From f20750cb30baaf00ca1b87f2ae55e6a0eb900f2b Mon Sep 17 00:00:00 2001
From: Michael Vogt <michael.vogt@ubuntu.com>
Date: Tue, 4 Oct 2011 18:01:41 +0200
Subject: export/import keys one-by-one

---
 cmdline/apt-key | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

(limited to 'cmdline/apt-key')

diff --git a/cmdline/apt-key b/cmdline/apt-key
index 104ca656b..617fed4f8 100755
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -22,7 +22,7 @@ MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
 ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
 REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
 ARCHIVE_KEYRING_URI=http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
-
+TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg
 
 requires_root() {
 	if [ "$(id -u)" -ne 0 ]; then
@@ -34,7 +34,7 @@ requires_root() {
 add_keys_with_verify_against_master_keyring() {
     ADD_KEYRING=$1
     MASTER=$2
-    
+
     if [ ! -f "$ADD_KEYRING" ]; then
 	echo "ERROR: '$ADD_KEYRING' not found"
 	return
@@ -50,22 +50,26 @@ add_keys_with_verify_against_master_keyring() {
     #   from a key in the $distro-master-keyring
     add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
     master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`
-    # verify to ensure that there are no key id duplications that may be
-    # used to attack the system, see LP: #857472
+    
+    ADDED=0
     for add_key in $add_keys; do
+
+        # ensure there are no colisions LP: #857472
 	for master_key in $master_keys; do
             if [ "$add_key" = "$master_key" ]; then
                 echo >&2 "Keyid collision for '$add_key' detected, operation aborted"
                 return 1
             fi
         done
-    done
-    # add all keys signed with any of the master key(s)
-    for add_key in $add_keys; do
-	ADDED=0
+
+        # export the add keyring one-by-one
+        rm -f $TMP_KEYRING
+        $GPG_CMD --keyring $ADD_KEYRING --export $add_key | $GPG_CMD --keyring $TMP_KEYRING --import --trust-model direct
+
+        # check if signed with the master key and only add in this case
 	for master_key in $master_keys; do
-	    if $GPG_CMD --keyring $ADD_KEYRING --verify-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then
-		$GPG_CMD --quiet --batch --keyring $ADD_KEYRING --export $add_key | $GPG --import
+	    if $GPG_CMD --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then
+		$GPG --import $TMP_KEYRING
 		ADDED=1
 	    fi
 	done
@@ -73,14 +77,13 @@ add_keys_with_verify_against_master_keyring() {
 	    echo >&2 "Key '$add_key' not added. It is not signed with a master key"
 	fi
     done
+    rm -f $TMP_KEYRING
 }
 
 # update the current archive signing keyring from a network URI
 # the archive-keyring keys needs to be signed with the master key
 # (otherwise it does not make sense from a security POV)
 net_update() {
-    # Disabled for now as code is insecure
-    exit 1
 
     if [ -z "$ARCHIVE_KEYRING_URI" ]; then
 	echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set"
-- 
cgit v1.2.3