From 105503b4b470c124bc0c271bd8a50e25ecbe9133 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Thu, 25 Aug 2016 12:42:36 +0200
Subject: apt-key: warn instead of fail on unreadable keyrings

apt-key has inconsistent behaviour if it can't read a keyring file:
Commands like 'list' skipped silently over such keyrings while 'verify'
failed hard resulting in apt to report cconfusing gpg errors (#834973).

As a first step we teach apt-key to be more consistent here skipping in
all commands over unreadable keyrings, but issuing a warning in the
process, which is as usual for apt commands displayed at the end of the
run.
---
 test/integration/test-apt-key | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'test')

diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key
index 759ce1487..96cfe41fa 100755
--- a/test/integration/test-apt-key
+++ b/test/integration/test-apt-key
@@ -81,6 +81,20 @@ gpg:              unchanged: 1' aptkey --fakeroot update
 	testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
 	testempty aptkey list
 
+	if [ "$(id -u)" != '0' ]; then
+		msgtest 'Test key removal with' 'unreadable key'
+		cleanplate
+		cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
+		echo 'foobar' > "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg"
+		chmod 000 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg"
+		testwarning --nomsg aptkey --fakeroot del d141dbac8dae
+		testwarning aptkey list
+		chmod 644 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg"
+		rm -f "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg"
+		grep -v '^W: ' "${ROOTDIR}/tmp/testwarning.output" > "${ROOTDIR}/aptkeylist.output" || true
+		testempty cat "${ROOTDIR}/aptkeylist.output"
+	fi
+
 	msgtest 'Test key removal with' 'single key in real file'
 	cleanplate
 	cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
@@ -202,6 +216,16 @@ gpg:              unchanged: 1' aptkey --fakeroot update
 		msgtest 'Test verify a file' 'with all keys'
 		testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}"
 
+		if [ "$(id -u)" != '0' ]; then
+			msgtest 'Test verify a file' 'with unreadable key'
+			echo 'foobar' > "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg"
+			chmod 000 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg"
+			testwarning --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}"
+			testwarning aptkey list
+			chmod 644 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg"
+			rm -f "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg"
+		fi
+
 		msgtest 'Test verify a file' 'with good keyring'
 		testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
 
-- 
cgit v1.2.3