[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

file permissions on /etc/apt/trusted.gpg

Hello developers,

I am implementing a package manager named 'cupt' for Debian for the aim
to provide future APT replacement using the same archive infrasctucture
avoiding however some hard-to-fix APT bugs.

One of already present cupt features - checking of Release gpg
signatures in every run, not only during 'update' action, which has the
benefit to reveal possible gpg key expiries or revokes if the system
administrator for some reason don't run 'update' action enough
frequently. To achieve this, I need world-readable file containing gpg
public keys used for verifying. APT maintains this file as
/etc/apt/trusted.gpg. However, its permissions are 600, whereas I need
644. Despite placing in /etc (it has probably to lie in /var/lib/apt, as
pointed by Enrico Zini), this is not a conffile.

The easiest way for me to fix this is to do 'chmod +r
/etc/apt/trusted.gpg' in the cupt's postinst. As this file contains only
public gpg public keys, this should not harm anything.

One can argue that the sane way to fix this is file a bug against apt,
wait for fix and then depend on apt >= (x.y.z), where x.y.z is the fixed
version. While this is true, the approach has two drawbacks:
1) depending on newer apt version would lead to uninstallability on
Lenny, while now cupt can be installed on pure-Lenny system
2) waiting for fix in apt can take significant time

Given all this, are there arguments against that chmod command?

Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com
C++/Perl developer, Debian Maintainer

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: