From 08fcf9628806af202e555bd02b3611e4e9a3d757 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Fri, 1 Jul 2016 22:00:52 +0200
Subject: warn if apt-key is used in scripts/its output parsed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

apt-key needs gnupg for most of its operations, but depending on it
isn't very efficient as apt-key is hardly used by users – and scripts
shouldn't use it to begin with as it is just a silly wrapper. To draw
more attention on the fact that e.g. 'apt-key add' should not be used in
favor of "just" dropping a keyring file into the trusted.gpg.d
directory this commit implements the display of warnings.
---
 cmdline/apt-key.in | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'cmdline')

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 5bd8d1249..49056f2a6 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -494,7 +494,7 @@ prepare_gpg_home() {
     # package depends on gnupg or not. We accept recommends here as
     # well as the script hopefully uses apt-key optionally then like e.g.
     # debian-archive-keyring for (upgrade) cleanup did
-    if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then
+    if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ] && [ -z "$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE" ]; then
 	if ! dpkg-query --show --showformat '${Pre-Depends}${Depends}${Recommends}\n' "$DPKG_MAINTSCRIPT_PACKAGE" 2>/dev/null | grep -q gnupg; then
 	    cat >&2 <<EOF
 Warning: The $DPKG_MAINTSCRIPT_NAME maintainerscript of the package $DPKG_MAINTSCRIPT_PACKAGE
@@ -554,12 +554,25 @@ exec '$(escape_shell "${GPG_EXE}")' --ignore-time-conflict --no-options --no-def
     fi
 }
 
+warn_on_script_usage() {
+    if [ -n "$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE" ]; then
+	return
+    fi
+    # (Maintainer) scripts should not be using apt-key
+    if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then
+	echo >&2 "Warning: apt-key should not be used in scripts (called from $DPKG_MAINTSCRIPT_NAME maintainerscript of the package ${DPKG_MAINTSCRIPT_PACKAGE})"
+    elif [ ! -t 1 ]; then
+	echo >&2 "Warning: apt-key output should not be parsed (stdout is not a terminal)"
+    fi
+}
+
 if [ "$command" != 'help' ] && [ "$command" != 'verify' ]; then
     prepare_gpg_home
 fi
 
 case "$command" in
     add)
+	warn_on_script_usage
 	requires_root
 	setup_merged_keyring
 	aptkey_execute "$GPG" --quiet --batch --import "$@"
@@ -567,11 +580,13 @@ case "$command" in
 	aptkey_echo "OK"
         ;;
     del|rm|remove)
+	# no script warning here as removing 'add' usage needs 'del' for cleanup
 	requires_root
 	foreach_keyring_do 'remove_key_from_keyring' "$@"
 	aptkey_echo "OK"
         ;;
     update)
+	warn_on_script_usage
 	requires_root
 	setup_merged_keyring
 	update
@@ -584,13 +599,16 @@ case "$command" in
 	merge_back_changes
 	;;
     list|finger*)
+	warn_on_script_usage
 	foreach_keyring_do 'run_cmd_on_keyring' --fingerprint "$@"
 	;;
     export|exportall)
+	warn_on_script_usage
 	merge_all_trusted_keyrings_into_pubring
 	aptkey_execute "$GPG_SH" --keyring "${GPGHOMEDIR}/pubring.gpg" --armor --export "$@"
 	;;
     adv*)
+	warn_on_script_usage
 	setup_merged_keyring
 	aptkey_echo "Executing: $GPG $*"
 	aptkey_execute "$GPG" "$@"
-- 
cgit v1.2.3