apt fails to verify keys when Dir has space, and set via cmdline
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Fix Released
|
Low
|
Unassigned | ||
Yakkety |
Won't Fix
|
High
|
Julian Andres Klode |
Bug Description
When Dir has a space, and it is set via APT_CONFIG file, keys are found and validated correctly.
When Dir is set without a space via cmdline, keys are found and validated correctly.
When Dir is set with a space via cmdline, keys are not found and repositories are not verified.
[Test case]
Please see attached reproducer, which works on xenial system (gpg1) but not on zesty system (gpg2)
$ bash reproducer.sh
++ mktemp -d
+ tmpdir=
+ pushd /tmp/tmp.sFipy6h5yL
/tmp/tmp.sFipy6h5yL ~
+ mkdir 'Sub Dir'
+ pushd 'Sub Dir'
/tmp/tmp.
+ mkdir -p etc/apt/apt.conf.d
+ mkdir -p etc/apt/
+ mkdir -p etc/apt/
+ mkdir -p var/lib/
+ mkdir -p var/lib/dpkg
+ touch var/lib/dpkg/status
+ cp /etc/apt/
+ echo 'deb http://
+ echo 'Dir "/tmp/tmp.
+ export APT_CONFIG=
+ APT_CONFIG=
+ cat /tmp/tmp.
Dir "/tmp/tmp.
+ :
+ : == list available keys ==
+ apt-key list
/tmp/tmp.
-------
pub rsa4096 2012-05-11 [SC]
790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32
uid [ unknown] Ubuntu Archive Automatic Signing Key (2012) <email address hidden>
+ :
+ : == update with environ APT_CONFIG setting the Dir variable ==
+ apt update
Ign:1 http://
Get:2 http://
Get:3 http://
Get:4 http://
Fetched 1,410 kB in 0s (1,959 kB/s)
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
+ unset APT_CONFIG
+ :
+ : == update with cmdline Dir option setting Dir to relative pwd ==
+ apt -o Dir=./ update
Ign:1 http://
Hit:2 http://
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
+ :
+ : == update with cmdline Dir option setting Dir to absolute pwd with space ==
+ apt -o 'Dir=/tmp/
Ign:1 http://
Hit:2 http://
Err:3 http://
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://
W: Failed to fetch http://
W: Some index files failed to download. They have been ignored, or old ones used instead.
[Regression Potential]
The fix changes the code to generate quotes in the Commmandline:
description: | updated |
Changed in apt (Ubuntu Yakkety): | |
importance: | Undecided → High |
status: | New → Triaged |
assignee: | nobody → Julian Andres Klode (juliank) |
Changed in apt (Ubuntu Xenial): | |
status: | New → Triaged |
importance: | Undecided → Low |
Changed in apt (Ubuntu Xenial): | |
status: | Triaged → Fix Committed |
Changed in apt (Ubuntu Yakkety): | |
status: | Triaged → Fix Committed |
I made the apt-key dump the passed config file...
The difference between the generated files in the first and second cases are:
-CommandLine: :AsString "apt update"; :AsString "apt -o Dir="/tmp/ tmp.26IBhxIxAw/ Sub Dir" update"";
+CommandLine:
When executing apt-config with the second file as the APT_CONFIG to get the trusted keys I get:
$ APT_CONFIG= /tmp/apt- key-cheat- 1489496770 apt-config shell TRUSTEDPARTS Dir::Etc: :TrustedParts/ d key-cheat- 1489496770: 213: Extra junk at end of file
E: Syntax error /tmp/apt-