From 5de346684f6777eb9e2ac1a38d687c1bc50f35b0 Mon Sep 17 00:00:00 2001 From: Johan Kiviniemi Date: Wed, 22 May 2013 21:06:26 +0300 Subject: cmdline/apt-key: Create new keyrings with mode 0644 instead of 0600 --- cmdline/apt-key | 19 +++++++++++++++++++ debian/changelog | 3 +++ 2 files changed, 22 insertions(+) diff --git a/cmdline/apt-key b/cmdline/apt-key index c184e3e75..309c51b13 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -32,6 +32,16 @@ requires_root() { fi } +# gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. +init_keyring() { + for path; do + if ! [ -e "$path" ]; then + touch -- "$path" + chmod 0644 -- "$path" + fi + done +} + add_keys_with_verify_against_master_keyring() { ADD_KEYRING=$1 MASTER=$2 @@ -198,33 +208,42 @@ fi case "$command" in add) requires_root + init_keyring "$TRUSTEDFILE" $GPG --quiet --batch --import "$1" echo "OK" ;; del|rm|remove) requires_root + init_keyring "$TRUSTEDFILE" $GPG --quiet --batch --delete-key --yes "$1" echo "OK" ;; update) + init_keyring "$TRUSTEDFILE" update ;; net-update) + init_keyring "$TRUSTEDFILE" net_update ;; list) + init_keyring "$TRUSTEDFILE" $GPG --batch --list-keys ;; finger*) + init_keyring "$TRUSTEDFILE" $GPG --batch --fingerprint ;; export) + init_keyring "$TRUSTEDFILE" $GPG --armor --export "$1" ;; exportall) + init_keyring "$TRUSTEDFILE" $GPG --armor --export ;; adv*) + init_keyring "$TRUSTEDFILE" echo "Executing: $GPG $*" $GPG $* ;; diff --git a/debian/changelog b/debian/changelog index f5be97bd3..89da46ed1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,9 @@ apt (0.9.8.2) UNRELEASED; urgency=low * buildlib/apti18n.h.in: - fix build failure when building without NLS (closes: #671587) + [ Johan Kiviniemi ] + * cmdline/apt-key: Create new keyrings with mode 0644 instead of 0600. + -- Christian Perrier Thu, 16 May 2013 22:28:22 +0200 apt (0.9.8.1) unstable; urgency=low -- cgit v1.2.3 From ecc46c1c42bb1aa59a0c8f0fb3eb12a5938da6ca Mon Sep 17 00:00:00 2001 From: Johan Kiviniemi Date: Wed, 22 May 2013 21:14:33 +0300 Subject: cmdline/apt-key: Accept nonexistent --keyring file with adv as well --- cmdline/apt-key | 2 +- debian/changelog | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/cmdline/apt-key b/cmdline/apt-key index 309c51b13..2c087acbc 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -163,7 +163,7 @@ if [ "$1" = "--keyring" ]; then #echo "keyfile given" shift TRUSTEDFILE="$1" - if [ -r "$TRUSTEDFILE" ] || [ "$2" = 'add' ]; then + if [ -r "$TRUSTEDFILE" ] || [ "$2" = 'add' ] || [ "$2" = 'adv' ]; then GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE" else echo >&2 "Error: The specified keyring »$TRUSTEDFILE« is missing or not readable" diff --git a/debian/changelog b/debian/changelog index 89da46ed1..b3800fc42 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,7 +11,9 @@ apt (0.9.8.2) UNRELEASED; urgency=low - fix build failure when building without NLS (closes: #671587) [ Johan Kiviniemi ] - * cmdline/apt-key: Create new keyrings with mode 0644 instead of 0600. + * cmdline/apt-key: + - Create new keyrings with mode 0644 instead of 0600. + - Accept a nonexistent --keyring file with the adv subcommand as well. -- Christian Perrier Thu, 16 May 2013 22:28:22 +0200 -- cgit v1.2.3