Ubuntu
apt package

apt-key del must absolutely detect all errors, and then provide NON-zero return code and error message

Bug #1669517 reported by Etienne URBAH
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Won't Fix
Low
Unassigned

Bug Description

Currently, 'apt-key del' does NOT detect that the keyid given in parameter is invalid :
It displays 'OK' and provides a return code equal to zero (see log below).

I consider that letting erroneously believe that a GPG key has been successfully removed is a security issue.

In fact 'apt-key del' must absolutely detect all errors, and then provide NON-zero return code and error message.

# wget -q -O - https://oss.oracle.com/el4/RPM-GPG-KEY-oracle | apt-key --keyring /etc/apt/trusted.gpg.d/oracle.gpg add -
OK

# apt-key --keyring /etc/apt/trusted.gpg.d/oracle.gpg list
/etc/apt/trusted.gpg.d/oracle.gpg
---------------------------------
pub 1024D/B38A8516 2006-09-05 [expired: 2013-09-06]
uid Oracle OSS group (Open Source Software group) <email address hidden>

# apt-key --keyring /etc/apt/trusted.gpg.d/oracle.gpg del 1024D/B38A8516
OK

# echo $?
0

# apt-key --keyring /etc/apt/trusted.gpg.d/oracle.gpg list
/etc/apt/trusted.gpg.d/oracle.gpg
---------------------------------
pub 1024D/B38A8516 2006-09-05 [expired: 2013-09-06]
uid Oracle OSS group (Open Source Software group) <email address hidden>

# apt-key --keyring /etc/apt/trusted.gpg.d/oracle.gpg del B38A8516
OK

# apt-key --keyring /etc/apt/trusted.gpg.d/oracle.gpg list

#

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apt 1.2.19
ProcVersionSignature: Ubuntu 4.4.0-65.86-generic 4.4.49
Uname: Linux 4.4.0-65-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
CurrentDesktop: X-Cinnamon
Date: Thu Mar 2 17:34:07 2017
InstallationDate: Installed on 2014-11-03 (849 days ago)
InstallationMedia: Ubuntu-GNOME 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
SourcePackage: apt
UpgradeStatus: Upgraded to xenial on 2016-05-09 (297 days ago)

Revision history for this message
Etienne URBAH (eurbah) wrote :
Revision history for this message
Julian Andres Klode (juliank) wrote :

First of all, This is extremely wrong:

wget -q -O - https://oss.oracle.com/el4/RPM-GPG-KEY-oracle | apt-key --keyring
/etc/apt/trusted.gpg.d/oracle.gpg add -

- it will cause your apt installation to fail validating keys silently (as in, you don't know why it failed) if you do this on a recent system. You have to pass the key through gpg --dearmor, --keyring can (and recently has) changed it's format.

With the current setup, we can't show a warning if a key was not deleted - there are multiple keyrings, and we first check if a key is in a keyring before running gpg on it (probably to prevent errors). We can't just warn there - we'd then warn for all cases.

I'm not sure if fixing this is worth it. apt-key del (well apt-key itself, even) is not meant to be used, except for maintainer scripts migrating to the saner trusted.gpg.d file.

Changed in apt (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Etienne URBAH (eurbah) wrote :

In package 'apt' 1.6~beta1 from Kubuntu Bionic Beaver Beta1 (18.04) :

- The 'apt-key' command is still present,

- 'apt-key del' still does NOT detect that the keyid given in parameter is invalid :
   It still erroneously displays 'OK' and provides a return code equal to zero.

tags: added: bionic
Revision history for this message
Julian Andres Klode (juliank) wrote :

We will not be changing the behavior here. apt-key del working if they key was not present in the keyring is important to maintain, so that we do not break the maintainer scripts using it (which should be tested, and should be the only users of this).

Changed in apt (Ubuntu):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.