diff options
-rw-r--r-- | apt-pkg/contrib/gpgv.cc | 3 | ||||
-rw-r--r-- | cmdline/apt-key.in | 20 | ||||
-rw-r--r-- | doc/apt-key.8.xml | 32 | ||||
-rw-r--r-- | methods/http.cc | 62 |
4 files changed, 61 insertions, 56 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index d956eaf00..28f3150c3 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -251,6 +251,9 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, setenv("APT_CONFIG", conf.get(), 1); } + // Tell apt-key not to emit warnings + setenv("APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE", "1", 1); + if (releaseSignature == DETACHED) { auto detached = make_unique_FILE(FileGPG, "r"); diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index e9187b423..baf3df5c3 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -671,10 +671,10 @@ prepare_gpg_home() { # well as the script hopefully uses apt-key optionally then like e.g. # debian-archive-keyring for (upgrade) cleanup did if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ] && [ -z "$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE" ]; then - if ! dpkg-query --show --showformat '${Pre-Depends}${Depends}${Recommends}\n' "$DPKG_MAINTSCRIPT_PACKAGE" 2>/dev/null | grep -q gnupg; then + if ! dpkg-query --show --showformat '${Pre-Depends}${Depends}${Recommends}\n' "$DPKG_MAINTSCRIPT_PACKAGE" 2>/dev/null | grep -E -q 'gpg|gnupg'; then cat >&2 <<EOF Warning: The $DPKG_MAINTSCRIPT_NAME maintainerscript of the package $DPKG_MAINTSCRIPT_PACKAGE -Warning: seems to use apt-key (provided by apt) without depending on gnupg or gnupg2. +Warning: seems to use apt-key (provided by apt) without depending on gpg, gnupg, or gnupg2. Warning: This will BREAK in the future and should be fixed by the package maintainer(s). Note: Check first if apt-key functionality is needed at all - it probably isn't! EOF @@ -740,8 +740,18 @@ warn_on_script_usage() { # (Maintainer) scripts should not be using apt-key if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then echo >&2 "Warning: apt-key should not be used in scripts (called from $DPKG_MAINTSCRIPT_NAME maintainerscript of the package ${DPKG_MAINTSCRIPT_PACKAGE})" - elif [ ! -t 1 ]; then - echo >&2 "Warning: apt-key output should not be parsed (stdout is not a terminal)" + fi + + echo >&2 "Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))." +} + +warn_outside_maintscript() { + # In del, we want to warn in interactive use, but not inside maintainer + # scripts, so as to give people a chance to migrate keyrings. + # + # FIXME: We should always warn starting in 2022. + if [ -z "$DPKG_MAINTSCRIPT_PACKAGE" ]; then + echo >&2 "Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))." fi } @@ -760,6 +770,7 @@ case "$command" in ;; del|rm|remove) # no script warning here as removing 'add' usage needs 'del' for cleanup + warn_outside_maintscript requires_root foreach_keyring_do 'remove_key_from_keyring' "$@" aptkey_echo "OK" @@ -772,6 +783,7 @@ case "$command" in merge_back_changes ;; net-update) + warn_on_script_usage requires_root setup_merged_keyring net_update diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml index 1ab4d784e..2c8c3f655 100644 --- a/doc/apt-key.8.xml +++ b/doc/apt-key.8.xml @@ -25,7 +25,7 @@ <!-- Man page title --> <refnamediv> <refname>apt-key</refname> - <refpurpose>APT key management utility</refpurpose> + <refpurpose>Deprecated APT key management utility</refpurpose> </refnamediv> &synopsis-command-apt-key; @@ -37,13 +37,15 @@ authenticated using these keys will be considered trusted. </para> <para> - Note that if usage of <command>apt-key</command> is desired the additional + Use of <command>apt-key</command> is deprecated, except for the use of + <command>apt-key del</command> in maintainer scripts to remove existing + keys from the main keyring. + If such usage of <command>apt-key</command> is desired the additional installation of the GNU Privacy Guard suite (packaged in - <package>gnupg</package>) is required. For this reason alone the programmatic - usage (especially in package maintainer scripts!) is strongly discouraged. - Further more the output format of all commands is undefined and can and does - change whenever the underlying commands change. <command>apt-key</command> will - try to detect such usage and generates warnings on stderr in these cases. + <package>gnupg</package>) is required. + </para> + <para> + apt-key(8) will last be available in Debian 11 and Ubuntu 22.04. </para> </refsect1> @@ -63,7 +65,7 @@ <refsect1><title>Commands</title> <variablelist> - <varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option></term> + <varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option> (deprecated)</term> <listitem> <para> Add a new key to the list of trusted keys. @@ -85,7 +87,7 @@ </listitem> </varlistentry> - <varlistentry><term><option>del</option> <option>&synopsis-param-keyid;</option></term> + <varlistentry><term><option>del</option> <option>&synopsis-param-keyid;</option> (mostly deprecated)</term> <listitem> <para> @@ -96,7 +98,7 @@ </listitem> </varlistentry> - <varlistentry><term><option>export</option> <option>&synopsis-param-keyid;</option></term> + <varlistentry><term><option>export</option> <option>&synopsis-param-keyid;</option> (deprecated)</term> <listitem> <para> @@ -107,7 +109,7 @@ </listitem> </varlistentry> - <varlistentry><term><option>exportall</option></term> + <varlistentry><term><option>exportall</option> (deprecated)</term> <listitem> <para> @@ -118,7 +120,7 @@ </listitem> </varlistentry> - <varlistentry><term><option>list</option>, <option>finger</option></term> + <varlistentry><term><option>list</option>, <option>finger</option> (deprecated)</term> <listitem> <para> @@ -129,7 +131,7 @@ </listitem> </varlistentry> - <varlistentry><term><option>adv</option></term> + <varlistentry><term><option>adv</option> (deprecated)</term> <listitem> <para> Pass advanced options to gpg. With <command>adv --recv-key</command> you @@ -160,7 +162,7 @@ </listitem> </varlistentry> - <varlistentry><term><option>net-update</option></term> + <varlistentry><term><option>net-update</option> (deprecated)</term> <listitem> <para> @@ -183,7 +185,7 @@ <refsect1><title>Options</title> <para>Note that options need to be defined before the commands described in the previous section.</para> <variablelist> - <varlistentry><term><option>--keyring</option> <option>&synopsis-param-filename;</option></term> + <varlistentry><term><option>--keyring</option> <option>&synopsis-param-filename;</option> (deprecated)</term> <listitem><para>With this option it is possible to specify a particular keyring file the command should operate on. The default is that a command is executed on the <filename>trusted.gpg</filename> file as well as on all parts in the diff --git a/methods/http.cc b/methods/http.cc index 1d2c41337..9cfc91330 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -94,6 +94,7 @@ void CircleBuf::Reset() is non-blocking.. */ bool CircleBuf::Read(std::unique_ptr<MethodFd> const &Fd) { + size_t ReadThisCycle = 0; while (1) { // Woops, buffer is full @@ -131,7 +132,7 @@ bool CircleBuf::Read(std::unique_ptr<MethodFd> const &Fd) CircleBuf::BwTickReadData += Res; if (Res == 0) - return false; + return ReadThisCycle != 0; if (Res < 0) { if (errno == EAGAIN) @@ -140,6 +141,7 @@ bool CircleBuf::Read(std::unique_ptr<MethodFd> const &Fd) } InP += Res; + ReadThisCycle += Res; } } /*}}}*/ @@ -204,8 +206,6 @@ bool CircleBuf::Write(std::unique_ptr<MethodFd> const &Fd) ssize_t Res; Res = Fd->Write(Buf + (OutP % Size), LeftWrite()); - if (Res == 0) - return false; if (Res < 0) { if (errno == EAGAIN) @@ -215,7 +215,7 @@ bool CircleBuf::Write(std::unique_ptr<MethodFd> const &Fd) } TotalWriten += Res; - + if (Hash != NULL) Hash->Add(Buf + (OutP%Size),Res); @@ -700,26 +700,18 @@ ResultState HttpServerState::Die(RequestState &Req) { unsigned int LErrno = errno; + Close(); + // Dump the buffer to the file if (Req.State == RequestState::Data) { - if (Req.File.IsOpen() == false) - return ResultState::SUCCESSFUL; // on GNU/kFreeBSD, apt dies on /dev/null because non-blocking // can't be set if (Req.File.Name() != "/dev/null") SetNonBlock(Req.File.Fd(),false); - while (In.WriteSpace() == true) - { - if (In.Write(MethodFd::FromFd(Req.File.Fd())) == false) - { - _error->Errno("write", _("Error writing to the file")); - return ResultState::TRANSIENT_ERROR; - } - - // Done - if (In.IsLimit() == true) - return ResultState::SUCCESSFUL; + if (In.WriteSpace()) { + _error->Error(_("Data left in buffer")); + return ResultState::TRANSIENT_ERROR; } } @@ -727,7 +719,6 @@ ResultState HttpServerState::Die(RequestState &Req) if (In.IsLimit() == false && Req.State != RequestState::Header && Persistent == true) { - Close(); if (LErrno == 0) { _error->Error(_("Error reading from server. Remote end closed connection")); @@ -746,7 +737,6 @@ ResultState HttpServerState::Die(RequestState &Req) return ResultState::TRANSIENT_ERROR; // We may have got multiple responses back in one packet.. - Close(); return ResultState::SUCCESSFUL; } @@ -793,13 +783,11 @@ ResultState HttpServerState::Go(bool ToFile, RequestState &Req) ToFile == false)) return ResultState::TRANSIENT_ERROR; - // Handle server IO - if (ServerFd->HasPending() && In.ReadSpace() == true) - { - errno = 0; - if (In.Read(ServerFd) == false) - return Die(Req); - } + // Record if we have data pending to read in the server, so that we can + // skip the wait in select(). This can happen if data has already been + // read into a methodfd's buffer - the TCP queue might be empty at that + // point. + bool ServerPending = ServerFd->HasPending(); fd_set rfds,wfds; FD_ZERO(&rfds); @@ -831,7 +819,7 @@ ResultState HttpServerState::Go(bool ToFile, RequestState &Req) // Select struct timeval tv; - tv.tv_sec = TimeOut; + tv.tv_sec = ServerPending ? 0 : TimeOut; tv.tv_usec = 0; int Res = 0; if ((Res = select(MaxFd+1,&rfds,&wfds,0,&tv)) < 0) @@ -842,27 +830,20 @@ ResultState HttpServerState::Go(bool ToFile, RequestState &Req) return ResultState::TRANSIENT_ERROR; } - if (Res == 0) + if (Res == 0 && not ServerPending) { _error->Error(_("Connection timed out")); - return Die(Req); + return ResultState::TRANSIENT_ERROR; } // Handle server IO - if (ServerFd->Fd() != -1 && FD_ISSET(ServerFd->Fd(), &rfds)) + if (ServerPending || (ServerFd->Fd() != -1 && FD_ISSET(ServerFd->Fd(), &rfds))) { errno = 0; if (In.Read(ServerFd) == false) return Die(Req); } - if (ServerFd->Fd() != -1 && FD_ISSET(ServerFd->Fd(), &wfds)) - { - errno = 0; - if (Out.Write(ServerFd) == false) - return Die(Req); - } - // Send data to the file if (FileFD->Fd() != -1 && FD_ISSET(FileFD->Fd(), &wfds)) { @@ -873,6 +854,13 @@ ResultState HttpServerState::Go(bool ToFile, RequestState &Req) } } + if (ServerFd->Fd() != -1 && FD_ISSET(ServerFd->Fd(), &wfds)) + { + errno = 0; + if (Out.Write(ServerFd) == false) + return Die(Req); + } + if (Req.MaximumSize > 0 && Req.File.IsOpen() && Req.File.Failed() == false && Req.File.Tell() > Req.MaximumSize) { Owner->SetFailReason("MaximumSizeExceeded"); |