From 3e032cda2d3558c076a559697e664546da56c243 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 15:02:39 +0100 Subject: remove leftover debug output from multikey softlink Git-Dch: Ignore --- cmdline/apt-key.in | 1 - 1 file changed, 1 deletion(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 0774cf4b7..59b69b89c 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -198,7 +198,6 @@ remove_key_from_keyring() { REALTARGET="$(readlink -f "$1")" mv -f "$1" "${1}.dpkg-tmp" cp -a "$REALTARGET" "$1" - ls "$(dirname $1)" fi # delete the key from the keyring $GPG --batch --delete-key --yes "$2" -- cgit v1.2.3 From 5b55915a9beca06c9993285aee9da9f4ac3bccc4 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 15:18:14 +0100 Subject: rename postrm to apt.postrm It helps in identifying its affiliation. Also removes the old postinst which was hidden by apt.postinst for a long time now and would just install a sources.list in edgecases which is probably not a good idea (e.g. on my system /etc/apt/sources.list does not exist). It is better done by the installer of the distro. Git-Dch: Ignore --- debian/apt.postinst | 0 debian/apt.postrm | 22 ++++++++++++++++++++++ debian/postinst | 39 --------------------------------------- debian/postrm | 22 ---------------------- 4 files changed, 22 insertions(+), 61 deletions(-) mode change 100644 => 100755 debian/apt.postinst create mode 100755 debian/apt.postrm delete mode 100755 debian/postinst delete mode 100755 debian/postrm diff --git a/debian/apt.postinst b/debian/apt.postinst old mode 100644 new mode 100755 diff --git a/debian/apt.postrm b/debian/apt.postrm new file mode 100755 index 000000000..ae1e18d33 --- /dev/null +++ b/debian/apt.postrm @@ -0,0 +1,22 @@ +#! /bin/sh + +# apt postrm +# Copyright (C) 1998, Ben Gertzfield + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +set -e + +#DEBHELPER# + +case "$1" in + remove) + ;; + purge) + rm -rf /var/cache/apt + rm -rf /var/lib/apt +esac + diff --git a/debian/postinst b/debian/postinst deleted file mode 100755 index 1588f5241..000000000 --- a/debian/postinst +++ /dev/null @@ -1,39 +0,0 @@ -#! /bin/sh - -# apt postinst, based liberally on James Troup's gpm postinst -# Copyright (C) 1998, Ben Gertzfield - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. - -set -e - -create_apt_conf () -{ - EXAMPLE_SOURCE=/usr/share/doc/apt/examples/sources.list - if [ -f $EXAMPLE_SOURCE ]; then - cp $EXAMPLE_SOURCE /etc/apt/sources.list - fi -} - -check_apt_conf () -{ - true - # this is for future expansion -} - -#DEBHELPER# - -case "$1" in - configure) - # - # If there is no /etc/apt/sources.list then create a default - # - if [ ! -f /etc/apt/sources.list ]; then - create_apt_conf - else - check_apt_conf - fi -esac diff --git a/debian/postrm b/debian/postrm deleted file mode 100755 index ae1e18d33..000000000 --- a/debian/postrm +++ /dev/null @@ -1,22 +0,0 @@ -#! /bin/sh - -# apt postrm -# Copyright (C) 1998, Ben Gertzfield - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. - -set -e - -#DEBHELPER# - -case "$1" in - remove) - ;; - purge) - rm -rf /var/cache/apt - rm -rf /var/lib/apt -esac - -- cgit v1.2.3 From 3d0def059874a6e63566ce13579de296ccd26932 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 16:43:19 +0100 Subject: add a (hidden) --quiet option for apt-key --- cmdline/apt-key.in | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 59b69b89c..d50ad40ac 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -39,6 +39,8 @@ ARCHIVE_KEYRING_URI='&keyring-uri;' eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI) TMP_KEYRING=${APT_DIR}/var/lib/apt/keyrings/maybe-import-keyring.gpg +aptkey_echo() { echo "$@"; } + requires_root() { if [ "$(id -u)" -ne 0 ]; then echo >&1 "ERROR: This command can only be used by root." @@ -142,7 +144,7 @@ net_update() { fi new_mtime=$(stat -c %Y $keyring) if [ $new_mtime -ne $old_mtime ]; then - echo "Checking for new archive signing keys now" + aptkey_echo "Checking for new archive signing keys now" add_keys_with_verify_against_master_keyring $keyring $MASTER_KEYRING fi } @@ -227,7 +229,7 @@ remove_key() { done fi fi - echo "OK" + aptkey_echo "OK" } @@ -267,6 +269,10 @@ while [ -n "$1" ]; do requires_root() { true; } shift ;; + --quiet) + aptkey_echo() { true; } + shift + ;; --*) echo >&2 "Unknown option: $1" usage @@ -316,7 +322,7 @@ case "$command" in requires_root init_keyring "$TRUSTEDFILE" $GPG --quiet --batch --import "$1" - echo "OK" + aptkey_echo "OK" ;; del|rm|remove) init_keyring "$TRUSTEDFILE" @@ -348,7 +354,7 @@ case "$command" in ;; adv*) init_keyring "$TRUSTEDFILE" - echo "Executing: $GPG $*" + aptkey_echo "Executing: $GPG $*" $GPG $* ;; help) -- cgit v1.2.3 From 84b286f65c55e21b4734a17474f1cba464cbbd9c Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 16:44:49 +0100 Subject: all errors should be printed to stderr Git-Dch: Ignore --- cmdline/apt-key.in | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index d50ad40ac..e592925d6 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -43,7 +43,7 @@ aptkey_echo() { echo "$@"; } requires_root() { if [ "$(id -u)" -ne 0 ]; then - echo >&1 "ERROR: This command can only be used by root." + echo >&2 "ERROR: This command can only be used by root." exit 1 fi } @@ -63,11 +63,11 @@ add_keys_with_verify_against_master_keyring() { MASTER=$2 if [ ! -f "$ADD_KEYRING" ]; then - echo "ERROR: '$ADD_KEYRING' not found" + echo >&2 "ERROR: '$ADD_KEYRING' not found" return - fi + fi if [ ! -f "$MASTER" ]; then - echo "ERROR: '$MASTER' not found" + echo >&2 "ERROR: '$MASTER' not found" return fi @@ -175,7 +175,7 @@ update() { fi done else - echo "Warning: removed keys keyring $REMOVED_KEYS missing or not readable" >&2 + echo >&2 "Warning: removed keys keyring $REMOVED_KEYS missing or not readable" fi } -- cgit v1.2.3 From 9fda3be1ae000e81e15dc8840271946e140765c9 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 17:14:52 +0100 Subject: only create new trusted.gpg if directory is writeable --- cmdline/apt-key.in | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index e592925d6..66e26ef0c 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -48,16 +48,6 @@ requires_root() { fi } -# gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. -init_keyring() { - for path; do - if ! [ -e "$path" ]; then - touch -- "$path" - chmod 0644 -- "$path" - fi - done -} - add_keys_with_verify_against_master_keyring() { ADD_KEYRING=$1 MASTER=$2 @@ -311,49 +301,50 @@ if [ -z "$command" ]; then fi shift -if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then - echo >&2 "Warning: gnupg does not seem to be installed." - echo >&2 "Warning: apt-key requires gnupg for most operations." - echo >&2 +if [ "$command" != "help" ]; then + if ! which gpg >/dev/null 2>&1; then + echo >&2 "Warning: gnupg does not seem to be installed." + echo >&2 "Warning: apt-key requires gnupg for most operations." + echo >&2 + fi + + # gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. + if ! [ -e "$TRUSTEDFILE" ]; then + if [ -w "$(dirname "$TRUSTEDFILE")" ]; then + touch -- "$TRUSTEDFILE" + chmod 0644 -- "$TRUSTEDFILE" + fi + fi fi case "$command" in add) requires_root - init_keyring "$TRUSTEDFILE" $GPG --quiet --batch --import "$1" aptkey_echo "OK" ;; del|rm|remove) - init_keyring "$TRUSTEDFILE" remove_key "$1" ;; update) - init_keyring "$TRUSTEDFILE" update ;; net-update) - init_keyring "$TRUSTEDFILE" net_update ;; list) - init_keyring "$TRUSTEDFILE" $GPG --batch --list-keys ;; finger*) - init_keyring "$TRUSTEDFILE" $GPG --batch --fingerprint ;; export) - init_keyring "$TRUSTEDFILE" $GPG --armor --export "$1" ;; exportall) - init_keyring "$TRUSTEDFILE" $GPG --armor --export ;; adv*) - init_keyring "$TRUSTEDFILE" aptkey_echo "Executing: $GPG $*" $GPG $* ;; -- cgit v1.2.3 From 4f51a496d56807c73586220dd736173d7783c8b3 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 17:24:56 +0100 Subject: support (multiple) arguments properly in apt-key --- cmdline/apt-key.in | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 66e26ef0c..ab62d4c8f 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -202,24 +202,27 @@ remove_key_from_keyring() { remove_key() { requires_root - # if a --keyring was given, just remove from there - if [ -n "$FORCED_KEYRING" ]; then - remove_key_from_keyring "$FORCED_KEYRING" "$1" - else - # otherwise all known keyrings are up for inspection - local TRUSTEDFILE="/etc/apt/trusted.gpg" - eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) - eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) - remove_key_from_keyring "$TRUSTEDFILE" "$1" - TRUSTEDPARTS="/etc/apt/trusted.gpg.d" - eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) - if [ -d "$TRUSTEDPARTS" ]; then - for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do - remove_key_from_keyring "$trusted" "$1" - done + while [ -n "$1" ]; do + # if a --keyring was given, just remove from there + if [ -n "$FORCED_KEYRING" ]; then + remove_key_from_keyring "$FORCED_KEYRING" "$1" + else + # otherwise all known keyrings are up for inspection + local TRUSTEDFILE="/etc/apt/trusted.gpg" + eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) + eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) + remove_key_from_keyring "$TRUSTEDFILE" "$1" + TRUSTEDPARTS="/etc/apt/trusted.gpg.d" + eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) + if [ -d "$TRUSTEDPARTS" ]; then + for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do + remove_key_from_keyring "$trusted" "$1" + done + fi fi - fi - aptkey_echo "OK" + aptkey_echo "OK" + shift + done } @@ -320,11 +323,11 @@ fi case "$command" in add) requires_root - $GPG --quiet --batch --import "$1" + $GPG --quiet --batch --import "$@" aptkey_echo "OK" ;; del|rm|remove) - remove_key "$1" + remove_key "$@" ;; update) update @@ -333,20 +336,17 @@ case "$command" in net_update ;; list) - $GPG --batch --list-keys + $GPG --batch --list-keys "$@" ;; finger*) - $GPG --batch --fingerprint - ;; - export) - $GPG --armor --export "$1" + $GPG --batch --fingerprint "$@" ;; - exportall) - $GPG --armor --export + export|exportall) + $GPG --armor --export "$@" ;; adv*) aptkey_echo "Executing: $GPG $*" - $GPG $* + $GPG "$@" ;; help) usage -- cgit v1.2.3 From 08cfcd73f517e909823c100143c4938b9997343e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 17:41:35 +0100 Subject: set a primary-keyring only if we have access to it --- cmdline/apt-key.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index ab62d4c8f..9da5fceb8 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -281,8 +281,8 @@ if [ -z "$TRUSTEDFILE" ]; then eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) if [ -r "$TRUSTEDFILE" ]; then GPG="$GPG --keyring $TRUSTEDFILE" + GPG="$GPG --primary-keyring $TRUSTEDFILE" fi - GPG="$GPG --primary-keyring $TRUSTEDFILE" TRUSTEDPARTS="/etc/apt/trusted.gpg.d" eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) if [ -d "$TRUSTEDPARTS" ]; then @@ -316,6 +316,8 @@ if [ "$command" != "help" ]; then if [ -w "$(dirname "$TRUSTEDFILE")" ]; then touch -- "$TRUSTEDFILE" chmod 0644 -- "$TRUSTEDFILE" + GPG="$GPG --keyring $TRUSTEDFILE" + GPG="$GPG --primary-keyring $TRUSTEDFILE" fi fi fi -- cgit v1.2.3 From 4b30c1dc053278a6b9bdb50f0d91b3f934e8613d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 18:24:43 +0100 Subject: refactor key removal code to reuse it in next step Git-Dch: Ignore --- cmdline/apt-key.in | 103 ++++++++++++++++++++++++++++------------------------- 1 file changed, 55 insertions(+), 48 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 9da5fceb8..9adbd6443 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -170,62 +170,69 @@ update() { } remove_key_from_keyring() { - local GPG="$GPG_CMD --keyring $1" - # check if the key is in this keyring: the key id is in the 5 column at the end - if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+$2:"; then - return - fi - if [ ! -w "$1" ]; then - echo >&2 "Key ${2} is in keyring ${1}, but can't be removed as it is read only." - return - fi - # check if it is the only key in the keyring and if so remove the keyring altogether - if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then - mv -f "$1" "${1}~" # behave like gpg - return - fi - # we can't just modify pointed to files as these might be in /usr or something - local REALTARGET - if [ -L "$1" ]; then - REALTARGET="$(readlink -f "$1")" - mv -f "$1" "${1}.dpkg-tmp" - cp -a "$REALTARGET" "$1" - fi - # delete the key from the keyring - $GPG --batch --delete-key --yes "$2" - if [ -n "$REALTARGET" ]; then - # the real backup is the old link, not the copy we made - mv -f "${1}.dpkg-tmp" "${1}~" - fi + local KEYRINGFILE="$1" + shift + local GPG="$GPG_CMD --keyring $KEYRINGFILE" + while [ -n "$1" ]; do + local KEY="$1" + shift + # check if the key is in this keyring: the key id is in the 5 column at the end + if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+${KEY}:"; then + continue + fi + if [ ! -w "$KEYRINGFILE" ]; then + echo >&2 "Key ${KEY} is in keyring ${KEYRINGFILE}, but can't be removed as it is read only." + continue + fi + # check if it is the only key in the keyring and if so remove the keyring altogether + if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then + mv -f "$KEYRINGFILE" "${KEYRINGFILE}~" # behave like gpg + return + fi + # we can't just modify pointed to files as these might be in /usr or something + local REALTARGET + if [ -L "$KEYRINGFILE" ]; then + REALTARGET="$(readlink -f "$KEYRINGFILE")" + mv -f "$KEYRINGFILE" "${KEYRINGFILE}.dpkg-tmp" + cp -a "$REALTARGET" "$KEYRINGFILE" + fi + # delete the key from the keyring + $GPG --batch --delete-key --yes "$KEY" + if [ -n "$REALTARGET" ]; then + # the real backup is the old link, not the copy we made + mv -f "${KEYRINGFILE}.dpkg-tmp" "${KEYRINGFILE}~" + fi + done } remove_key() { requires_root + foreach_keyring_do 'remove_key_from_keyring' "$@" + aptkey_echo "OK" + } - while [ -n "$1" ]; do - # if a --keyring was given, just remove from there - if [ -n "$FORCED_KEYRING" ]; then - remove_key_from_keyring "$FORCED_KEYRING" "$1" - else - # otherwise all known keyrings are up for inspection - local TRUSTEDFILE="/etc/apt/trusted.gpg" - eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) - eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) - remove_key_from_keyring "$TRUSTEDFILE" "$1" - TRUSTEDPARTS="/etc/apt/trusted.gpg.d" - eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) - if [ -d "$TRUSTEDPARTS" ]; then - for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do - remove_key_from_keyring "$trusted" "$1" - done - fi +foreach_keyring_do() { + local ACTION="$1" + shift + # if a --keyring was given, just remove from there + if [ -n "$FORCED_KEYRING" ]; then + $ACTION "$FORCED_KEYRING" "$@" + else + # otherwise all known keyrings are up for inspection + local TRUSTEDFILE="/etc/apt/trusted.gpg" + eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) + eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) + $ACTION "$TRUSTEDFILE" "$@" + local TRUSTEDPARTS="/etc/apt/trusted.gpg.d" + eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) + if [ -d "$TRUSTEDPARTS" ]; then + for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do + $ACTION "$trusted" "$@" + done fi - aptkey_echo "OK" - shift - done + fi } - usage() { echo "Usage: apt-key [--keyring file] [command] [arguments]" echo -- cgit v1.2.3 From 5beb682d2de2003e1c022cb298d6c2ec0cf91c0d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 22:40:52 +0100 Subject: merge fragment keyrings in apt-key to avoid hitting gpg limits gnupg has a hardlimit of 40 (at the moment) keyrings per invocation, which can be exceeded with (many) repositories. That is rather misfortune as the longrun goal was to drop gnupg dependency at some point in the future, but this can now be considered missed and dropped. It also means that 'apt-key adv' commands might not have the behaviour one would expect it to have as it mainly operates on a big temporary keyring, so commands modifying keys will break. Doing this was never a good idea anyway through, so lets just hope nothing break too badly. Closes: 733028 --- cmdline/apt-key.in | 134 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 77 insertions(+), 57 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 9adbd6443..9d8e60ec0 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -23,7 +23,6 @@ GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR" $GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1 # tell gpg that it shouldn't try to maintain a trustdb file GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" - GPG="$GPG_CMD" APT_DIR="/" @@ -113,7 +112,6 @@ net_update() { echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set" exit 1 fi - requires_root # in theory we would need to depend on wget for this, but this feature # isn't useable in debian anyway as we have no keyring uri nor a master key if ! which wget >/dev/null 2>&1; then @@ -145,7 +143,6 @@ update() { echo >&2 "Is the &keyring-package; package installed?" exit 1 fi - requires_root # add new keys from the package; @@ -158,11 +155,8 @@ update() { if [ -r "$REMOVED_KEYS" ]; then # remove no-longer supported/used keys - keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5` - for key in $keys; do - if $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5 | grep -q $key; then - $GPG --quiet --batch --delete-key --yes ${key} - fi + $GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5 | while read key; do + foreach_keyring_do 'remove_key_from_keyring' "$key" done else echo >&2 "Warning: removed keys keyring $REMOVED_KEYS missing or not readable" @@ -172,12 +166,17 @@ update() { remove_key_from_keyring() { local KEYRINGFILE="$1" shift + # non-existent keyrings have by definition no keys + if [ ! -e "$KEYRINGFILE" ]; then + return + fi + local GPG="$GPG_CMD --keyring $KEYRINGFILE" while [ -n "$1" ]; do local KEY="$1" shift # check if the key is in this keyring: the key id is in the 5 column at the end - if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+${KEY}:"; then + if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]*${KEY}:"; then continue fi if [ ! -w "$KEYRINGFILE" ]; then @@ -205,12 +204,6 @@ remove_key_from_keyring() { done } -remove_key() { - requires_root - foreach_keyring_do 'remove_key_from_keyring' "$@" - aptkey_echo "OK" - } - foreach_keyring_do() { local ACTION="$1" shift @@ -219,20 +212,62 @@ foreach_keyring_do() { $ACTION "$FORCED_KEYRING" "$@" else # otherwise all known keyrings are up for inspection - local TRUSTEDFILE="/etc/apt/trusted.gpg" - eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) - eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) - $ACTION "$TRUSTEDFILE" "$@" + if [ -s "$TRUSTEDFILE" ]; then + $ACTION "$TRUSTEDFILE" "$@" + fi local TRUSTEDPARTS="/etc/apt/trusted.gpg.d" eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) if [ -d "$TRUSTEDPARTS" ]; then + # strip / suffix as gpg will double-slash in that case (#665411) + local STRIPPED_TRUSTEDPARTS="${TRUSTEDPARTS%/}" + if [ "${STRIPPED_TRUSTEDPARTS}/" = "$TRUSTEDPARTS" ]; then + TRUSTEDPARTS="$STRIPPED_TRUSTEDPARTS" + fi for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do - $ACTION "$trusted" "$@" + if [ -s "$trusted" ]; then + $ACTION "$trusted" "$@" + fi done fi fi } +list_keys_from_keyring() { + local KEYRINGFILE="$1" + shift + # don't show the error message if this keyring doesn't include the key + $GPG_CMD --keyring "$KEYRINGFILE" --batch --list-keys "$@" 2>/dev/null || true +} + +fingerprint_keys_from_keyring() { + local KEYRINGFILE="$1" + shift + # don't show the error message if this keyring doesn't include the fingerprint + $GPG_CMD --keyring "$KEYRINGFILE" --batch --fingerprint "$@" 2>/dev/null || true +} + +import_keys_from_keyring() { + local IMPORT="$1" + local KEYRINGFILE="$2" + $GPG_CMD --keyring "$KEYRINGFILE" --batch --import "$IMPORT" >/dev/null 2>&1 +} + +setup_merged_keyring() { + local TRUSTEDFILE_BAK="$TRUSTEDFILE" + TRUSTEDFILE='/dev/null' + foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/trusted.gpg" + TRUSTEDFILE="$TRUSTEDFILE_BAK" + # mark it as non-writeable so users get errors if gnupg tries to modify it + if [ -s "${GPGHOMEDIR}/trusted.gpg" ]; then + chmod -w "${GPGHOMEDIR}/trusted.gpg" + GPG="$GPG --keyring ${GPGHOMEDIR}/trusted.gpg" + fi + if [ -r "$TRUSTEDFILE" ]; then + GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE" + fi +} + + usage() { echo "Usage: apt-key [--keyring file] [command] [arguments]" echo @@ -257,12 +292,6 @@ while [ -n "$1" ]; do shift TRUSTEDFILE="$1" FORCED_KEYRING="$1" - if [ -r "$TRUSTEDFILE" ] || [ "$2" = 'add' ] || [ "$2" = 'adv' ]; then - GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE" - else - echo >&2 "Error: The specified keyring »$TRUSTEDFILE« is missing or not readable" - exit 1 - fi shift ;; --fakeroot) @@ -286,22 +315,6 @@ if [ -z "$TRUSTEDFILE" ]; then TRUSTEDFILE="/etc/apt/trusted.gpg" eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) - if [ -r "$TRUSTEDFILE" ]; then - GPG="$GPG --keyring $TRUSTEDFILE" - GPG="$GPG --primary-keyring $TRUSTEDFILE" - fi - TRUSTEDPARTS="/etc/apt/trusted.gpg.d" - eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) - if [ -d "$TRUSTEDPARTS" ]; then - # strip / suffix as gpg will double-slash in that case (#665411) - STRIPPED_TRUSTEDPARTS="${TRUSTEDPARTS%/}" - if [ "${STRIPPED_TRUSTEDPARTS}/" = "$TRUSTEDPARTS" ]; then - TRUSTEDPARTS="$STRIPPED_TRUSTEDPARTS" - fi - for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do - GPG="$GPG --keyring $trusted" - done - fi fi command="$1" @@ -323,40 +336,47 @@ if [ "$command" != "help" ]; then if [ -w "$(dirname "$TRUSTEDFILE")" ]; then touch -- "$TRUSTEDFILE" chmod 0644 -- "$TRUSTEDFILE" - GPG="$GPG --keyring $TRUSTEDFILE" - GPG="$GPG --primary-keyring $TRUSTEDFILE" fi fi fi case "$command" in add) - requires_root - $GPG --quiet --batch --import "$@" - aptkey_echo "OK" + requires_root + setup_merged_keyring + $GPG --quiet --batch --import "$@" + aptkey_echo "OK" ;; del|rm|remove) - remove_key "$@" + requires_root + foreach_keyring_do 'remove_key_from_keyring' "$@" + aptkey_echo "OK" ;; update) + requires_root + setup_merged_keyring update ;; net-update) + requires_root + setup_merged_keyring net_update ;; list) - $GPG --batch --list-keys "$@" - ;; + foreach_keyring_do 'list_keys_from_keyring' "$@" + ;; finger*) - $GPG --batch --fingerprint "$@" - ;; + foreach_keyring_do 'fingerprint_keys_from_keyring' "$@" + ;; export|exportall) - $GPG --armor --export "$@" - ;; + foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/trusted.gpg" + $GPG_CMD --keyring "${GPGHOMEDIR}/trusted.gpg" --armor --export "$@" + ;; adv*) - aptkey_echo "Executing: $GPG $*" - $GPG "$@" - ;; + setup_merged_keyring + aptkey_echo "Executing: $GPG $*" + $GPG "$@" + ;; help) usage ;; -- cgit v1.2.3 From 12841e8320aa499554ac50b102b222900bb1b879 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 23:48:11 +0100 Subject: use apt-key adv (+ gnupg) instead of gpgv for verify apt-key does the keyring merge as we need it, so we just call it instead of reimplementing it to do the merging before gpgv. This means we don't use gpgv anymore (we never depended on it explicitly - bad style), but it also means that the message in apt-cdrom add is a bit less friendly as it says loudly "untrusted key", but for a one-time command its okay. --- apt-pkg/contrib/gpgv.cc | 63 +++++++--------------- test/integration/framework | 1 + test/integration/test-apt-cdrom | 2 +- test/integration/test-apt-key-net-update | 7 ++- .../integration/test-bug-733028-gpg-resource-limit | 27 ++++++++++ 5 files changed, 53 insertions(+), 47 deletions(-) create mode 100755 test/integration/test-bug-733028-gpg-resource-limit diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index f24dd9640..56e26ab99 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -32,50 +32,29 @@ static char * GenerateTemporaryFileTemplate(const char *basename) /*{{{*/ /*}}}*/ // ExecGPGV - returns the command needed for verify /*{{{*/ // --------------------------------------------------------------------- -/* Generating the commandline for calling gpgv is somehow complicated as +/* Generating the commandline for calling gpg is somehow complicated as we need to add multiple keyrings and user supplied options. - Also, as gpgv has no options to enforce a certain reduced style of + Also, as gpg has no options to enforce a certain reduced style of clear-signed files (=the complete content of the file is signed and the content isn't encoded) we do a divide and conquer approach here - and split up the clear-signed file in message and signature for gpgv + and split up the clear-signed file in message and signature for gpg. + And as a cherry on the cake, we use our apt-key wrapper to do part + of the lifting in regards to merging keyrings. Fun for the whole family. */ void ExecGPGV(std::string const &File, std::string const &FileGPG, int const &statusfd, int fd[2]) { #define EINTERNAL 111 - std::string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv"); - // FIXME: remove support for deprecated APT::GPGV setting - std::string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted")); - std::string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts"); + std::string const aptkey = _config->FindFile("Dir::Bin::apt-key", "/usr/bin/apt-key"); bool const Debug = _config->FindB("Debug::Acquire::gpgv", false); - if (Debug == true) - { - std::clog << "gpgv path: " << gpgvpath << std::endl; - std::clog << "Keyring file: " << trustedFile << std::endl; - std::clog << "Keyring path: " << trustedPath << std::endl; - } - - std::vector keyrings; - if (DirectoryExists(trustedPath)) - keyrings = GetListOfFilesInDir(trustedPath, "gpg", false, true); - if (RealFileExists(trustedFile) == true) - keyrings.push_back(trustedFile); - std::vector Args; - Args.reserve(30); - - if (keyrings.empty() == true) - { - // TRANSLATOR: %s is the trusted keyring parts directory - ioprintf(std::cerr, _("No keyring installed in %s."), - _config->FindDir("Dir::Etc::TrustedParts").c_str()); - exit(EINTERNAL); - } + Args.reserve(10); - Args.push_back(gpgvpath.c_str()); - Args.push_back("--ignore-time-conflict"); + Args.push_back(aptkey.c_str()); + Args.push_back("--quiet"); + Args.push_back("adv"); char statusfdstr[10]; if (statusfd != -1) @@ -85,13 +64,6 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, Args.push_back(statusfdstr); } - for (std::vector::const_iterator K = keyrings.begin(); - K != keyrings.end(); ++K) - { - Args.push_back("--keyring"); - Args.push_back(K->c_str()); - } - Configuration::Item const *Opts; Opts = _config->Tree("Acquire::gpgv::Options"); if (Opts != 0) @@ -104,6 +76,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, Args.push_back(Opts->Value.c_str()); } } + Args.push_back("--verify"); enum { DETACHED, CLEARSIGNED } releaseSignature = (FileGPG != File) ? DETACHED : CLEARSIGNED; std::vector dataHeader; @@ -160,7 +133,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, if (Debug == true) { - std::clog << "Preparing to exec: " << gpgvpath; + std::clog << "Preparing to exec: "; for (std::vector::const_iterator a = Args.begin(); *a != NULL; ++a) std::clog << " " << *a; std::clog << std::endl; @@ -168,7 +141,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, if (statusfd != -1) { - int const nullfd = open("/dev/null", O_RDONLY); + int const nullfd = open("/dev/null", O_WRONLY); close(fd[0]); // Redirect output to /dev/null; we read from the status fd if (statusfd != STDOUT_FILENO) @@ -185,7 +158,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, if (releaseSignature == DETACHED) { - execvp(gpgvpath.c_str(), (char **) &Args[0]); + execvp(Args[0], (char **) &Args[0]); ioprintf(std::cerr, "Couldn't execute %s to check %s", Args[0], File.c_str()); exit(EINTERNAL); } @@ -205,7 +178,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, { if (statusfd != -1) dup2(fd[1], statusfd); - execvp(gpgvpath.c_str(), (char **) &Args[0]); + execvp(Args[0], (char **) &Args[0]); ioprintf(std::cerr, "Couldn't execute %s to check %s", Args[0], File.c_str()); UNLINK_EXIT(EINTERNAL); } @@ -216,7 +189,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, { if (errno == EINTR) continue; - ioprintf(std::cerr, _("Waited for %s but it wasn't there"), "gpgv"); + ioprintf(std::cerr, _("Waited for %s but it wasn't there"), "apt-key"); UNLINK_EXIT(EINTERNAL); } #undef UNLINK_EXIT @@ -229,14 +202,14 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, // check if it exit'ed normally … if (WIFEXITED(Status) == false) { - ioprintf(std::cerr, _("Sub-process %s exited unexpectedly"), "gpgv"); + ioprintf(std::cerr, _("Sub-process %s exited unexpectedly"), "apt-key"); exit(EINTERNAL); } // … and with a good exit code if (WEXITSTATUS(Status) != 0) { - ioprintf(std::cerr, _("Sub-process %s returned an error code (%u)"), "gpgv", WEXITSTATUS(Status)); + ioprintf(std::cerr, _("Sub-process %s returned an error code (%u)"), "apt-key", WEXITSTATUS(Status)); exit(WEXITSTATUS(Status)); } diff --git a/test/integration/framework b/test/integration/framework index 7cf4d8a6d..a9ba0014f 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -223,6 +223,7 @@ setupenvironment() { echo "Debug::NoLocking \"true\";" >> aptconfig.conf echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf + echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom index 8d8fdf167..9fbc4288d 100755 --- a/test/integration/test-apt-cdrom +++ b/test/integration/test-apt-cdrom @@ -29,7 +29,7 @@ aptcdromlog() { test ! -e rootdir/media/cdrom || echo "CD-ROM is mounted, but shouldn't be!" test -e rootdir/media/cdrom-unmounted || echo "Unmounted CD-ROM doesn't exist, but it should!" aptcdrom "$@" -o quiet=1 >rootdir/tmp/apt-cdrom.log 2>&1 aptkey.list +testfileequal ./aptkey.list 'pub 1024R/F68C85A3 2013-12-19 +pub 2048R/DBAC8DAE 2010-08-18' # now try a different one # setup archive-keyring @@ -40,4 +43,6 @@ echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf testequal "Checking for new archive signing keys now Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update - +aptkey list | grep '^pub' > aptkey.list +testfileequal ./aptkey.list 'pub 1024R/F68C85A3 2013-12-19 +pub 2048R/DBAC8DAE 2010-08-18' diff --git a/test/integration/test-bug-733028-gpg-resource-limit b/test/integration/test-bug-733028-gpg-resource-limit new file mode 100755 index 000000000..f9c804963 --- /dev/null +++ b/test/integration/test-bug-733028-gpg-resource-limit @@ -0,0 +1,27 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'i386' + +insertpackage 'unstable' 'foobar' 'all' '1' + +setupaptarchive --no-update + +for i in $(seq 1 50); do + touch rootdir/etc/apt/trusted.gpg.d/emptykey-${i}.gpg +done + +aptkey list | grep '^pub' > aptkey.list +testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + +msgtest 'Test for no gpg errors/warnings in' 'apt-get update' +aptget update > update.log 2>&1 +if grep -iq 'GPG' update.log; then + msgfail + cat update.log +else + msgpass +fi -- cgit v1.2.3 From b39bb552f8de65cea13dc5f1fae6fbeb198605c6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 26 Jan 2014 17:23:50 +0100 Subject: correct the error messages to refer to apt-key instead of gpgv Git-Dch: Ignore --- methods/gpgv.cc | 12 ++++++------ po/apt-all.pot | 4 ++-- po/ar.po | 4 ++-- po/ast.po | 8 ++++---- po/bg.po | 10 +++++----- po/bs.po | 4 ++-- po/ca.po | 10 +++++----- po/cs.po | 8 ++++---- po/cy.po | 4 ++-- po/da.po | 8 ++++---- po/de.po | 8 ++++---- po/dz.po | 6 +++--- po/el.po | 8 ++++---- po/es.po | 8 ++++---- po/eu.po | 9 ++++----- po/fi.po | 9 ++++----- po/fr.po | 10 +++++----- po/gl.po | 10 +++++----- po/he.po | 4 ++-- po/hu.po | 8 ++++---- po/it.po | 8 ++++---- po/ja.po | 4 ++-- po/km.po | 8 ++++---- po/ko.po | 8 ++++---- po/ku.po | 6 +++--- po/lt.po | 6 +++--- po/mr.po | 8 ++++---- po/nb.po | 8 ++++---- po/ne.po | 9 ++++----- po/nl.po | 8 ++++---- po/nn.po | 4 ++-- po/pl.po | 8 ++++---- po/pt.po | 8 ++++---- po/pt_BR.po | 9 ++++----- po/ro.po | 9 ++++----- po/ru.po | 8 ++++---- po/sk.po | 8 ++++---- po/sl.po | 8 ++++---- po/sv.po | 8 ++++---- po/th.po | 8 ++++---- po/tl.po | 9 ++++----- po/tr.po | 8 ++++---- po/uk.po | 8 ++++---- po/vi.po | 8 ++++---- po/zh_CN.po | 8 ++++---- po/zh_TW.po | 9 ++++----- 46 files changed, 173 insertions(+), 180 deletions(-) diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 4071cbac6..02fb8c356 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -75,7 +75,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, FILE *pipein = fdopen(fd[0], "r"); - // Loop over the output of gpgv, and check the signatures. + // Loop over the output of apt-key (which really is gnupg), and check the signatures. size_t buffersize = 64; char *buffer = (char *) malloc(buffersize); size_t bufferoff = 0; @@ -160,7 +160,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, waitpid(pid, &status, 0); if (Debug == true) { - std::clog << "gpgv exited\n"; + std::clog << "apt-key exited\n"; } if (WEXITSTATUS(status) == 0) @@ -172,7 +172,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, else if (WEXITSTATUS(status) == 1) return _("At least one invalid signature was encountered."); else if (WEXITSTATUS(status) == 111) - return _("Could not execute 'gpgv' to verify signature (is gpgv installed?)"); + return _("Could not execute 'apt-key' to verify signature (is gnupg installed?)"); else if (WEXITSTATUS(status) == 112) { // acquire system checks for "NODATA" to generate GPG errors (the others are only warnings) @@ -182,7 +182,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, return errmsg; } else - return _("Unknown error executing gpgv"); + return _("Unknown error executing apt-key"); } bool GPGVMethod::Fetch(FetchItem *Itm) @@ -200,7 +200,7 @@ bool GPGVMethod::Fetch(FetchItem *Itm) Res.Filename = Itm->DestFile; URIStart(Res); - // Run gpgv on file, extract contents and get the key ID of the signer + // Run apt-key on file, extract contents and get the key ID of the signer string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), GoodSigners, BadSigners, WorthlessSigners, NoPubKeySigners); @@ -252,7 +252,7 @@ bool GPGVMethod::Fetch(FetchItem *Itm) if (_config->FindB("Debug::Acquire::gpgv", false)) { - std::clog << "gpgv succeeded\n"; + std::clog << "apt-key succeeded\n"; } return true; diff --git a/po/apt-all.pot b/po/apt-all.pot index d2229a936..664965900 100644 --- a/po/apt-all.pot +++ b/po/apt-all.pot @@ -901,7 +901,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -913,7 +913,7 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:217 methods/gpgv.cc:224 diff --git a/po/ar.po b/po/ar.po index 2ab648323..1bea20877 100644 --- a/po/ar.po +++ b/po/ar.po @@ -914,7 +914,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -926,7 +926,7 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:217 methods/gpgv.cc:224 diff --git a/po/ast.po b/po/ast.po index a2f5a7df6..9f7d7b2d0 100644 --- a/po/ast.po +++ b/po/ast.po @@ -1021,8 +1021,8 @@ msgid "At least one invalid signature was encountered." msgstr "Atopóse polo menos una robla mala." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Nun pudo executase 'gpgv' pa verificar la robla (¿ta instaláu gpgv?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Nun pudo executase 'apt-key' pa verificar la robla (¿ta instaláu gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1033,8 +1033,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Fallu desconocíu al executar gpgv" +msgid "Unknown error executing apt-key" +msgstr "Fallu desconocíu al executar apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/bg.po b/po/bg.po index ad174d0a8..e41b2bdd0 100644 --- a/po/bg.po +++ b/po/bg.po @@ -1051,10 +1051,10 @@ msgid "At least one invalid signature was encountered." msgstr "Намерен е поне един невалиден подпис." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Неуспех при изпълнение на „gpgv“ за проверка на подписа (инсталиран ли е " -"gpgv?)" +"Неуспех при изпълнение на „apt-key“ за проверка на подписа (инсталиран ли е " +"gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1065,8 +1065,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Неизвестна грешка при изпълнението на gpgv" +msgid "Unknown error executing apt-key" +msgstr "Неизвестна грешка при изпълнението на apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/bs.po b/po/bs.po index 5f03012fc..81294d8c8 100644 --- a/po/bs.po +++ b/po/bs.po @@ -920,7 +920,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -932,7 +932,7 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:217 methods/gpgv.cc:224 diff --git a/po/ca.po b/po/ca.po index ee9ee46d4..db6d12e77 100644 --- a/po/ca.po +++ b/po/ca.po @@ -1034,10 +1034,10 @@ msgid "At least one invalid signature was encountered." msgstr "S'ha trobat almenys una signatura invàlida." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"No s'ha pogut executar el «gpgv» per a verificar la signatura (està " -"instaŀlat el gpgv?)" +"No s'ha pogut executar el «apt-key» per a verificar la signatura (està " +"instaŀlat el gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1048,8 +1048,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "S'ha produït un error desconegut en executar el gpgv" +msgid "Unknown error executing apt-key" +msgstr "S'ha produït un error desconegut en executar el apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/cs.po b/po/cs.po index 4e43807b7..5d7625d6c 100644 --- a/po/cs.po +++ b/po/cs.po @@ -1062,8 +1062,8 @@ msgid "At least one invalid signature was encountered." msgstr "Byl zaznamenán nejméně jeden neplatný podpis. " #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Nelze spustit „gpgv“ pro ověření podpisu (je gpgv nainstalováno?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Nelze spustit „apt-key“ pro ověření podpisu (je gnupg nainstalováno?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1076,8 +1076,8 @@ msgstr "" "ověření?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Neznámá chyba při spouštění gpgv" +msgid "Unknown error executing apt-key" +msgstr "Neznámá chyba při spouštění apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/cy.po b/po/cy.po index 3175bfa57..dd6feb3d4 100644 --- a/po/cy.po +++ b/po/cy.po @@ -1042,7 +1042,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1054,7 +1054,7 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:217 methods/gpgv.cc:224 diff --git a/po/da.po b/po/da.po index f46a851da..e6c853fd3 100644 --- a/po/da.po +++ b/po/da.po @@ -1075,9 +1075,9 @@ msgid "At least one invalid signature was encountered." msgstr "Stødte på mindst én ugyldig signatur." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Kunne ikke køre »gpgv« for at verificere signaturen (er gpgv installeret?)" +"Kunne ikke køre »apt-key« for at verificere signaturen (er gnupg installeret?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1090,8 +1090,8 @@ msgstr "" "autentificering?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Ukendt fejl ved kørsel af gpgv" +msgid "Unknown error executing apt-key" +msgstr "Ukendt fejl ved kørsel af apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/de.po b/po/de.po index aef7c8fc4..13b291043 100644 --- a/po/de.po +++ b/po/de.po @@ -1113,9 +1113,9 @@ msgid "At least one invalid signature was encountered." msgstr "Mindestens eine ungültige Signatur wurde entdeckt." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"»gpgv« konnte zur Überprüfung der Signatur nicht ausgeführt werden (ist gpgv " +"»apt-key« konnte zur Überprüfung der Signatur nicht ausgeführt werden (ist gnupg " "installiert?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1129,8 +1129,8 @@ msgstr "" "das Netzwerk eine Authentifizierung?