apt-key: change to / before find to satisfy its CWD needs

First seen on hurd, but easily reproducible on all systems by removing
the 'execution' bit from the current working directory and watching some
tests (mostly the no-output expecting tests) fail due to find printing:
"find: Failed to restore initial working directory: …"

Samuel Thibault says in the bugreport:
| To do its work, find first records the $PWD, then goes to
| /etc/apt/trusted.gpg.d/ to find the files, and then goes back to $PWD.
|
| On Linux, getting $PWD from the 700 directory happens to work by luck
| (POSIX says that getcwd can return [EACCES]: Search permission was denied
| for the current directory, or read or search permission was denied for a
| directory above the current directory in the file hierarchy). And going
| back to $PWD fails, and thus find returns 1, but at least it emitted its
| output.
|
| On Hurd, getting $PWD from the 700 directory fails, and find thus aborts
| immediately, without emitting any output, and thus no keyring is found.
|
| So, to summarize, the issue is that since apt-get update runs find as a
| non-root user, running it from a 700 directory breaks find.

Solved as suggested by changing to '/' before running find, with some
paranoia extra care taking to ensure the paths we give to find are really
absolute paths first (they really should, but TMPDIR=. or a similar
Dir::Etc::trustedparts setting could exist somewhere in the wild).

The commit takes also the opportunity to make these lines slightly less
error ignoring and the two find calls using (mostly) the same parameters.

Thanks: Samuel Thibault for 'finding' the culprit!
Closes: 826043

1 files changed, 10 insertions, 14 deletions

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index b309142cf..ede6be4c3 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -238,12 +238,9 @@ foreach_keyring_do() {
 	local TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
 	eval "$(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)"
 	if [ -d "$TRUSTEDPARTS" ]; then
-	    # strip / suffix as gpg will double-slash in that case (#665411)
-	    local STRIPPED_TRUSTEDPARTS="${TRUSTEDPARTS%/}"
-	    if [ "${STRIPPED_TRUSTEDPARTS}/" = "$TRUSTEDPARTS" ]; then
-		TRUSTEDPARTS="$STRIPPED_TRUSTEDPARTS"
-	    fi
-	    for trusted in $(find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 -regex '^.*\.gpg$' | sort); do
+	    TRUSTEDPARTS="$(readlink -f "$TRUSTEDPARTS")"
+	    local TRUSTEDPARTSLIST="$(cd /; find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 -name '*.gpg')"
+	    for trusted in $(echo "$TRUSTEDPARTSLIST" | sort); do
 		if [ -s "$trusted" ]; then
 		    $ACTION "$trusted" "$@"
 		fi
@@ -301,7 +298,7 @@ merge_all_trusted_keyrings_into_pubring() {
     # does the same as:
     # foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg"
     # but without using gpg, just cat and find
-    local PUBRING="${GPGHOMEDIR}/pubring.gpg"
+    local PUBRING="$(readlink -f "${GPGHOMEDIR}/pubring.gpg")"
     # if a --keyring was given, just use this one
     if [ -n "$FORCED_KEYRING" ]; then
 	if [ -s "$FORCED_KEYRING" ]; then
@@ -312,13 +309,12 @@ merge_all_trusted_keyrings_into_pubring() {
 	local TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
 	eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
 	if [ -d "$TRUSTEDPARTS" ]; then
-	    # ignore errors mostly for non-existing $TRUSTEDFILE
-	    {
-	       cat "$TRUSTEDFILE" || true
-	       for parts in $(find -L "$TRUSTEDPARTS" -type f -name '*.gpg'); do
-		  cat "$parts" || true
-	       done
-	    } > "$PUBRING" 2>/dev/null
+	    rm -f "$PUBRING"
+	    if [ -s "$TRUSTEDFILE" ]; then
+		cat "$TRUSTEDFILE" > "$PUBRING"
+	    fi
+	    TRUSTEDPARTS="$(readlink -f "$TRUSTEDPARTS")"
+	    (cd /; find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 -name '*.gpg' -exec cat {} + >> "$PUBRING";)
 	elif [ -s "$TRUSTEDFILE" ]; then
 	    cp --dereference "$TRUSTEDFILE" "$PUBRING"
 	fi