From ee284d5917d09649b68ff1632d44e892f290c52f Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 6 May 2020 12:33:39 +0200 Subject: Fully deprecate apt-key, schedule removal for Q2/2022 People are still using apt-key add and friends, despite that not being guaranteed to work. Let's tell them to stop doing so. We might still want a list command at a future point, but this needs deciding, and a blanket ban atm seems like a sensible step until we figured that out. --- apt-pkg/contrib/gpgv.cc | 3 +++ cmdline/apt-key.in | 16 ++++++++++++++-- doc/apt-key.8.xml | 32 +++++++++++++++++--------------- 3 files changed, 34 insertions(+), 17 deletions(-) diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index d956eaf00..28f3150c3 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -251,6 +251,9 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, setenv("APT_CONFIG", conf.get(), 1); } + // Tell apt-key not to emit warnings + setenv("APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE", "1", 1); + if (releaseSignature == DETACHED) { auto detached = make_unique_FILE(FileGPG, "r"); diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index e9187b423..c61b8b417 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -740,8 +740,18 @@ warn_on_script_usage() { # (Maintainer) scripts should not be using apt-key if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then echo >&2 "Warning: apt-key should not be used in scripts (called from $DPKG_MAINTSCRIPT_NAME maintainerscript of the package ${DPKG_MAINTSCRIPT_PACKAGE})" - elif [ ! -t 1 ]; then - echo >&2 "Warning: apt-key output should not be parsed (stdout is not a terminal)" + fi + + echo >&2 "Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))." +} + +warn_outside_maintscript() { + # In del, we want to warn in interactive use, but not inside maintainer + # scripts, so as to give people a chance to migrate keyrings. + # + # FIXME: We should always warn starting in 2022. + if [ -z "$DPKG_MAINTSCRIPT_PACKAGE" ]; then + echo >&2 "Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))." fi } @@ -760,6 +770,7 @@ case "$command" in ;; del|rm|remove) # no script warning here as removing 'add' usage needs 'del' for cleanup + warn_outside_maintscript requires_root foreach_keyring_do 'remove_key_from_keyring' "$@" aptkey_echo "OK" @@ -772,6 +783,7 @@ case "$command" in merge_back_changes ;; net-update) + warn_on_script_usage requires_root setup_merged_keyring net_update diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml index 1ab4d784e..2c8c3f655 100644 --- a/doc/apt-key.8.xml +++ b/doc/apt-key.8.xml @@ -25,7 +25,7 @@ apt-key - APT key management utility + Deprecated APT key management utility &synopsis-command-apt-key; @@ -37,13 +37,15 @@ authenticated using these keys will be considered trusted. - Note that if usage of apt-key is desired the additional + Use of apt-key is deprecated, except for the use of + apt-key del in maintainer scripts to remove existing + keys from the main keyring. + If such usage of apt-key is desired the additional installation of the GNU Privacy Guard suite (packaged in - gnupg) is required. For this reason alone the programmatic - usage (especially in package maintainer scripts!) is strongly discouraged. - Further more the output format of all commands is undefined and can and does - change whenever the underlying commands change. apt-key will - try to detect such usage and generates warnings on stderr in these cases. + gnupg) is required. + + + apt-key(8) will last be available in Debian 11 and Ubuntu 22.04. @@ -63,7 +65,7 @@ Commands - + (deprecated) Add a new key to the list of trusted keys. @@ -85,7 +87,7 @@ - + (mostly deprecated) @@ -96,7 +98,7 @@ - + (deprecated) @@ -107,7 +109,7 @@ - + (deprecated) @@ -118,7 +120,7 @@ - , + , (deprecated) @@ -129,7 +131,7 @@ - + (deprecated) Pass advanced options to gpg. With adv --recv-key you @@ -160,7 +162,7 @@ - + (deprecated) @@ -183,7 +185,7 @@ Options Note that options need to be defined before the commands described in the previous section. - + (deprecated) With this option it is possible to specify a particular keyring file the command should operate on. The default is that a command is executed on the trusted.gpg file as well as on all parts in the -- cgit v1.2.3 From f9f0ae2bbb2d0bfeccddecbf8b9ec07ccd54cd9a Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 6 May 2020 12:52:57 +0200 Subject: apt-key: Allow depending on gpg instead of gnupg Maintainer scripts that need to use apt-key del might as well depend on gpg, they don't need the full gnupg suite. --- cmdline/apt-key.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index c61b8b417..baf3df5c3 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -671,10 +671,10 @@ prepare_gpg_home() { # well as the script hopefully uses apt-key optionally then like e.g. # debian-archive-keyring for (upgrade) cleanup did if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ] && [ -z "$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE" ]; then - if ! dpkg-query --show --showformat '${Pre-Depends}${Depends}${Recommends}\n' "$DPKG_MAINTSCRIPT_PACKAGE" 2>/dev/null | grep -q gnupg; then + if ! dpkg-query --show --showformat '${Pre-Depends}${Depends}${Recommends}\n' "$DPKG_MAINTSCRIPT_PACKAGE" 2>/dev/null | grep -E -q 'gpg|gnupg'; then cat >&2 <