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Unbekannter Fehler beim Ausführen von gpgv" +msgid "Unknown error executing apt-key" +msgstr "Unbekannter Fehler beim Ausführen von apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/dz.po b/po/dz.po index 59ed4305e..8ee4d15da 100644 --- a/po/dz.po +++ b/po/dz.po @@ -1016,7 +1016,7 @@ msgstr "ཉུང་མཐའ་རང་ནུས་མེད་ཀྱི་མ #: methods/gpgv.cc:174 #, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" "མིང་རྟགས་བདེན་སྦྱོར་འབད་ནི་ལུ་'%s'འདི་ལག་ལེན་འཐབ་མ་ཚུགས། (gpgv་དེ་ཁཞི་བཙུགས་འབད་ཡོདཔ་ཨིན་ན།?)" @@ -1029,8 +1029,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "gpgv་ལག་ལེན་འཐབ་ནི་ལུ་མ་ཤེས་པའི་འཛོལ་བ་།" +msgid "Unknown error executing apt-key" +msgstr "apt-key་ལག་ལེན་འཐབ་ནི་ལུ་མ་ཤེས་པའི་འཛོལ་བ་།" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/el.po b/po/el.po index 86ef14179..1b19f54da 100644 --- a/po/el.po +++ b/po/el.po @@ -1028,10 +1028,10 @@ msgstr "Βρέθηκε τουλάχιστον μια μη έγκυρη υπογ #: methods/gpgv.cc:174 #, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" "Αδυναμία εκτέλεσης του '%s' για την επαλήθευση της υπογραφής (είναι " -"εγκατεστημένο το gpgv;)" +"εγκατεστημένο το gnupg;)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1042,8 +1042,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Άγνωστο σφάλμα κατά την εκτέλεση του gpgv" +msgid "Unknown error executing apt-key" +msgstr "Άγνωστο σφάλμα κατά την εκτέλεση του apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/es.po b/po/es.po index 77cee1d5d..f808761df 100644 --- a/po/es.po +++ b/po/es.po @@ -1086,9 +1086,9 @@ msgid "At least one invalid signature was encountered." msgstr "Se encontró al menos una firma inválida." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"No se pudo ejecutar «gpgv» para verificar la firma (¿está instalado gpgv?)" +"No se pudo ejecutar «apt-key» para verificar la firma (¿está instalado gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1099,8 +1099,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Error desconocido ejecutando gpgv" +msgid "Unknown error executing apt-key" +msgstr "Error desconocido ejecutando apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/eu.po b/po/eu.po index 88561d003..8b3dd9025 100644 --- a/po/eu.po +++ b/po/eu.po @@ -1016,9 +1016,8 @@ msgid "At least one invalid signature was encountered." msgstr "Beintza sinadura baliogabe bat aurkitu da." #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Ezin da %s abiarazi sinadura egiaztatzeko (gpgv instalaturik al dago?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Ezin da apt-key abiarazi sinadura egiaztatzeko (gnupg instalaturik al dago?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1029,8 +1028,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Errore ezezaguna gpgv exekutatzean" +msgid "Unknown error executing apt-key" +msgstr "Errore ezezaguna apt-key exekutatzean" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/fi.po b/po/fi.po index b18648579..b4333d57f 100644 --- a/po/fi.po +++ b/po/fi.po @@ -1007,10 +1007,9 @@ msgid "At least one invalid signature was encountered." msgstr "LÖytyi ainakin yksi kelvoton allekirjoitus." #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Ei käynnistynyt \"%s\" allekirjoitusta tarkistamaan (onko gpgv asennettu?)" +"Ei käynnistynyt \"apt-key\" allekirjoitusta tarkistamaan (onko gnupg asennettu?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1021,8 +1020,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Tapahtui tuntematon virhe suoritettaessa gpgv" +msgid "Unknown error executing apt-key" +msgstr "Tapahtui tuntematon virhe suoritettaessa apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/fr.po b/po/fr.po index b2197906e..2325fc0bf 100644 --- a/po/fr.po +++ b/po/fr.po @@ -1077,10 +1077,10 @@ msgid "At least one invalid signature was encountered." msgstr "Au moins une signature non valable a été rencontrée." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Impossible d'exécuter « gpgv » pour contrôler la signature (veuillez " -"vérifier si gpgv est installé)." +"Impossible d'exécuter « apt-key » pour contrôler la signature (veuillez " +"vérifier si gnupg est installé)." #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1093,8 +1093,8 @@ msgstr "" "Peut-être le réseau nécessite-t-il une authentification." #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Erreur inconnue à l'exécution de gpgv" +msgid "Unknown error executing apt-key" +msgstr "Erreur inconnue à l'exécution de apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/gl.po b/po/gl.po index 53a866bc1..23d0f1c6b 100644 --- a/po/gl.po +++ b/po/gl.po @@ -1032,10 +1032,10 @@ msgid "At least one invalid signature was encountered." msgstr "Atopouse polo menos unha sinatura incorrecta." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Non é posíbel executar «gpgv» para verificar a sinatura (Está instalado " -"gpgv?)" +"Non é posíbel executar «apt-key» para verificar a sinatura (Está instalado " +"gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1046,8 +1046,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Produciuse un erro descoñecido ao executar gpgv" +msgid "Unknown error executing apt-key" +msgstr "Produciuse un erro descoñecido ao executar apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/he.po b/po/he.po index 4a44bc72d..8175d0ebb 100644 --- a/po/he.po +++ b/po/he.po @@ -1810,11 +1810,11 @@ msgstr "" #: methods/gpgv.cc:232 #, c-format -msgid "Could not execute '%s' to verify signature (is gpgv installed?)" +msgid "Could not execute '%s' to verify signature (is gnupg installed?)" msgstr "" #: methods/gpgv.cc:237 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:271 methods/gpgv.cc:278 diff --git a/po/hu.po b/po/hu.po index 26a1bfa5c..9acff5c86 100644 --- a/po/hu.po +++ b/po/hu.po @@ -1050,9 +1050,9 @@ msgid "At least one invalid signature was encountered." msgstr "Legalább egy aláírás érvénytelen." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Nem indítható el a „gpgv” az aláírás ellenőrzéséhez (telepítve van a gpgv?)" +"Nem indítható el a „apt-key” az aláírás ellenőrzéséhez (telepítve van a gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1063,8 +1063,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Ismeretlen gpgv futtatási hiba" +msgid "Unknown error executing apt-key" +msgstr "Ismeretlen apt-key futtatási hiba" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/it.po b/po/it.po index c0ad782a7..050b56111 100644 --- a/po/it.po +++ b/po/it.po @@ -1093,9 +1093,9 @@ msgid "At least one invalid signature was encountered." msgstr "È stata trovata almeno una firma non valida." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Impossibile eseguire \"gpgv\" per verificare la firma (forse gpgv non è " +"Impossibile eseguire \"apt-key\" per verificare la firma (forse gnupg non è " "installato)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1109,8 +1109,8 @@ msgstr "" "richiede autenticazione?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Errore sconosciuto durante l'esecuzione di gpgv" +msgid "Unknown error executing apt-key" +msgstr "Errore sconosciuto durante l'esecuzione di apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/ja.po b/po/ja.po index c62ff95f7..90e3e1757 100644 --- a/po/ja.po +++ b/po/ja.po @@ -1084,9 +1084,9 @@ msgid "At least one invalid signature was encountered." msgstr "少なくとも 1 つの不正な署名が発見されました。" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"署名を検証するための 'gpgv' の実行ができませんでした (gpgv はインストールされ" +"署名を検証するための 'apt-key' の実行ができませんでした (gnupg はインストールされ" "ていますか?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' diff --git a/po/km.po b/po/km.po index 0e95cd985..ae00856f0 100644 --- a/po/km.po +++ b/po/km.po @@ -1005,8 +1005,8 @@ msgstr "​បានជួប​ប្រទះ​​​​ហត្ថលេខ #: methods/gpgv.cc:174 #, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "មិន​អាច​ប្រតិបត្តិ '%s' ដើម្បី​ផ្ទៀងផ្ទាត់​ហត្ថលេខា (តើ gpgv ត្រូវ​បាន​ដំឡើង​ឬនៅ ?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "មិន​អាច​ប្រតិបត្តិ 'apt-key' ដើម្បី​ផ្ទៀងផ្ទាត់​ហត្ថលេខា (តើ gnupg ត្រូវ​បាន​ដំឡើង​ឬនៅ ?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1017,8 +1017,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "មិនស្គាល់កំហុស ក្នុងការប្រតិបត្តិ gpgv" +msgid "Unknown error executing apt-key" +msgstr "មិនស្គាល់កំហុស ក្នុងការប្រតិបត្តិ apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/ko.po b/po/ko.po index 7ec20a7e7..661da2bde 100644 --- a/po/ko.po +++ b/po/ko.po @@ -1011,9 +1011,9 @@ msgid "At least one invalid signature was encountered." msgstr "최소한 하나 이상의 서명이 잘못되었습니다." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"서명을 확인하는 'gpgv' 프로그램을 실행할 수 없습니다. (gpgv를 설치했습니까?)" +"서명을 확인하는 'apt-key' 프로그램을 실행할 수 없습니다. (gnupg를 설치했습니까?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1024,8 +1024,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "gpgv 실행 도중 알 수 없는 오류 발생" +msgid "Unknown error executing apt-key" +msgstr "apt-key 실행 도중 알 수 없는 오류 발생" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/ku.po b/po/ku.po index 95c84ae0d..0aaa66c33 100644 --- a/po/ku.po +++ b/po/ku.po @@ -923,7 +923,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -935,8 +935,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Di xebitandina gpgv de çewtiya nenas" +msgid "Unknown error executing apt-key" +msgstr "Di xebitandina apt-key de çewtiya nenas" #: methods/gpgv.cc:217 methods/gpgv.cc:224 #, fuzzy diff --git a/po/lt.po b/po/lt.po index 9c1c549a3..e66708cdc 100644 --- a/po/lt.po +++ b/po/lt.po @@ -928,7 +928,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -940,8 +940,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Nežinoma klaida kviečiant gpgv" +msgid "Unknown error executing apt-key" +msgstr "Nežinoma klaida kviečiant apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/mr.po b/po/mr.po index 6dd53b8a7..3031722b7 100644 --- a/po/mr.po +++ b/po/mr.po @@ -1002,9 +1002,9 @@ msgstr "किमान एक अवैध सही सापडली." #: methods/gpgv.cc:174 #, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"सहीची खात्री करण्यासाठी '%s' कार्यान्वित करू शकत नाही (gpgv संस्थापित केले आहे का?)" +"सहीची खात्री करण्यासाठी 'apt-key' कार्यान्वित करू शकत नाही (gnupg संस्थापित केले आहे का?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1015,8 +1015,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "gpgv कार्यान्वित होत असताना अपरिचित त्रुटी" +msgid "Unknown error executing apt-key" +msgstr "apt-key कार्यान्वित होत असताना अपरिचित त्रुटी" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/nb.po b/po/nb.po index bc1e296d7..12da02f47 100644 --- a/po/nb.po +++ b/po/nb.po @@ -1017,9 +1017,9 @@ msgid "At least one invalid signature was encountered." msgstr "Minst en ugyldig signatur ble funnet." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Klarte ikke kjøre «gpgv» for å verifisere signaturen (er gpgv installert?)" +"Klarte ikke kjøre «apt-key» for å verifisere signaturen (er gnupg installert?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1030,8 +1030,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Ukjent feil ved kjøring av gpgv" +msgid "Unknown error executing apt-key" +msgstr "Ukjent feil ved kjøring av apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/ne.po b/po/ne.po index 7c0d06837..0d61a52be 100644 --- a/po/ne.po +++ b/po/ne.po @@ -1002,9 +1002,8 @@ msgid "At least one invalid signature was encountered." msgstr "कम्तिमा एउटा अवैध हस्ताक्षर विरोध भयो ।" #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "हस्ताक्षर रूजू गर्न '%s' कार्यन्वयन गर्न सकिएन (के gpgv स्थापना भयो?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "हस्ताक्षर रूजू गर्न 'apt-key' कार्यन्वयन गर्न सकिएन (के gnupg स्थापना भयो?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1015,8 +1014,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "gpgv कार्यन्वयन गर्दा अज्ञात त्रुटि" +msgid "Unknown error executing apt-key" +msgstr "apt-key कार्यन्वयन गर्दा अज्ञात त्रुटि" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/nl.po b/po/nl.po index 12e1602b9..c333ae9f9 100644 --- a/po/nl.po +++ b/po/nl.po @@ -1032,9 +1032,9 @@ msgid "At least one invalid signature was encountered." msgstr "Er is tenminste één ongeldige ondertekening gevonden." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Kon 'gpgv' niet uitvoeren om ondertekening te verifiëren (is gpgv " +"Kon 'apt-key' niet uitvoeren om ondertekening te verifiëren (is gnupg " "geïnstalleerd?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1046,8 +1046,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Onbekende fout bij het uitvoeren van gpgv" +msgid "Unknown error executing apt-key" +msgstr "Onbekende fout bij het uitvoeren van apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/nn.po b/po/nn.po index aeec41940..40f77e8be 100644 --- a/po/nn.po +++ b/po/nn.po @@ -1012,7 +1012,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1024,7 +1024,7 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:217 methods/gpgv.cc:224 diff --git a/po/pl.po b/po/pl.po index d3829cb6d..1646a47e8 100644 --- a/po/pl.po +++ b/po/pl.po @@ -1060,9 +1060,9 @@ msgid "At least one invalid signature was encountered." msgstr "Napotkano przynajmniej jeden nieprawidłowy podpis." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Nie udało się uruchomić gpgv by zweryfikować podpis (czy gpgv jest " +"Nie udało się uruchomić apt-key by zweryfikować podpis (czy gnupg jest " "zainstalowane?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1074,8 +1074,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Nieznany błąd podczas uruchamiania gpgv" +msgid "Unknown error executing apt-key" +msgstr "Nieznany błąd podczas uruchamiania apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/pt.po b/po/pt.po index 589af3181..b17fb0380 100644 --- a/po/pt.po +++ b/po/pt.po @@ -1050,9 +1050,9 @@ msgid "At least one invalid signature was encountered." msgstr "Pelo menos uma assinatura inválida foi encontrada." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Não foi possível executar 'gpgv' para verificar a assinatura (o gpgv está " +"Não foi possível executar 'apt-key' para verificar a assinatura (o gnupg está " "instalado?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1064,8 +1064,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Erro desconhecido ao executar gpgv" +msgid "Unknown error executing apt-key" +msgstr "Erro desconhecido ao executar apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/pt_BR.po b/po/pt_BR.po index 87575301a..0be44e8af 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -1022,10 +1022,9 @@ msgid "At least one invalid signature was encountered." msgstr "Ao menos uma assinatura inválida foi encontrada." #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Não foi possível executar '%s' para verificar a assinatura (o gpgv está " +"Não foi possível executar 'apt-key' para verificar a assinatura (o gnupg está " "instalado?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1037,8 +1036,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Erro desconhecido executando gpgv" +msgid "Unknown error executing apt-key" +msgstr "Erro desconhecido executando apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/ro.po b/po/ro.po index 43c5bce69..191cd5a44 100644 --- a/po/ro.po +++ b/po/ro.po @@ -1023,10 +1023,9 @@ msgid "At least one invalid signature was encountered." msgstr "Cel puțin o semnătură nevalidă a fost întâlnită." #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Nu s-a putut executa „%s” pentru verificarea semnăturii (gpgv este instalat?)" +"Nu s-a putut executa „apt-key” pentru verificarea semnăturii (gnupg este instalat?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1037,8 +1036,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Eroare necunoscută în timp ce se execută gpgv" +msgid "Unknown error executing apt-key" +msgstr "Eroare necunoscută în timp ce se execută apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/ru.po b/po/ru.po index f24e513e6..35dc160e1 100644 --- a/po/ru.po +++ b/po/ru.po @@ -1059,8 +1059,8 @@ msgid "At least one invalid signature was encountered." msgstr "Найдена как минимум одна неправильная подпись." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Не удалось выполнить «gpgv» для проверки подписи (gpgv установлена?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Не удалось выполнить «apt-key» для проверки подписи (gnupg установлена?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1071,8 +1071,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Неизвестная ошибка при выполнении gpgv" +msgid "Unknown error executing apt-key" +msgstr "Неизвестная ошибка при выполнении apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/sk.po b/po/sk.po index a9f4d2695..855f309d2 100644 --- a/po/sk.po +++ b/po/sk.po @@ -1039,8 +1039,8 @@ msgid "At least one invalid signature was encountered." msgstr "Bola zistená aspoň jedna nesprávna signatúra." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Nedá sa spustiť „gpgv“ kvôli overeniu podpisu (je nainštalované gpgv?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Nedá sa spustiť „apt-key“ kvôli overeniu podpisu (je nainštalované gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1051,8 +1051,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Neznáma chyba pri spustení gpgv" +msgid "Unknown error executing apt-key" +msgstr "Neznáma chyba pri spustení apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/sl.po b/po/sl.po index dcca81d87..536d99465 100644 --- a/po/sl.po +++ b/po/sl.po @@ -1036,8 +1036,8 @@ msgid "At least one invalid signature was encountered." msgstr "Najden je bil vsaj en neveljaven podpis." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Ni mogoče izvesti 'gpgv' za preverjanje podpisa (je gpgv nameščen?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Ni mogoče izvesti 'apt-key' za preverjanje podpisa (je gnupg nameščen?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1048,8 +1048,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Neznana napaka med izvajanjem gpgv" +msgid "Unknown error executing apt-key" +msgstr "Neznana napaka med izvajanjem apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/sv.po b/po/sv.po index b08ceb29f..d761c5c38 100644 --- a/po/sv.po +++ b/po/sv.po @@ -1025,9 +1025,9 @@ msgid "At least one invalid signature was encountered." msgstr "Minst en ogiltig signatur träffades på." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Kunde inte köra \"gpgv\" för att verifiera signatur (är gpgv installerad?)" +"Kunde inte köra \"apt-key\" för att verifiera signatur (är gnupg installerad?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1038,8 +1038,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Okänt fel vid körning av gpgv" +msgid "Unknown error executing apt-key" +msgstr "Okänt fel vid körning av apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/th.po b/po/th.po index b6d436a9a..d241c1314 100644 --- a/po/th.po +++ b/po/th.po @@ -1052,8 +1052,8 @@ msgid "At least one invalid signature was encountered." msgstr "พบลายเซ็นที่ใช้การไม่ได้อย่างน้อยหนึ่งรายการ" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "ไม่สามารถเรียก 'gpgv' เพื่อตรวจสอบลายเซ็น (ได้ติดตั้ง gpgv ไว้หรือไม่?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "ไม่สามารถเรียก 'apt-key' เพื่อตรวจสอบลายเซ็น (ได้ติดตั้ง gnupg ไว้หรือไม่?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1066,8 +1066,8 @@ msgstr "" "'%s' (เครือข่ายต้องยืนยันตัวบุคคลหรือไม่?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "เกิดข้อผิดพลาดไม่ทราบสาเหตุขณะเรียก gpgv" +msgid "Unknown error executing apt-key" +msgstr "เกิดข้อผิดพลาดไม่ทราบสาเหตุขณะเรียก apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/tl.po b/po/tl.po index e240e377a..e1186c424 100644 --- a/po/tl.po +++ b/po/tl.po @@ -1017,10 +1017,9 @@ msgid "At least one invalid signature was encountered." msgstr "Hindi kukulang sa isang hindi tanggap na lagda ang na-enkwentro." #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Hindi maitakbo ang '%s' upang maberipika ang lagda (nakaluklok ba ang gpgv?)" +"Hindi maitakbo ang 'apt-key' upang maberipika ang lagda (nakaluklok ba ang gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1031,8 +1030,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Hindi kilalang error sa pag-execute ng gpgv" +msgid "Unknown error executing apt-key" +msgstr "Hindi kilalang error sa pag-execute ng apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/tr.po b/po/tr.po index 3aec2d65f..b0a08c46d 100644 --- a/po/tr.po +++ b/po/tr.po @@ -1077,8 +1077,8 @@ msgid "At least one invalid signature was encountered." msgstr "En az bir geçersiz imza ile karşılaşıldı." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "İmza doğrulama için 'gpgv' çalıştırılamadı (gpgv kurulu mu?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "İmza doğrulama için 'apt-key' çalıştırılamadı (gnupg kurulu mu?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1091,8 +1091,8 @@ msgstr "" "gerektiriyor mu?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "gpgv çalıştırılırken bilinmeyen hata" +msgid "Unknown error executing apt-key" +msgstr "apt-key çalıştırılırken bilinmeyen hata" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/uk.po b/po/uk.po index a5c7d7cf8..910e48dbf 100644 --- a/po/uk.po +++ b/po/uk.po @@ -1057,8 +1057,8 @@ msgid "At least one invalid signature was encountered." msgstr "Знайдено як мінімум один невірний підпис." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Неможливо виконати 'gpgv' для перевірки підпису (чи встановлено gpgv?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Неможливо виконати 'apt-key' для перевірки підпису (чи встановлено gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1069,8 +1069,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Невідома помилка виконання gpgv" +msgid "Unknown error executing apt-key" +msgstr "Невідома помилка виконання apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/vi.po b/po/vi.po index 87ec3b722..2532d68bf 100644 --- a/po/vi.po +++ b/po/vi.po @@ -1092,9 +1092,9 @@ msgid "At least one invalid signature was encountered." msgstr "Gặp ít nhất một chữ ký không hợp lệ." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Không thể thực hiện “gpgv” để thẩm tra chữ ký (gpgv đã được cài đặt chưa?)" +"Không thể thực hiện “apt-key” để thẩm tra chữ ký (gnupg đã được cài đặt chưa?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1107,8 +1107,8 @@ msgstr "" "không?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Gặp lỗi không rõ khi thực hiện gpgv" +msgid "Unknown error executing apt-key" +msgstr "Gặp lỗi không rõ khi thực hiện apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/zh_CN.po b/po/zh_CN.po index c06970a01..79e433f3d 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -1006,8 +1006,8 @@ msgid "At least one invalid signature was encountered." msgstr "至少发现一个无效的签名。" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "无法运行 gpgv 以验证签名(您安装了 gpgv 吗?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "无法运行 apt-key 以验证签名(您安装了 gnupg 吗?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1018,8 +1018,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "运行 gpgv 时发生未知错误" +msgid "Unknown error executing apt-key" +msgstr "运行 apt-key 时发生未知错误" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/zh_TW.po b/po/zh_TW.po index 9d6b7d2ea..c39e039af 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -998,9 +998,8 @@ msgid "At least one invalid signature was encountered." msgstr "至少發現一個無效的簽章。" #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "無法執行 '%s' 來驗證簽章(gpgv 是否安裝了?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "無法執行 'apt-key' 來驗證簽章(gnupg 是否安裝了?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1011,8 +1010,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "在執行 gpgv 時發生未知的錯誤" +msgid "Unknown error executing apt-key" +msgstr "在執行 apt-key 時發生未知的錯誤" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" -- cgit v1.2.3 From 059911800900a42c4246f1e209b51656055215b2 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 26 Jan 2014 17:37:00 +0100 Subject: delay gnupg setup in apt-key until it is needed 'apt-key help' and incorrect usage do not need a functioning gnupg setup, as well as we shouldn't try to setup gnupg before we actually test if it is available (and print a message if it is not). --- cmdline/apt-key.in | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 9d8e60ec0..b8fdfe121 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -3,28 +3,6 @@ set -e unset GREP_OPTIONS -GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" - -# gpg needs (in different versions more or less) files to function correctly, -# so we give it its own homedir and generate some valid content for it -GPGHOMEDIR="$(mktemp -d)" -CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';" -trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM -chmod 700 "$GPGHOMEDIR" -# We don't use a secret keyring, of course, but gpg panics and -# implodes if there isn't one available - and writeable for imports -SECRETKEYRING="${GPGHOMEDIR}/secring.gpg" -touch $SECRETKEYRING -GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR" -# create the trustdb with an (empty) dummy keyring -# older gpgs required it, newer gpgs even warn that it isn't needed, -# but require it nonetheless for some commands, so we just play safe -# here for the foreseeable future and create a dummy one -$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1 -# tell gpg that it shouldn't try to maintain a trustdb file -GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" -GPG="$GPG_CMD" - APT_DIR="/" eval $(apt-config shell APT_DIR Dir) @@ -331,6 +309,28 @@ if [ "$command" != "help" ]; then echo >&2 fi + GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" + + # gpg needs (in different versions more or less) files to function correctly, + # so we give it its own homedir and generate some valid content for it + GPGHOMEDIR="$(mktemp -d)" + CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';" + trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM + chmod 700 "$GPGHOMEDIR" + # We don't use a secret keyring, of course, but gpg panics and + # implodes if there isn't one available - and writeable for imports + SECRETKEYRING="${GPGHOMEDIR}/secring.gpg" + touch $SECRETKEYRING + GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR" + # create the trustdb with an (empty) dummy keyring + # older gpgs required it, newer gpgs even warn that it isn't needed, + # but require it nonetheless for some commands, so we just play safe + # here for the foreseeable future and create a dummy one + $GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1 + # tell gpg that it shouldn't try to maintain a trustdb file + GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" + GPG="$GPG_CMD" + # gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. if ! [ -e "$TRUSTEDFILE" ]; then if [ -w "$(dirname "$TRUSTEDFILE")" ]; then -- cgit v1.2.3 From 93d0d08cdd6854f9bfb779c13b5b78cd6ed263aa Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 26 Jan 2014 18:28:50 +0100 Subject: support gnupg2 as drop-in replacement for gnupg If both are available APT will still prefer gpg over gpg2 as it is a bit more lightweight, but it shouldn't be a problem to use one or the other (at least at the moment, who knows what will happen in the future). --- cmdline/apt-key.in | 17 +++- debian/control | 2 +- test/integration/test-apt-key | 191 ++++++++++++++++++++++++------------------ 3 files changed, 122 insertions(+), 88 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index