Bug#412156: apt-key update deletes legitimate keys
Package: apt
Version: all
Recently building a sid debian-live I stumbled on the
W: GPG error: http://192.168.0.1 sid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A70DAF536070D3A1
doing some research I found that 'apt-key update' may be in cause.
update executes (done twice, first with debian-archive-keyring postinst and then the apt one) :
# gpg --no-options --no-default-keyring
--secret-keyring /etc/apt/secring.gpg
--trustdb-name /etc/apt/trustdb.gpg
--keyring /usr/share/keyrings/debian-archive-removed-keys.gpg
--with-colons --list-keys | awk '/^pub/{FS=":";print $5 }'
Key
F1D53D8C4F368D5D
E415B2B4B5F5BBED
while it is supposed to be :
6FFA8EF91DB114E0
F1D53D8C4F368D5D
E415B2B4B5F5BBED
I suggest setting the field separator before the regexp match (or just using -F":")
Cheers
--
Mathieu
--- apt-key 2006-12-14 12:16:22.000000000 +0100
+++ apt-key.new 2007-02-24 01:48:55.000000000 +0100
@@ -24,9 +24,9 @@
$GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --ignore-time-conflict --import
# remove no-longer used keys
- keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys|awk '/^pub/{FS=":";print $5}'`
+ keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys|awk '{FS=":"}/^pub/{print $5}'`
for key in $keys; do
- if $GPG --list-keys --with-colons | awk '/^pub/{FS=":";print $5}'|grep -q $key; then
+ if $GPG --list-keys --with-colons | awk '{FS=":"}/^pub/{print $5}'|grep -q $key; then
$GPG --quiet --batch --delete-key --yes ${key}
fi
done
Reply to: