summaryrefslogtreecommitdiff
path: root/cmdline/apt-key
diff options
context:
space:
mode:
authorMichael Vogt <michael.vogt@ubuntu.com>2012-06-14 16:18:20 +0200
committerMichael Vogt <michael.vogt@ubuntu.com>2012-06-14 16:18:20 +0200
commit33e4d8b32a0baef91342527cce16cd47bcb1ee60 (patch)
tree5df31fd024bdbbf796852ca52df4bd71a8f71cd0 /cmdline/apt-key
parenta423a554a821466eeea6865b1e226d8074c2abe6 (diff)
add extra paranoia against subkey attacks (and a regression test), LP: #1013128, thanks to jdstrand and mdeslaur and Geori Guinski
Diffstat (limited to 'cmdline/apt-key')
-rwxr-xr-xcmdline/apt-key14
1 files changed, 8 insertions, 6 deletions
diff --git a/cmdline/apt-key b/cmdline/apt-key
index dda3c1b43..6e85b7353 100755
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -50,18 +50,20 @@ add_keys_with_verify_against_master_keyring() {
# all keys that are exported must have a valid signature
# from a key in the $distro-master-keyring
add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
+ all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5`
master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`
-
- for add_key in $add_keys; do
- # ensure there are no colisions LP: #857472
+ # ensure there are no colisions LP: #857472
+ for all_add_key in $all_add_keys; do
for master_key in $master_keys; do
- if [ "$add_key" = "$master_key" ]; then
- echo >&2 "Keyid collision for '$add_key' detected, operation aborted"
+ if [ "$all_add_key" = "$master_key" ]; then
+ echo >&2 "Keyid collision for '$all_add_key' detected, operation aborted"
return 1
fi
done
-
+ done
+
+ for add_key in $add_keys; do
# export the add keyring one-by-one
rm -f $TMP_KEYRING
$GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key