summaryrefslogtreecommitdiff
path: root/cmdline/apt-key.in
diff options
context:
space:
mode:
Diffstat (limited to 'cmdline/apt-key.in')
-rw-r--r--cmdline/apt-key.in32
1 files changed, 30 insertions, 2 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 723af06ff..5bc5462d2 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -249,6 +249,34 @@ accessible_file_exists() {
return 1
}
+is_supported_keyring() {
+ # empty files are always supported
+ if ! test -s "$1"; then
+ return 0
+ fi
+ local FILEEXT="${1##*.}"
+ if [ "$FILEEXT" = 'gpg' ]; then
+ # 0x98, 0x99 and 0xC6 via octal as hex isn't supported by dashs printf
+ if printf '\231' | cmp --silent --bytes=1 - "$1"; then
+ true
+ elif printf '\230' | cmp --silent --bytes=1 - "$1"; then
+ true
+ elif printf '\306' | cmp --silent --bytes=1 - "$1"; then
+ true
+ else
+ apt_warn "The key(s) in the keyring $1 are ignored as the file has an unsupported filetype."
+ return 1
+ fi
+ elif [ "$FILEEXT" = 'asc' ]; then
+ true #dearmor_filename will deal with them
+ else
+ # most callers ignore unsupported extensions silently
+ apt_warn "The key(s) in the keyring $1 are ignored as the file has an unsupported filename extension."
+ return 1
+ fi
+ return 0
+}
+
foreach_keyring_do() {
local ACTION="$1"
shift
@@ -257,7 +285,7 @@ foreach_keyring_do() {
$ACTION "$TRUSTEDFILE" "$@"
else
# otherwise all known keyrings are up for inspection
- if accessible_file_exists "$TRUSTEDFILE"; then
+ if accessible_file_exists "$TRUSTEDFILE" && is_supported_keyring "$TRUSTEDFILE"; then
$ACTION "$TRUSTEDFILE" "$@"
fi
local TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
@@ -266,7 +294,7 @@ foreach_keyring_do() {
TRUSTEDPARTS="$(readlink -f "$TRUSTEDPARTS")"
local TRUSTEDPARTSLIST="$(cd /; find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 \( -name '*.gpg' -o -name '*.asc' \))"
for trusted in $(echo "$TRUSTEDPARTSLIST" | sort); do
- if accessible_file_exists "$trusted"; then
+ if accessible_file_exists "$trusted" && is_supported_keyring "$trusted"; then
$ACTION "$trusted" "$@"
fi
done