blob: 73545aff7ba9f1d8cdea5737c9e59c675fd05f2a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
#!/bin/sh
set -e
TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework
setupenvironment
configarchitecture "i386"
# mock
requires_root() {
return 0
}
# extract net_update() and import it
func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
eval "$func"
mkdir -p ./etc/apt
TRUSTEDFILE=./etc/apt/trusted.gpg
mkdir -p ./var/lib/apt/keyrings
TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
# FIXME: instead of copying this use apt-key and the buildin apt webserver
# to do a real test
# COPYIED from apt-key.in --------------
# gpg needs a trustdb to function, but it can't be invalid (not even empty)
# so we create a temporary directory to store our fresh readable trustdb in
TRUSTDBDIR="$(mktemp -d)"
CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';"
trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
chmod 700 "$TRUSTDBDIR"
# We also don't use a secret keyring, of course, but gpg panics and
# implodes if there isn't one available - and writeable for imports
SECRETKEYRING="${TRUSTDBDIR}/secring.gpg"
touch $SECRETKEYRING
GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING"
GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg"
#----------------------------------------- END COPY
GPG="$GPG_CMD --keyring $TRUSTEDFILE"
MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
msgtest "add_keys_with_verify_against_master_keyring"
if [ ! -e $MASTER_KEYRING ]; then
echo -n "No $MASTER_KEYRING found"
msgskip
exit 0
fi
# test bad keyring and ensure its not added (LP: #857472)
ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
msgfail
else
msgpass
fi
# ensure the keyring is still empty
gpg_out=$($GPG --list-keys)
msgtest "Test if keyring is empty"
if [ -n "" ]; then
msgfail
else
msgpass
fi
# test another possible attack vector using subkeys (LP: #1013128)
msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
msgfail
else
msgpass
fi
# ensure the keyring is still empty
gpg_out=$($GPG --list-keys)
msgtest "Test if keyring is empty"
if [ -n "" ]; then
msgfail
else
msgpass
fi
# test good keyring and ensure we get no errors
ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
msgpass
else
msgfail
fi
testequal './etc/apt/trusted.gpg
---------------------
pub 1024D/437D05B5 2004-09-12
uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
sub 2048g/79164387 2004-09-12
pub 1024D/FBB75451 2004-12-30
uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
pub 4096R/C0B21F32 2012-05-11
uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
pub 4096R/EFE21092 2012-05-11
uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
' $GPG --list-keys
|