b8fdfe121..12aee9750 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -303,13 +303,22 @@ fi shift if [ "$command" != "help" ]; then - if ! which gpg >/dev/null 2>&1; then - echo >&2 "Warning: gnupg does not seem to be installed." - echo >&2 "Warning: apt-key requires gnupg for most operations." + eval $(apt-config shell GPG_EXE Apt::Key::gpgcommand) + + if [ -n "$GPG_EXE" ] && which "$GPG_EXE" >/dev/null 2>&1; then + true + elif which gpg >/dev/null 2>&1; then + GPG_EXE="gpg" + elif which gpg2 >/dev/null 2>&1; then + GPG_EXE="gpg2" + else + echo >&2 "Error: gnupg or gnupg2 do not seem to be installed," + echo >&2 "Error: but apt-key requires gnupg or gnupg2 for operation." echo >&2 + exit 255 fi - GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" + GPG_CMD="$GPG_EXE --ignore-time-conflict --no-options --no-default-keyring" # gpg needs (in different versions more or less) files to function correctly, # so we give it its own homedir and generate some valid content for it diff --git a/debian/control b/debian/control index 51bb85d30..b86e828c5 100644 --- a/debian/control +++ b/debian/control @@ -18,7 +18,7 @@ XS-Testsuite: autopkgtest Package: apt Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gnupg +Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gnupg | gnupg2 Replaces: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~) Breaks: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~) Conflicts: python-apt (<< 0.7.93.2~) diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 68b3f9710..99ce855d4 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -7,101 +7,126 @@ TESTDIR=$(readlink -f $(dirname $0)) setupenvironment configarchitecture 'amd64' -msgtest 'Check that paths in list output are not' 'double-slashed' -aptkey list 2>&1 | grep -q '//' && msgfail || msgpass - -msgtest 'Check that paths in finger output are not' 'double-slashed' -aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass +# start from a clean plate again +cleanplate() { + rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg + mkdir rootdir/etc/apt/trusted.gpg.d/ +} echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub"; APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' +testrun() { + cleanplate + ln -sf ${TMPWORKINGDIRECTORY}/keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed -gpg: Total number processed: 1 -gpg: unchanged: 1' aptkey --fakeroot update + msgtest 'Check that paths in list output are not' 'double-slashed' + aptkey list 2>&1 | grep -q '//' && msgfail || msgpass -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + msgtest 'Check that paths in finger output are not' 'double-slashed' + aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass -testsuccess aptkey --fakeroot add ./keys/rexexpired.pub - -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] -pub 2048R/DBAC8DAE 2010-08-18' + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' -msgtest 'Execute update again to trigger removal of' 'Rex Expired key' -testsuccess --nomsg aptkey --fakeroot update + testequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed +gpg: Total number processed: 1 +gpg: unchanged: 1' aptkey --fakeroot update -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' -msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring' -testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE + testsuccess aptkey --fakeroot add ./keys/rexexpired.pub -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] +pub 2048R/DBAC8DAE 2010-08-18' -testsuccess aptkey --fakeroot del DBAC8DAE -testempty aptkey list + msgtest 'Execute update again to trigger removal of' 'Rex Expired key' + testsuccess --nomsg aptkey --fakeroot update + + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + + msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring' + testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE + + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + + testsuccess aptkey --fakeroot del DBAC8DAE + testempty aptkey list + + msgtest 'Test key removal with' 'single key in real file' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + + msgtest 'Test key removal with' 'single key in softlink' + cleanplate + ln -s $(readlink -f ./keys/joesixpack.pub) rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + + cleanplate + testsuccess aptkey --fakeroot add ./keys/joesixpack.pub + testsuccess aptkey --fakeroot add ./keys/marvinparanoid.pub + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' + cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse + + msgtest 'Test key removal with' 'multi key in real file' + cleanplate + cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + + msgtest 'Test key removal with' 'multi key in softlink' + cleanplate + ln -s $(readlink -f ./keys/testcase-multikey.pub) rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + testsuccess test ! -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + + msgtest 'Test key removal with' 'multiple files including key' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ +} -# start from a clean plate again -cleanplate() { - rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg - mkdir rootdir/etc/apt/trusted.gpg.d/ +setupgpgcommand() { + echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd + msgtest 'Test that apt-key uses for the following tests command' "$1" + aptkey adv --version >aptkey.version 2>&1 + if grep -q "^Executing: $1 --" aptkey.version; then + msgpass + else + cat aptkey.version + msgfail + fi } -msgtest 'Test key removal with' 'single key in real file' -cleanplate -cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -testempty aptkey list -testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ - -msgtest 'Test key removal with' 'single key in softlink' -cleanplate -ln -s $(readlink -f ./keys/joesixpack.pub) rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -testempty aptkey list -testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ - -cleanplate -testsuccess aptkey --fakeroot add ./keys/joesixpack.pub -testsuccess aptkey --fakeroot add ./keys/marvinparanoid.pub -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18 -pub 2048R/528144E2 2011-01-16' -cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse - -msgtest 'Test key removal with' 'multi key in real file' -cleanplate -cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' -testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ - -msgtest 'Test key removal with' 'multi key in softlink' -cleanplate -ln -s $(readlink -f ./keys/testcase-multikey.pub) rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' -testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ -testsuccess test ! -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ - -msgtest 'Test key removal with' 'multiple files including key' -cleanplate -cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' -testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ -testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ +# run with default (whatever this is) +testrun +# run with … +setupgpgcommand 'gpg' +testrun +setupgpgcommand 'gpg2' +testrun -- cgit v1.2.3 From 0740a31033739ba30e7cb6754111f968167cbbf5 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 26 Jan 2014 19:14:13 +0100 Subject: respect --keyring also in merged keyring commands Git-Dch: Ignore --- cmdline/apt-key.in | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 12aee9750..c54b608e1 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -231,14 +231,16 @@ import_keys_from_keyring() { } setup_merged_keyring() { - local TRUSTEDFILE_BAK="$TRUSTEDFILE" - TRUSTEDFILE='/dev/null' - foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/trusted.gpg" - TRUSTEDFILE="$TRUSTEDFILE_BAK" - # mark it as non-writeable so users get errors if gnupg tries to modify it - if [ -s "${GPGHOMEDIR}/trusted.gpg" ]; then - chmod -w "${GPGHOMEDIR}/trusted.gpg" - GPG="$GPG --keyring ${GPGHOMEDIR}/trusted.gpg" + if [ -z "$FORCED_KEYRING" ]; then + local TRUSTEDFILE_BAK="$TRUSTEDFILE" + TRUSTEDFILE='/dev/null' + foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg" + TRUSTEDFILE="$TRUSTEDFILE_BAK" + # mark it as non-writeable so users get errors if gnupg tries to modify it + if [ -s "${GPGHOMEDIR}/pubring.gpg" ]; then + chmod -w "${GPGHOMEDIR}/pubring.gpg" + GPG="$GPG --keyring ${GPGHOMEDIR}/pubring.gpg" + fi fi if [ -r "$TRUSTEDFILE" ]; then GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE" -- cgit v1.2.3 From f1e1abd88a2a7f147c79b99956f88d37ab14e038 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 26 Jan 2014 19:23:58 +0100 Subject: use apt-key to wrap gpg calls in testcases beside testing apt-key a bit it also avoids duplicating gpghome setup code in apt-key and the test framework Git-Dch: Ignore --- test/integration/framework | 40 +++++++++------------------------------- 1 file changed, 9 insertions(+), 31 deletions(-) diff --git a/test/integration/framework b/test/integration/framework index a9ba0014f..1ab01b20a 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -133,13 +133,6 @@ gdb() { shift runapt command gdb --quiet -ex run "${BUILDDIRECTORY}/$CMD" --args "${BUILDDIRECTORY}/$CMD" "$@" } -gpg() { - # see apt-key for the whole trickery. Setup is done in setupenvironment - command gpg --ignore-time-conflict --no-options --no-default-keyring \ - --homedir "${TMPWORKINGDIRECTORY}/gnupghome" \ - --no-auto-check-trustdb --trust-model always \ - "$@" -} exitwithstatus() { # error if we about to overflow, but ... @@ -239,19 +232,6 @@ setupenvironment() { echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary configcompression '.' 'gz' #'bz2' 'lzma' 'xz' - # gpg needs a trustdb to function, but it can't be invalid (not even empty) - # see also apt-key where this trickery comes from: - local TRUSTDBDIR="${TMPWORKINGDIRECTORY}/gnupghome" - mkdir "$TRUSTDBDIR" - chmod 700 "$TRUSTDBDIR" - # We also don't use a secret keyring, of course, but gpg panics and - # implodes if there isn't one available - and writeable for imports - local SECRETKEYRING="${TRUSTDBDIR}/secring.gpg" - touch $SECRETKEYRING - # now create the trustdb with an (empty) dummy keyring - # newer gpg versions are fine without it, but play it safe for now - gpg --quiet --check-trustdb --secret-keyring $SECRETKEYRING --keyring $SECRETKEYRING >/dev/null 2>&1 - # cleanup the environment a bit # prefer our apt binaries over the system apt binaries export PATH="${BUILDDIRECTORY}:${PATH}:/usr/local/sbin:/usr/sbin:/sbin" @@ -449,8 +429,8 @@ Package: $NAME" >> ${BUILDDIR}/debian/control | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist # if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then -# gpg --yes --secret-keyring ./keys/joesixpack.sec \ -# --keyring ./keys/joesixpack.pub --default-key 'Joe Sixpack' \ +# aptkey --keyring ./keys/joesixpack.pub --quiet adv --yes \ +# --secret-keyring ./keys/joesixpack.sec --default-key 'Joe Sixpack' \ # --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # fi @@ -835,8 +815,9 @@ setupaptarchive() { signreleasefiles() { local SIGNER="${1:-Joe Sixpack}" - local GPG="gpg --batch --yes" - msgninfo "\tSign archive with $SIGNER key… " + local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" + local GPG="aptkey --quiet --keyring ${KEY}.pub adv --batch --yes --secret-keyring ${KEY}.sec" + msgninfo "\tSign archive with $SIGNER key $KEY… " local REXKEY='keys/rexexpired' local SECEXPIREBAK="${REXKEY}.sec.bak" local PUBEXPIREBAK="${REXKEY}.pub.bak" @@ -852,17 +833,14 @@ signreleasefiles() { cp $SECUNEXPIRED ${REXKEY}.sec cp $PUBUNEXPIRED ${REXKEY}.pub else - printf "expire\n1w\nsave\n" | $GPG --keyring ${REXKEY}.pub --secret-keyring ${REXKEY}.sec --command-fd 0 --edit-key "${SIGNER}" >/dev/null 2>&1 || true + if ! printf "expire\n1w\nsave\n" | $GPG --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then + cat setexpire.gpg + exit 1 + fi cp ${REXKEY}.sec $SECUNEXPIRED cp ${REXKEY}.pub $PUBUNEXPIRED fi fi - for KEY in $(find keys/ -name '*.sec'); do - GPG="$GPG --secret-keyring $KEY" - done - for KEY in $(find keys/ -name '*.pub'); do - GPG="$GPG --keyring $KEY" - done for RELEASE in $(find aptarchive/ -name Release); do $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output ${RELEASE}.gpg ${RELEASE} local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')" -- cgit v1.2.3 From 38005d8b24bb81f4862d2c2a228e4a49a2af4ccd Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 27 Jan 2014 16:59:46 +0100 Subject: add a test for apt-key export{,all} Git-Dch: Ignore --- cmdline/apt-key.in | 4 ++-- test/integration/test-apt-key | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index c54b608e1..a3f8dde3a 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -380,8 +380,8 @@ case "$command" in foreach_keyring_do 'fingerprint_keys_from_keyring' "$@" ;; export|exportall) - foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/trusted.gpg" - $GPG_CMD --keyring "${GPGHOMEDIR}/trusted.gpg" --armor --export "$@" + foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg" + $GPG_CMD --keyring "${GPGHOMEDIR}/pubring.gpg" --armor --export "$@" ;; adv*) setup_merged_keyring diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 99ce855d4..e863e54a4 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -42,6 +42,13 @@ gpg: unchanged: 1' aptkey --fakeroot update testfileequal ./aptkey.list 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] pub 2048R/DBAC8DAE 2010-08-18' + msgtest 