[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#406799: the varying permissions of /etc/apt/trusted.gpg

Package: apt
Severity: normal

Apparently a bunch of systems have a /etc/apt/trusted.gpg that's mode
644, while many others have one that's mode 600.

As best I can tell, it used to be the case that during debootstrap, 
the file was created by apt's postinst:

        if ! test -f /etc/apt/trusted.gpg; then
                cp /usr/share/apt/debian-archive.gpg /etc/apt/trusted.gpg

That cp results in the file being 644, and it's 644 on all my older

But if I debootstrap etch today, the file is instead mode 600. This is
because apt now depends on debian-archive-keyring, which does this in
its postinst:

	if [ -x /usr/bin/apt-key ]; then
		/usr/bin/apt-key update

Currently in debootstrap, apt-key exists at this point, and when it
runs on a system with no trusted.gpg, gpg defaults to mode 600.

This came to my attention, because the debian-installer package failed
to access /etc/apt/trusted.gpg when running apt as a regular user,
during its download of udebs when building d-i images. I've worked
around that, by making debian-installer use
/usr/share/keyrings/debian-archive-keyring.gpg instead. (Which I feel is
suboptimal, but oh well..)

I feel that the current situation is bad, because the mode of the file
on a newly installed system is not well defined. Using a different
method to bootstrap a Debian system can easily result in apt not yet
being installed when debian-archive-keyring is first configured, and
then the file will be installed mode 644 again.

This also seems easy enough to fix in apt: Just pick a mode (preferably
one that's a good choice for most users), and make apt-key and apt's
postinst both ensure that if the file doesn't exist, it's created with
that mode. 

(Or, if the mode you choose if 600, just remove the
abovequoted lines from apt's postinst, and remove the old obsolete
/usr/share/apt/debian-archive.gpg -- the apt-key update that follows
those lines would then result in the file always being created mode

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: