summaryrefslogtreecommitdiff
path: root/cmdline/apt-key.in
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2017-08-01 15:22:09 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2017-10-05 17:30:25 +0200
commit012932793ba0ea9398a9acd80593bed8e77cfbfc (patch)
treedadc8fac126a1e23a5e81b9a4a0d2bbce0a17922 /cmdline/apt-key.in
parent19e525aac9a802f452100884fa142c5dc68b2db6 (diff)
ignore unsupported key formats in apt-key
gpg2 generates keyboxes by default and users end up putting either those or armored files into the trusted.gpg.d directory which apt tools neither expect nor can really work with without fortifying backward compatibility (at least under the ".gpg" extension). A (short) discussion about how to deal with keyboxes happened in https://lists.debian.org/deity/2017/07/msg00083.html As the last message in that thread is this changeset lets go ahead with it and see how it turns out. The idea is here simply that we check the first octal of a gpg file to have one of three accepted values. Testing on my machines has always produced just one of these, but running into those values on invalid files is reasonabily unlikely to not worry too much. Closes: #876508
Diffstat (limited to 'cmdline/apt-key.in')
-rw-r--r--cmdline/apt-key.in32
1 files changed, 30 insertions, 2 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 723af06ff..5bc5462d2 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -249,6 +249,34 @@ accessible_file_exists() {
return 1
}
+is_supported_keyring() {
+ # empty files are always supported
+ if ! test -s "$1"; then
+ return 0
+ fi
+ local FILEEXT="${1##*.}"
+ if [ "$FILEEXT" = 'gpg' ]; then
+ # 0x98, 0x99 and 0xC6 via octal as hex isn't supported by dashs printf
+ if printf '\231' | cmp --silent --bytes=1 - "$1"; then
+ true
+ elif printf '\230' | cmp --silent --bytes=1 - "$1"; then
+ true
+ elif printf '\306' | cmp --silent --bytes=1 - "$1"; then
+ true
+ else
+ apt_warn "The key(s) in the keyring $1 are ignored as the file has an unsupported filetype."
+ return 1
+ fi
+ elif [ "$FILEEXT" = 'asc' ]; then
+ true #dearmor_filename will deal with them
+ else
+ # most callers ignore unsupported extensions silently
+ apt_warn "The key(s) in the keyring $1 are ignored as the file has an unsupported filename extension."
+ return 1
+ fi
+ return 0
+}
+
foreach_keyring_do() {
local ACTION="$1"
shift
@@ -257,7 +285,7 @@ foreach_keyring_do() {
$ACTION "$TRUSTEDFILE" "$@"
else
# otherwise all known keyrings are up for inspection
- if accessible_file_exists "$TRUSTEDFILE"; then
+ if accessible_file_exists "$TRUSTEDFILE" && is_supported_keyring "$TRUSTEDFILE"; then
$ACTION "$TRUSTEDFILE" "$@"
fi
local TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
@@ -266,7 +294,7 @@ foreach_keyring_do() {
TRUSTEDPARTS="$(readlink -f "$TRUSTEDPARTS")"
local TRUSTEDPARTSLIST="$(cd /; find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 \( -name '*.gpg' -o -name '*.asc' \))"
for trusted in $(echo "$TRUSTEDPARTSLIST" | sort); do
- if accessible_file_exists "$trusted"; then
+ if accessible_file_exists "$trusted" && is_supported_keyring "$trusted"; then
$ACTION "$trusted" "$@"
fi
done