'Check that Sixpack key can be' 'exported' + aptkey export 'Sixpack' > aptkey.export + aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall + testsuccess --nomsg cmp aptkey.export aptkey.exportall + testsuccess test -s aptkey.export + testsuccess test -s aptkey.exportall + msgtest 'Execute update again to trigger removal of' 'Rex Expired key' testsuccess --nomsg aptkey --fakeroot update -- cgit v1.2.3 From ba72845c07b2682f251dc7661869d20095260f8f Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 27 Jan 2014 17:04:53 +0100 Subject: allow to specify fingerprints in 'apt-key del' --- cmdline/apt-key.in | 21 +++++++++++++++++---- test/integration/test-apt-key | 8 ++++++++ test/integration/test-apt-key-net-update | 2 +- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index a3f8dde3a..74ca4d135 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -25,6 +25,19 @@ requires_root() { fi } +get_fingerprints_of_keyring() { + $GPG_CMD --keyring "$1" --with-colons --fingerprint | while read publine; do + # search for a public key + if [ "${publine%%:*}" != 'pub' ]; then continue; fi + # search for the associated fingerprint (should be the very next line) + while read fprline; do + if [ "${fprline%%:*}" = 'sub' ]; then break; # should never happen + elif [ "${fprline%%:*}" != 'fpr' ]; then continue; fi + echo "$fprline" | cut -d':' -f 10 + done + done +} + add_keys_with_verify_against_master_keyring() { ADD_KEYRING=$1 MASTER=$2 @@ -42,7 +55,7 @@ add_keys_with_verify_against_master_keyring() { # is honored. so: # all keys that are exported must have a valid signature # from a key in the $distro-master-keyring - add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` + add_keys="$(get_fingerprints_of_keyring "$ADD_KEYRING")" all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5` master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` @@ -133,7 +146,7 @@ update() { if [ -r "$REMOVED_KEYS" ]; then # remove no-longer supported/used keys - $GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5 | while read key; do + get_fingerprints_of_keyring "$REMOVED_KEYS" | while read key; do foreach_keyring_do 'remove_key_from_keyring' "$key" done else @@ -154,7 +167,7 @@ remove_key_from_keyring() { local KEY="$1" shift # check if the key is in this keyring: the key id is in the 5 column at the end - if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]*${KEY}:"; then + if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -q "^[0-9A-F]*${KEY}$"; then continue fi if [ ! -w "$KEYRINGFILE" ]; then @@ -162,7 +175,7 @@ remove_key_from_keyring() { continue fi # check if it is the only key in the keyring and if so remove the keyring altogether - if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then + if [ '1' = "$(get_fingerprints_of_keyring "$KEYRINGFILE" | wc -l)" ]; then mv -f "$KEYRINGFILE" "${KEYRINGFILE}~" # behave like gpg return fi diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index e863e54a4..6bece40d7 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -72,6 +72,14 @@ pub 2048R/DBAC8DAE 2010-08-18' testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + msgtest 'Test key removal with' 'fingerprint' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + msgtest 'Test key removal with' 'single key in softlink' cleanplate ln -s $(readlink -f ./keys/joesixpack.pub) rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update index b5fb796d0..b3c118555 100755 --- a/test/integration/test-apt-key-net-update +++ b/test/integration/test-apt-key-net-update @@ -41,7 +41,7 @@ echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf # test against the "real" webserver testequal "Checking for new archive signing keys now -Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update +Key 'DE66AECA9151AFA1877EC31DE8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update aptkey list | grep '^pub' > aptkey.list testfileequal ./aptkey.list 'pub 1024R/F68C85A3 2013-12-19 -- cgit v1.2.3 From bd7fb5aa31f58917e8630f2981e78d190d465198 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 27 Jan 2014 18:26:44 +0100 Subject: add --secret-keyring option for apt-key For some advanced usecases it might be handy to specify the secret keyring to be used (e.g. as it is used in the testcases), but specifying it via a normal option for gnupg might not be available forever: http://lists.gnupg.org/pipermail/gnupg-users/2013-August/047180.html Git-Dch: Ignore --- cmdline/apt-key.in | 11 +++++++++++ test/integration/framework | 6 +++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 74ca4d135..36824b6ec 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -287,6 +287,11 @@ while [ -n "$1" ]; do FORCED_KEYRING="$1" shift ;; + --secret-keyring) + shift + FORCED_SECRET_KEYRING="$1" + shift + ;; --fakeroot) requires_root() { true; } shift @@ -355,6 +360,12 @@ if [ "$command" != "help" ]; then GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" GPG="$GPG_CMD" + # for advanced operations, we might really need a secret keyring after all + if [ -n "$FORCED_SECRET_KEYRING" ] && [ -r "$FORCED_SECRET_KEYRING" ]; then + rm -f "$SECRETKEYRING" + cp -a "$FORCED_SECRET_KEYRING" "$SECRETKEYRING" + fi + # gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. if ! [ -e "$TRUSTEDFILE" ]; then if [ -w "$(dirname "$TRUSTEDFILE")" ]; then diff --git a/test/integration/framework b/test/integration/framework index 1ab01b20a..50f16fb46 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -429,8 +429,8 @@ Package: $NAME" >> ${BUILDDIR}/debian/control | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist # if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then -# aptkey --keyring ./keys/joesixpack.pub --quiet adv --yes \ -# --secret-keyring ./keys/joesixpack.sec --default-key 'Joe Sixpack' \ +# aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet \ +# adv --yes --default-key 'Joe Sixpack' \ # --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # fi @@ -816,7 +816,7 @@ setupaptarchive() { signreleasefiles() { local SIGNER="${1:-Joe Sixpack}" local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" - local GPG="aptkey --quiet --keyring ${KEY}.pub adv --batch --yes --secret-keyring ${KEY}.sec" + local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec adv --batch --yes" msgninfo "\tSign archive with $SIGNER key $KEY… " local REXKEY='keys/rexexpired' local SECEXPIREBAK="${REXKEY}.sec.bak" -- cgit v1.2.3 From 0dae96a2b5e8ecd80a1b6e44961f1692ad4aec15 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 27 Jan 2014 22:07:16 +0100 Subject: use only one --keyring in gpg interactions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were down to at most two keyrings before, but gnupg upstream plans dropping support for multiple keyrings in the longrun, so with a single keyring we hope to be future proof – and 'apt-key adv' isn't a problem anymore as every change to the keys is merged back, so we have now the same behavior as before, but support an unlimited amount of trusted.gpg.d keyrings. --- cmdline/apt-key.in | 105 +++++++++++++++++++++++++++++++----------- test/integration/test-apt-key | 57 +++++++++++++++-------- 2 files changed, 116 insertions(+), 46 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 36824b6ec..9259fac0d 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -14,7 +14,6 @@ REMOVED_KEYS='&keyring-removed-filename;' eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys) ARCHIVE_KEYRING_URI='&keyring-uri;' eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI) -TMP_KEYRING=${APT_DIR}/var/lib/apt/keyrings/maybe-import-keyring.gpg aptkey_echo() { echo "$@"; } @@ -68,24 +67,28 @@ add_keys_with_verify_against_master_keyring() { fi done done - + for add_key in $add_keys; do # export the add keyring one-by-one - rm -f $TMP_KEYRING - $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key - # check if signed with the master key and only add in this case - ADDED=0 + local TMP_KEYRING="${GPGHOMEDIR}/tmp-keyring.gpg" + $GPG_CMD --batch --yes --keyring "$ADD_KEYRING" --output "$TMP_KEYRING" --export "$add_key" + if ! $GPG_CMD --batch --yes --keyring "$TMP_KEYRING" --import "$MASTER" > "${GPGHOMEDIR}/gpgoutput.log" 2>&1; then + cat "${GPGHOMEDIR}/gpgoutput.log" + false + fi + # check if signed with the master key and only add in this case + ADDED=0 for master_key in $master_keys; do - if $GPG_CMD --keyring $MASTER --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then - $GPG --import $TMP_KEYRING + if $GPG_CMD --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then + $GPG_CMD --batch --yes --keyring "$ADD_KEYRING" --export "$add_key" | $GPG --batch --yes --import ADDED=1 fi done if [ $ADDED = 0 ]; then echo >&2 "Key '$add_key' not added. It is not signed with a master key" fi + rm -f "${TMP_KEYRING}" done - rm -f $TMP_KEYRING } # update the current archive signing keyring from a network URI @@ -240,26 +243,75 @@ fingerprint_keys_from_keyring() { import_keys_from_keyring() { local IMPORT="$1" local KEYRINGFILE="$2" - $GPG_CMD --keyring "$KEYRINGFILE" --batch --import "$IMPORT" >/dev/null 2>&1 + if ! $GPG_CMD --keyring "$KEYRINGFILE" --batch --import "$IMPORT" > "${GPGHOMEDIR}/gpgoutput.log" 2>&1; then + cat "${GPGHOMEDIR}/gpgoutput.log" + false + fi +} + +merge_keys_into_keyrings() { + local KEYRINGFILE="$1" + local IMPORT="$2" + if ! $GPG_CMD --keyring "$KEYRINGFILE" --batch --import --import-options 'merge-only' "$IMPORT" > "${GPGHOMEDIR}/gpgoutput.log" 2>&1; then + cat "${GPGHOMEDIR}/gpgoutput.log" + false + fi +} + +merge_back_changes() { + if [ -n "$FORCED_KEYRING" ]; then + # if the keyring was forced merge is already done + return + fi + if [ -s "${GPGHOMEDIR}/pubring.gpg" ]; then + # merge all updated keys + foreach_keyring_do 'merge_keys_into_keyrings' "${GPGHOMEDIR}/pubring.gpg" + fi + # no look for keys which were added or removed + get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.orig.gpg" > "${GPGHOMEDIR}/pubring.orig.keylst" + get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.gpg" > "${GPGHOMEDIR}/pubring.keylst" + #echo >&2 "MERGE BACK" + sort "${GPGHOMEDIR}/pubring.keylst" "${GPGHOMEDIR}/pubring.orig.keylst" | uniq --unique | while read key; do + if grep -q "^${key}$" "${GPGHOMEDIR}/pubring.orig.keylst"; then + # key isn't part of new keyring, so remove + foreach_keyring_do 'remove_key_from_keyring' "$key" + elif grep -q "^${key}$" "${GPGHOMEDIR}/pubring.keylst"; then + # key is part of new keyring, so we need to import it + create_new_keyring "$TRUSTEDFILE" + if ! $GPG --batch --yes --export "$key" | $GPG_CMD --keyring "$TRUSTEDFILE" --batch --yes --import > "${GPGHOMEDIR}/gpgoutput.log" 2>&1; then + cat "${GPGHOMEDIR}/gpgoutput.log" + false + fi + else + echo >&2 "Errror: Key ${key} (dis)appeared out of nowhere" + fi + done } setup_merged_keyring() { if [ -z "$FORCED_KEYRING" ]; then - local TRUSTEDFILE_BAK="$TRUSTEDFILE" - TRUSTEDFILE='/dev/null' foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg" - TRUSTEDFILE="$TRUSTEDFILE_BAK" - # mark it as non-writeable so users get errors if gnupg tries to modify it - if [ -s "${GPGHOMEDIR}/pubring.gpg" ]; then - chmod -w "${GPGHOMEDIR}/pubring.gpg" - GPG="$GPG --keyring ${GPGHOMEDIR}/pubring.gpg" + if [ -r "${GPGHOMEDIR}/pubring.gpg" ]; then + cp -a "${GPGHOMEDIR}/pubring.gpg" "${GPGHOMEDIR}/pubring.orig.gpg" + else + touch "${GPGHOMEDIR}/pubring.gpg" "${GPGHOMEDIR}/pubring.orig.gpg" fi - fi - if [ -r "$TRUSTEDFILE" ]; then - GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE" + GPG="$GPG --keyring ${GPGHOMEDIR}/pubring.gpg" + else + GPG="$GPG --keyring $TRUSTEDFILE" + create_new_keyring "$TRUSTEDFILE" fi } +create_new_keyring() { + # gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. + if ! [ -e "$TRUSTEDFILE" ]; then + if [ -w "$(dirname "$TRUSTEDFILE")" ]; then + touch -- "$TRUSTEDFILE" + chmod 0644 -- "$TRUSTEDFILE" + fi + fi +} usage() { echo "Usage: apt-key [--keyring file] [command] [arguments]" @@ -365,14 +417,6 @@ if [ "$command" != "help" ]; then rm -f "$SECRETKEYRING" cp -a "$FORCED_SECRET_KEYRING" "$SECRETKEYRING" fi - - # gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. - if ! [ -e "$TRUSTEDFILE" ]; then - if [ -w "$(dirname "$TRUSTEDFILE")" ]; then - touch -- "$TRUSTEDFILE" - chmod 0644 -- "$TRUSTEDFILE" - fi - fi fi case "$command" in @@ -380,22 +424,26 @@ case "$command" in requires_root setup_merged_keyring $GPG --quiet --batch --import "$@" + merge_back_changes aptkey_echo "OK" ;; del|rm|remove) requires_root foreach_keyring_do 'remove_key_from_keyring' "$@" + merge_back_changes aptkey_echo "OK" ;; update) requires_root setup_merged_keyring update + merge_back_changes ;; net-update) requires_root setup_merged_keyring net_update + merge_back_changes ;; list) foreach_keyring_do 'list_keys_from_keyring' "$@" @@ -411,6 +459,7 @@ case "$command" in setup_merged_keyring aptkey_echo "Executing: $GPG $*" $GPG "$@" + merge_back_changes ;; help) usage diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 6bece40d7..337b16a59 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -13,6 +13,13 @@ cleanplate() { mkdir rootdir/etc/apt/trusted.gpg.d/ } +testaptkeys() { + if ! aptkey list | grep '^pub' > aptkey.list; then + echo -n > aptkey.list + fi + testequal "$1" cat ./aptkey.list +} + echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub"; APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf @@ -26,20 +33,17 @@ testrun() { msgtest 'Check that paths in finger