apt-key del must absolutely detect all errors, and then provide NON-zero return code and error message
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Currently, 'apt-key del' does NOT detect that the keyid given in parameter is invalid :
It displays 'OK' and provides a return code equal to zero (see log below).
I consider that letting erroneously believe that a GPG key has been successfully removed is a security issue.
In fact 'apt-key del' must absolutely detect all errors, and then provide NON-zero return code and error message.
# wget -q -O - https:/
OK
# apt-key --keyring /etc/apt/
/etc/apt/
-------
pub 1024D/B38A8516 2006-09-05 [expired: 2013-09-06]
uid Oracle OSS group (Open Source Software group) <email address hidden>
# apt-key --keyring /etc/apt/
OK
# echo $?
0
# apt-key --keyring /etc/apt/
/etc/apt/
-------
pub 1024D/B38A8516 2006-09-05 [expired: 2013-09-06]
uid Oracle OSS group (Open Source Software group) <email address hidden>
# apt-key --keyring /etc/apt/
OK
# apt-key --keyring /etc/apt/
#
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apt 1.2.19
ProcVersionSign
Uname: Linux 4.4.0-65-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
CurrentDesktop: X-Cinnamon
Date: Thu Mar 2 17:34:07 2017
InstallationDate: Installed on 2014-11-03 (849 days ago)
InstallationMedia: Ubuntu-GNOME 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
SourcePackage: apt
UpgradeStatus: Upgraded to xenial on 2016-05-09 (297 days ago)
First of all, This is extremely wrong:
wget -q -O - https:/ /oss.oracle. com/el4/ RPM-GPG- KEY-oracle | apt-key --keyring trusted. gpg.d/oracle. gpg add -
/etc/apt/
- it will cause your apt installation to fail validating keys silently (as in, you don't know why it failed) if you do this on a recent system. You have to pass the key through gpg --dearmor, --keyring can (and recently has) changed it's format.
With the current setup, we can't show a warning if a key was not deleted - there are multiple keyrings, and we first check if a key is in a keyring before running gpg on it (probably to prevent errors). We can't just warn there - we'd then warn for all cases.
I'm not sure if fixing this is worth it. apt-key del (well apt-key itself, even) is not meant to be used, except for maintainer scripts migrating to the saner trusted.gpg.d file.