diff options
| -rwxr-xr-x | cmdline/apt-key | 27 | ||||
| -rwxr-xr-x | test/integration/test-apt-key-net-update | 3 |
2 files changed, 18 insertions, 12 deletions
diff --git a/cmdline/apt-key b/cmdline/apt-key index 104ca656b..617fed4f8 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -22,7 +22,7 @@ MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg ARCHIVE_KEYRING_URI=http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg - +TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg requires_root() { if [ "$(id -u)" -ne 0 ]; then @@ -34,7 +34,7 @@ requires_root() { add_keys_with_verify_against_master_keyring() { ADD_KEYRING=$1 MASTER=$2 - + if [ ! -f "$ADD_KEYRING" ]; then echo "ERROR: '$ADD_KEYRING' not found" return @@ -50,22 +50,26 @@ add_keys_with_verify_against_master_keyring() { # from a key in the $distro-master-keyring add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` - # verify to ensure that there are no key id duplications that may be - # used to attack the system, see LP: #857472 + + ADDED=0 for add_key in $add_keys; do + + # ensure there are no colisions LP: #857472 for master_key in $master_keys; do if [ "$add_key" = "$master_key" ]; then echo >&2 "Keyid collision for '$add_key' detected, operation aborted" return 1 fi done - done - # add all keys signed with any of the master key(s) - for add_key in $add_keys; do - ADDED=0 + + # export the add keyring one-by-one + rm -f $TMP_KEYRING + $GPG_CMD --keyring $ADD_KEYRING --export $add_key | $GPG_CMD --keyring $TMP_KEYRING --import --trust-model direct + + # check if signed with the master key and only add in this case for master_key in $master_keys; do - if $GPG_CMD --keyring $ADD_KEYRING --verify-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then - $GPG_CMD --quiet --batch --keyring $ADD_KEYRING --export $add_key | $GPG --import + if $GPG_CMD --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then + $GPG --import $TMP_KEYRING ADDED=1 fi done @@ -73,14 +77,13 @@ add_keys_with_verify_against_master_keyring() { echo >&2 "Key '$add_key' not added. It is not signed with a master key" fi done + rm -f $TMP_KEYRING } # update the current archive signing keyring from a network URI # the archive-keyring keys needs to be signed with the master key # (otherwise it does not make sense from a security POV) net_update() { - # Disabled for now as code is insecure - exit 1 if [ -z "$ARCHIVE_KEYRING_URI" ]; then echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set" diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update index 66aafbbc4..710c02f61 100755 --- a/test/integration/test-apt-key-net-update +++ b/test/integration/test-apt-key-net-update @@ -18,10 +18,13 @@ eval "$func" mkdir -p ./etc/apt TRUSTEDFILE=./etc/apt/trusted.gpg +mkdir -p ./var/lib/apt/keyrings +TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" GPG="$GPG_CMD --keyring $TRUSTEDFILE" MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg + msgtest "add_keys_with_verify_against_master_keyring" if [ ! -e $MASTER_KEYRING ]; then echo -n "No $MASTER_KEYRING found" |