output are not' 'double-slashed' aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' testequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed gpg: Total number processed: 1 gpg: unchanged: 1' aptkey --fakeroot update - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' testsuccess aptkey --fakeroot add ./keys/rexexpired.pub - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] + testaptkeys 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] pub 2048R/DBAC8DAE 2010-08-18' msgtest 'Check that Sixpack key can be' 'exported' @@ -52,14 +56,12 @@ pub 2048R/DBAC8DAE 2010-08-18' msgtest 'Execute update again to trigger removal of' 'Rex Expired key' testsuccess --nomsg aptkey --fakeroot update - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring' testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' testsuccess aptkey --fakeroot del DBAC8DAE testempty aptkey list @@ -91,8 +93,7 @@ pub 2048R/DBAC8DAE 2010-08-18' cleanplate testsuccess aptkey --fakeroot add ./keys/joesixpack.pub testsuccess aptkey --fakeroot add ./keys/marvinparanoid.pub - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18 + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18 pub 2048R/528144E2 2011-01-16' cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse @@ -100,16 +101,14 @@ pub 2048R/528144E2 2011-01-16' cleanplate cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg testsuccess --nomsg aptkey --fakeroot del DBAC8DAE - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testaptkeys 'pub 2048R/528144E2 2011-01-16' testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ msgtest 'Test key removal with' 'multi key in softlink' cleanplate ln -s $(readlink -f ./keys/testcase-multikey.pub) rootdir/etc/apt/trusted.gpg.d/multikey.gpg testsuccess --nomsg aptkey --fakeroot del DBAC8DAE - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testaptkeys 'pub 2048R/528144E2 2011-01-16' testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ testsuccess test ! -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ @@ -119,11 +118,33 @@ pub 2048R/528144E2 2011-01-16' cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg testsuccess --nomsg aptkey --fakeroot del DBAC8DAE - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testaptkeys 'pub 2048R/528144E2 2011-01-16' testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' + msgtest 'Test merge-back of' 'added keys' + testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub + testaptkeys 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' + + msgtest 'Test merge-back of' 'removed keys' + testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9 + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' + + msgtest 'Test merge-back of' 'removed duplicate keys' + testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE + testaptkeys 'pub 2048R/528144E2 2011-01-16' } setupgpgcommand() { -- cgit v1.2.3 From 33a2267214eed2a11281c9f93b8cf10b4c436d94 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 6 Feb 2014 17:56:28 +0100 Subject: add --readonly option for apt-key adv Some advanced commands can be executed without the keyring being modified like --verify, so this adds an option to disable the mergeback and uses it for our gpg calling code. Git-Dch: Ignore --- apt-pkg/contrib/gpgv.cc | 1 + cmdline/apt-key.in | 9 ++++----- test/integration/framework | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index 56e26ab99..cd17cd536 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -54,6 +54,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, Args.push_back(aptkey.c_str()); Args.push_back("--quiet"); + Args.push_back("--readonly"); Args.push_back("adv"); char statusfdstr[10]; diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 9259fac0d..21d692631 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -337,20 +337,19 @@ while [ -n "$1" ]; do shift TRUSTEDFILE="$1" FORCED_KEYRING="$1" - shift ;; --secret-keyring) shift FORCED_SECRET_KEYRING="$1" - shift + ;; + --readonly) + merge_back_changes() { true; } ;; --fakeroot) requires_root() { true; } - shift ;; --quiet) aptkey_echo() { true; } - shift ;; --*) echo >&2 "Unknown option: $1" @@ -359,6 +358,7 @@ while [ -n "$1" ]; do *) break;; esac + shift done if [ -z "$TRUSTEDFILE" ]; then @@ -430,7 +430,6 @@ case "$command" in del|rm|remove) requires_root foreach_keyring_do 'remove_key_from_keyring' "$@" - merge_back_changes aptkey_echo "OK" ;; update) diff --git a/test/integration/framework b/test/integration/framework index 50f16fb46..fcdca34ce 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -429,7 +429,7 @@ Package: $NAME" >> ${BUILDDIR}/debian/control | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist # if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then -# aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet \ +# aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet --readonly \ # adv --yes --default-key 'Joe Sixpack' \ # --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" @@ -816,7 +816,7 @@ setupaptarchive() { signreleasefiles() { local SIGNER="${1:-Joe Sixpack}" local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" - local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec adv --batch --yes" + local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes" msgninfo "\tSign archive with $SIGNER key $KEY… " local REXKEY='keys/rexexpired' local SECEXPIREBAK="${REXKEY}.sec.bak" -- cgit v1.2.3 From 0b94a7bc2ebb42453d9e22dc58dde76b9261de50 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 6 Feb 2014 18:43:55 +0100 Subject: miscellaneous small cleanups in apt-key Git-Dch: Ignore --- cmdline/apt-key.in | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 21d692631..a9a729cce 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -166,9 +166,7 @@ remove_key_from_keyring() { fi local GPG="$GPG_CMD --keyring $KEYRINGFILE" - while [ -n "$1" ]; do - local KEY="$1" - shift + for KEY in "$@"; do # check if the key is in this keyring: the key id is in the 5 column at the end if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -q "^[0-9A-F]*${KEY}$"; then continue @@ -226,18 +224,11 @@ foreach_keyring_do() { fi } -list_keys_from_keyring() { +run_cmd_on_keyring() { local KEYRINGFILE="$1" shift - # don't show the error message if this keyring doesn't include the key - $GPG_CMD --keyring "$KEYRINGFILE" --batch --list-keys "$@" 2>/dev/null || true -} - -fingerprint_keys_from_keyring() { - local KEYRINGFILE="$1" - shift - # don't show the error message if this keyring doesn't include the fingerprint - $GPG_CMD --keyring "$KEYRINGFILE" --batch --fingerprint "$@" 2>/dev/null || true + # fingerprint and co will fail if key isn't in this keyring + $GPG_CMD --keyring "$KEYRINGFILE" --batch "$@" 2>/dev/null || true } import_keys_from_keyring() { @@ -267,10 +258,9 @@ merge_back_changes() { # merge all updated keys foreach_keyring_do 'merge_keys_into_keyrings' "${GPGHOMEDIR}/pubring.gpg" fi - # no look for keys which were added or removed + # look for keys which were added or removed get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.orig.gpg" > "${GPGHOMEDIR}/pubring.orig.keylst" get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.gpg" > "${GPGHOMEDIR}/pubring.keylst" - #echo >&2 "MERGE BACK" sort "${GPGHOMEDIR}/pubring.keylst" "${GPGHOMEDIR}/pubring.orig.keylst" | uniq --unique | while read key; do if grep -q "^${key}$" "${GPGHOMEDIR}/pubring.orig.keylst"; then # key isn't part of new keyring, so remove @@ -445,10 +435,10 @@ case "$command" in merge_back_changes ;; list) - foreach_keyring_do 'list_keys_from_keyring' "$@" + foreach_keyring_do 'run_cmd_on_keyring' --list-keys "$@" ;; finger*) - foreach_keyring_do 'fingerprint_keys_from_keyring' "$@" + foreach_keyring_do 'run_cmd_on_keyring' --fingerprint "$@" ;; export|exportall) foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg" -- cgit v1.2.3 From c46a36adaf51fc28464ea1a0e826c754ee60672b Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 14 Apr 2014 18:24:17 +0200 Subject: add and use 'apt-key verify' which prefers gpgv over gpg gnupg/gnupg2 can do verify just fine of course, so we don't need to use gpgv here, but it is what we always used in the past, so there might be scripts expecting a certain output and more importantly the output of apt-cdrom contains messages from gpg and even with all the settings we activate to prevent it, it still shows (in some versions) a quiet scary: "gpg: WARNING: Using untrusted key!" message. Keeping the use of gpgv is the simplest way to prevent it. We are increasing also the "Breaks: apt" version from libapt as it requires a newer apt-key than might be installed in partial upgrades. --- apt-pkg/contrib/gpgv.cc | 3 +-- cmdline/apt-key.in | 8 ++++++++ debian/control | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index cd17cd536..9d798cca9 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -55,7 +55,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, Args.push_back(aptkey.c_str()); Args.push_back("--quiet"); Args.push_back("--readonly"); - Args.push_back("adv"); + Args.push_back("verify"); char statusfdstr[10]; if (statusfd != -1) @@ -77,7 +77,6 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, Args.push_back(Opts->Value.c_str()); } } - Args.push_back("--verify"); enum { DETACHED, CLEARSIGNED } releaseSignature = (FileGPG != File) ? DETACHED : CLEARSIGNED; std::vector dataHeader; diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index a9a729cce..83a7a31b9 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -450,6 +450,14 @@ case "$command" in $GPG "$@" merge_back_changes ;; + verify) + setup_merged_keyring + if which gpgv >/dev/null 2>&1; then + gpgv --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@" + else + $GPG --verify "$@" + fi + ;; help) usage ;; diff --git a/debian/control b/debian/control index b86e828c5..6d29b0250 100644 --- a/debian/control +++ b/debian/control @@ -43,7 +43,7 @@ Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} -Breaks: apt (<< 0.9.4~), libapt-inst1.5 (<< 0.9.9~) +Breaks: apt (<< 1.0.2~), libapt-inst1.5 (<< 0.9.9~) Section: libs Description: package management runtime library This library provides the common functionality for searching and -- cgit v1.2.3 From 1d240b5a2dd5a82283f7d0b7fe05b6f90222957c Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 15:45:09 +0100 Subject: remove empty keyrings in trusted.gpg.d on upgrade Adding and deleting many repositories could cause (empty) keyring files to pill up in older apt-key versions, which in the end might cause gnupg to run into its internal limit of at most 40 keyrings --- debian/apt.postinst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/debian/apt.postinst b/debian/apt.postinst index a538abde9..01f78a1dd 100755 --- a/debian/apt.postinst +++ b/debian/apt.postinst @@ -15,6 +15,15 @@ set -e case "$1" in configure) + if dpkg --compare-versions "$2" lt 1.0.7; then + # apt-key before 0.9.10 could leave empty keyrings around + find /etc/apt/trusted.gpg.d/ -name '*.gpg' | while read keyring; do + if ! test -s "$keyring"; then + rm -f "$keyring" + fi + done + fi + if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then # we are using tmpfiles for both rm -f /etc/apt/trustdb.gpg -- cgit v1.2.3 From 29f1b977100aeb6d6ebd38923eeb7a623e264ffe Mon Sep 17 00:00:00 2001 From: James McCoy Date: Mon, 18 Aug 2014 12:54:19 +0200 Subject: ensure apt-key del handles 16-byte key ids The original patch does not apply against the rewritten apt-key, but an additional test doesn't hurt. Closes: 754436 --- test/integration/test-apt-key | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 337b16a59..d5adec5bd 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -74,6 +74,14 @@ pub 2048R/DBAC8DAE 2010-08-18' testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + msgtest 'Test key removal with' 'long key ID' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + msgtest 'Test key removal with' 'fingerprint' cleanplate cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -- cgit v1.2.3 From 98f0d7b3d9d7ed0a5cf11d8f9327a021954816b6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 26 Sep 2014 23:09:01 +0200 Subject: add gnupg and gnupg2 as test-dependency apt can work with both, so it has an or-dependency on them, but the tests want to play with both of them. Git-Dch: Ignore --- debian/tests/control | 4 ++-- .../test-very-tight-loop-configure-with-unpacking-new-packages | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/debian/tests/control b/debian/tests/control index f7e47c5f3..0e774d4ca 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,3 +1,3 @@ Tests: run-tests -Restrictions: allow-stderr -Depends: @, @builddeps@, fakeroot, wget, stunnel4, db-util +Restrictions: allow-stderr +Depends: @, @builddeps@, fakeroot, wget, stunnel4, db-util, gnupg, gnupg2 diff --git a/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages b/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages index 202716636..409d1212c 100755 --- a/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages +++ b/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages @@ -45,6 +45,7 @@ Conf libreoffice-core (4 sid [amd64]) Conf libreoffice-style-galaxy (4 sid [amd64]) Conf libreoffice (4 sid [amd64])' 'Reading package lists... Building dependency tree... +Calculating upgrade... The following NEW packages will be installed: ure The following packages will be upgraded: -- cgit v1.2.3