Bug#451328: 'apt-key add' doesn't ignore time conflicts, although update does

To: Otavio Salvador <otavio@debian.org>
Cc: Colin Watson <cjwatson@debian.org>, 451328@bugs.debian.org
Subject: Bug#451328: 'apt-key add' doesn't ignore time conflicts, although update does
From: Robert Millan <rmh@aybabtu.com>
Date: Wed, 5 Dec 2007 18:08:12 +0100
Message-id: <[🔎] 20071205170812.GA28366@thorin>
Reply-to: Robert Millan <rmh@aybabtu.com>, 451328@bugs.debian.org
In-reply-to: <877ikkcw61.fsf@lab.ossystems.com.br>
References: <20071115005049.GS13244@riva.ucam.org> <877ikkcw61.fsf@lab.ossystems.com.br>

On Wed, Nov 14, 2007 at 08:13:58PM -0200, Otavio Salvador wrote:
> Colin Watson <cjwatson@debian.org> writes:
> 
> > Package: apt
> > Version: 0.7.6
> > Severity: normal
> >
> > apt-key uses --ignore-time-conflict in 'apt-key update', but not in
> > 'apt-key add'. This is annoying because it means that if the system
> > clock is skewed backwards before the key's creation time then telling
> > d-i to use a custom signed repository doesn't work. Do you think apt-key
> > could be consistent here and use --ignore-time-conflict for add as well?
> 
> Yes. I see no problem in doing it. It does looks logical to me as it's
> already done on apt-key update.

Using it in apt-key is not enough.  I just run into the same problem, except
the correct key was already in trusted.gpg.  Breakage happened when apt-get
invoked gpgv instead:

$ sudo apt-get update
[...]
W: GPG error: http://ftp.rediris.es experimental Release: Unknown error executing gpgv
W: GPG error: http://ftp.rediris.es sid Release: Unknown error executing gpgv
W: You may want to run apt-get update to correct these problems

Attached patch solves the problem.

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call, if you are unable to speak?
(as seen on /.)

diff -ur apt-0.7.9.old/cmdline/apt-key apt-0.7.9/cmdline/apt-key
--- apt-0.7.9.old/cmdline/apt-key	2007-09-12 22:03:51.000000000 +0200
+++ apt-0.7.9/cmdline/apt-key	2000-01-01 01:31:34.000000000 +0100
@@ -5,7 +5,7 @@
 # We don't use a secret keyring, of course, but gpg panics and
 # implodes if there isn't one available
 
-GPG_CMD="gpg --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg"
+GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg"
 GPG="$GPG_CMD --keyring /etc/apt/trusted.gpg"
 
 
@@ -21,7 +21,7 @@
     fi
 
     # add new keys
-    $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --ignore-time-conflict --import
+    $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import
 
     # remove no-longer used keys
     keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5`
diff -ur apt-0.7.9.old/methods/gpgv.cc apt-0.7.9/methods/gpgv.cc
--- apt-0.7.9.old/methods/gpgv.cc	2007-10-02 14:34:38.000000000 +0200
+++ apt-0.7.9/methods/gpgv.cc	2000-01-01 01:32:31.000000000 +0100
@@ -83,6 +83,7 @@
       Args[i++] = gpgvpath.c_str();
       Args[i++] = "--status-fd";
       Args[i++] = "3";
+      Args[i++] = "--ignore-time-conflict";
       Args[i++] = "--keyring";
       Args[i++] = pubringpath.c_str();

Reply to:

Prev by Date: Processed: tagging 451328
Next by Date: Processed: Change of email address
Previous by thread: Processed: tagging 451328
Next by thread: Processed: Change of email address
Index(es):
- Date
- Thread