.pub.asc" "${KEYDIR}/joesixpack.pub.gpg" testfilestats "${ROOTDIR}/etc/foobar.pub" '%a' '=' '644' testaptkeyskeyring "${ROOTDIR}/etc/foobar.pub" 'Marvin Paranoid' 'Rex Expired' 'Joe Sixpack' - testempty aptkey list + "${TESTSTATE}empty" aptkey list msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short cleanplate cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" - testsuccess --nomsg aptkey --fakeroot del d141dbac8dae - testempty aptkey list + ${TESTSTATE} --nomsg aptkey --fakeroot del d141dbac8dae + "${TESTSTATE}empty" aptkey list if [ "$(id -u)" != '0' ]; then msgtest 'Test key removal with' 'unreadable key' @@ -129,8 +138,8 @@ gpg: unchanged: 1' aptkey --fakeroot update msgtest 'Test key removal with' 'single key in real file' cleanplate cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" - testsuccess --nomsg aptkey --fakeroot del DBAC8DAE - testempty aptkey list + ${TESTSTATE} --nomsg aptkey --fakeroot del DBAC8DAE + "${TESTSTATE}empty" aptkey list testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~" @@ -138,8 +147,8 @@ gpg: unchanged: 1' aptkey --fakeroot update cleanplate cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" cp -a "${KEYDIR}/marvinparanoid.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.${EXT}" - testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2 - testempty aptkey list + ${TESTSTATE} --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2 + "${TESTSTATE}empty" aptkey list testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~" testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.${EXT}" @@ -148,39 +157,39 @@ gpg: unchanged: 1' aptkey --fakeroot update msgtest 'Test key removal with' 'long key ID' cleanplate cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" - testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE - testempty aptkey list + ${TESTSTATE} --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE + "${TESTSTATE}empty" aptkey list testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~" msgtest 'Test key removal with' 'fingerprint' cleanplate cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" - testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE - testempty aptkey list + ${TESTSTATE} --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE + "${TESTSTATE}empty" aptkey list testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~" msgtest 'Test key removal with' 'spaced fingerprint' cleanplate cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" - testsuccess --nomsg aptkey --fakeroot del '34A8 E9D1 8DB3 20F3 67E8 EAA0 5A90 D141 DBAC 8DAE' - testempty aptkey list + ${TESTSTATE} --nomsg aptkey --fakeroot del '34A8 E9D1 8DB3 20F3 67E8 EAA0 5A90 D141 DBAC 8DAE' + "${TESTSTATE}empty" aptkey list testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~" msgtest 'Test key removal with' 'single key in softlink' cleanplate ln -sf "$(readlink -f "${KEYDIR}/joesixpack.pub.${EXT}")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" - testsuccess --nomsg aptkey --fakeroot del DBAC8DAE - testempty aptkey list + ${TESTSTATE} --nomsg aptkey --fakeroot del DBAC8DAE + "${TESTSTATE}empty" aptkey list testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~" cleanplate - testsuccess aptkey --fakeroot add "${KEYDIR}/joesixpack.pub.${EXT}" + ${TESTSTATE} aptkey --fakeroot add "${KEYDIR}/joesixpack.pub.${EXT}" ln -sf "$(readlink -f "${KEYDIR}/marvinparanoid.pub.${EXT}")" "${KEYDIR}/marvin paránöid.pub.${EXT}" - testsuccess aptkey --fakeroot add "${KEYDIR}/marvin paránöid.pub.${EXT}" + ${TESTSTATE} aptkey --fakeroot add "${KEYDIR}/marvin paránöid.pub.${EXT}" testaptkeys 'Joe Sixpack' 'Marvin Paranoid' cp -a "${ROOTDIR}/etc/apt/trusted.gpg" "${KEYDIR}/testcase-multikey.pub.gpg" # store for reuse gpg --no-default-keyring --keyring "${KEYDIR}/testcase-multikey.pub.gpg" --armor --export > "${KEYDIR}/testcase-multikey.pub.asc" @@ -188,14 +197,14 @@ gpg: unchanged: 1' aptkey --fakeroot update msgtest 'Test key removal with' 'multi key in real file' cleanplate cp -a "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}" - testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + ${TESTSTATE} --nomsg aptkey --fakeroot del DBAC8DAE testaptkeys 'Marvin Paranoid' testsuccess cmp "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}~" msgtest 'Test key removal with' 'multi key in softlink' cleanplate ln -s "$(readlink -f "${KEYDIR}/testcase-multikey.pub.${EXT}")" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}" - testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + ${TESTSTATE} --nomsg aptkey --fakeroot del DBAC8DAE testaptkeys 'Marvin Paranoid' testsuccess cmp "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}~" testfailure test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}" @@ -205,7 +214,7 @@ gpg: unchanged: 1' aptkey --fakeroot update cleanplate cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" cp -a "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}" - testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + ${TESTSTATE} --nomsg aptkey --fakeroot del DBAC8DAE testaptkeys 'Marvin Paranoid' testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~" @@ -216,15 +225,15 @@ gpg: unchanged: 1' aptkey --fakeroot update cp -a "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}" testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid' msgtest 'Test merge-back of' 'added keys' - testsuccess --nomsg aptkey adv --batch --yes --import "${KEYDIR}/rexexpired.pub.${EXT}" + ${TESTSTATE} --nomsg aptkey adv --batch --yes --import "${KEYDIR}/rexexpired.pub.${EXT}" testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid' msgtest 'Test merge-back of' 'removed keys' - testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9 + ${TESTSTATE} --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid' msgtest 'Test merge-back of' 'removed duplicate keys' - testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE + ${TESTSTATE} --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE testaptkeys 'Marvin Paranoid' cleanplate @@ -246,7 +255,7 @@ gpg: unchanged: 1' aptkey --fakeroot update if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi msgtest 'Test verify a file' 'with all keys' - testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" + ${TESTSTATE} --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" if [ "$(id -u)" != '0' ]; then msgtest 'Test verify a file' 'with unreadable key' @@ -274,7 +283,7 @@ gpg: unchanged: 1' aptkey --fakeroot update # note: this isn't how apts gpgv method implements keyid for verify msgtest 'Test verify a file' 'with good keyid' - testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify "${SIGNATURE}.gpg" "${SIGNATURE}" + ${TESTSTATE} --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify "${SIGNATURE}.gpg" "${SIGNATURE}" msgtest 'Test fail verify a file' 'with bad keyid' testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify "${SIGNATURE}.gpg" "${SIGNATURE}" @@ -287,7 +296,7 @@ gpg: unchanged: 1' aptkey --fakeroot update # try to perform an entire update with this gpgv rm -rf "${ROOTDIR}/var/lib/apt/lists" - testsuccess apt update -o Test::Dir="${ROOTDIR}" + ${TESTSTATE} apt update -o Test::Dir="${ROOTDIR}" done rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" @@ -310,7 +319,7 @@ gpg: unchanged: 1' aptkey --fakeroot update if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi msgtest 'Test verify a doublesigned file' 'with all keys' - testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" + ${TESTSTATE} --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" msgtest 'Test verify a doublesigned file' 'with good keyring joe' testmultigpg --keyring "${KEYDIR}/joesixpack.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}" @@ -389,3 +398,15 @@ testrun msgmsg 'Tests to be run with' 'asc files' rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd" testrun 'asc' + +msgmsg 'Tests to be run with' 'bad files' +# don't let the plate be so clean anymore +cleanplate() { + rm -rf "${ROOTDIR}/etc/apt/trusted.gpg.d/" "${ROOTDIR}/etc/apt/trusted.gpg" + mkdir "${ROOTDIR}/etc/apt/trusted.gpg.d/" + touch "${ROOTDIR}/etc/apt/trusted.gpg.d/emptyfile.gpg" + touch "${ROOTDIR}/etc/apt/trusted.gpg.d/emptyfile.asc" + echo 'broken' > "${ROOTDIR}/etc/apt/trusted.gpg.d/brokenfile.gpg" + echo 'broken' > "${ROOTDIR}/etc/apt/trusted.gpg.d/brokenfile.asc" +} +testrun 'gpg' 'testwarning' |