apt-key fails when POSIXLY_CORRECT environmental variable is set
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
apt-key fails when the POSIXLY_CORRECT environmental variable is set.
This is due to chmod acting differently with POSIXLY_CORRECT set: chmod tries to use `--` as a parameter with this variable.
This prevents some third-party utilities, like pmrun, from using apt-key.
---
chmod with POSIXLY_CORRECT unset succeeds with the following commands:
```
touch testfile
chmod 0644 -- testfile
echo $?
```
The final command prints "0".
(This is what the apt-key script expects to happen.)
---
chmod with POSIXLY_CORRECT set fails with the following commands:
```
export POSIXLY_CORRECT=
touch testfile
chmod 0644 -- testfile
echo $?
```
The final two commands print these two lines, respectively:
"""
chmod: cannot access '--': No such file or directory
1
"""
(This is unexpected for the apt-key script.)
---
As such, when a third party utility that sets the POSIXLY_CORRECT environmental variable, like pmrun, tries to run apt-key, it will fail.
Example use similar to what the reporting customer tried: `cat some-repo-key.gpg | pmrun apt-key add -`
The chmod examples are run on an up-to-date Bionic container, /usr/bin/apt-key has `chmod #### -- path` commands at line 338 and line 499:
GNU coreutils package version 8.28-1ubuntu1
apt package version 1.6.13
Is this a regression from an older release? We can fix it, but if it's not a regression, I'd just skip it, as running apt-key is the wrong approach anyway.
They should just pmrum cp some-repo-key.gpg /etc/apt/ trusted. gpg.d. optimally drop the keyring elsewhere and use signed-by in sources.list snippet, but oh well, it does not add much security really.