summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xcmdline/apt-key27
-rwxr-xr-xtest/integration/test-apt-key-net-update3
2 files changed, 18 insertions, 12 deletions
diff --git a/cmdline/apt-key b/cmdline/apt-key
index 104ca656b..617fed4f8 100755
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -22,7 +22,7 @@ MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
ARCHIVE_KEYRING_URI=http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
-
+TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg
requires_root() {
if [ "$(id -u)" -ne 0 ]; then
@@ -34,7 +34,7 @@ requires_root() {
add_keys_with_verify_against_master_keyring() {
ADD_KEYRING=$1
MASTER=$2
-
+
if [ ! -f "$ADD_KEYRING" ]; then
echo "ERROR: '$ADD_KEYRING' not found"
return
@@ -50,22 +50,26 @@ add_keys_with_verify_against_master_keyring() {
# from a key in the $distro-master-keyring
add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`
- # verify to ensure that there are no key id duplications that may be
- # used to attack the system, see LP: #857472
+
+ ADDED=0
for add_key in $add_keys; do
+
+ # ensure there are no colisions LP: #857472
for master_key in $master_keys; do
if [ "$add_key" = "$master_key" ]; then
echo >&2 "Keyid collision for '$add_key' detected, operation aborted"
return 1
fi
done
- done
- # add all keys signed with any of the master key(s)
- for add_key in $add_keys; do
- ADDED=0
+
+ # export the add keyring one-by-one
+ rm -f $TMP_KEYRING
+ $GPG_CMD --keyring $ADD_KEYRING --export $add_key | $GPG_CMD --keyring $TMP_KEYRING --import --trust-model direct
+
+ # check if signed with the master key and only add in this case
for master_key in $master_keys; do
- if $GPG_CMD --keyring $ADD_KEYRING --verify-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then
- $GPG_CMD --quiet --batch --keyring $ADD_KEYRING --export $add_key | $GPG --import
+ if $GPG_CMD --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then
+ $GPG --import $TMP_KEYRING
ADDED=1
fi
done
@@ -73,14 +77,13 @@ add_keys_with_verify_against_master_keyring() {
echo >&2 "Key '$add_key' not added. It is not signed with a master key"
fi
done
+ rm -f $TMP_KEYRING
}
# update the current archive signing keyring from a network URI
# the archive-keyring keys needs to be signed with the master key
# (otherwise it does not make sense from a security POV)
net_update() {
- # Disabled for now as code is insecure
- exit 1
if [ -z "$ARCHIVE_KEYRING_URI" ]; then
echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set"
diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update
index 66aafbbc4..710c02f61 100755
--- a/test/integration/test-apt-key-net-update
+++ b/test/integration/test-apt-key-net-update
@@ -18,10 +18,13 @@ eval "$func"
mkdir -p ./etc/apt
TRUSTEDFILE=./etc/apt/trusted.gpg
+mkdir -p ./var/lib/apt/keyrings
+TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
GPG="$GPG_CMD --keyring $TRUSTEDFILE"
MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
+
msgtest "add_keys_with_verify_against_master_keyring"
if [ ! -e $MASTER_KEYRING ]; then
echo -n "No $MASTER_KEYRING found"