Bug#558784: apt: re-adds removed keys

To: Tollef Fog Heen <tfheen@err.no>, 558784@bugs.debian.org
Subject: Bug#558784: apt: re-adds removed keys
From: Julian Andres Klode <jak@debian.org>
Date: Sat, 19 Dec 2009 14:22:27 +0100
Message-id: <[🔎] 1261228947.3326.38.camel@hp>
Reply-to: Julian Andres Klode <jak@debian.org>, 558784@bugs.debian.org
In-reply-to: <87eingm5fk.fsf@qurzaw.linpro.no>
References: <87eingm5fk.fsf@qurzaw.linpro.no>

Am Montag, den 30.11.2009, 15:51 +0100 schrieb Tollef Fog Heen:
> Package: apt
> Severity: serious
> Version: 0.7.24
> Justification: overwrites local configuration changes
> 
> I have removed some keys from my apt keyring, but it seems like apt
> always re-adds them when configuring:
> 
> shashlik# apt-key list
> /etc/apt/trusted.gpg
> --------------------
> pub   1024D/6070D3A1 2006-11-20 [expired: 2009-07-01]
> uid                  Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>
> 
> pub   1024D/ADB11277 2006-09-17
> uid                  Etch Stable Release Key <debian-release@lists.debian.org>
> 
> [...]
> 
> shashlik# apt-key remove ADB11277
> OK
> shashlik# apt-key update
> gpg: key 6070D3A1: "Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>" not changed
> gpg: key ADB11277: public key "Etch Stable Release Key <debian-release@lists.debian.org>" imported
> gpg: key BBE55AB3: "Debian-Volatile Archive Automatic Signing Key (4.0/etch)" not changed
> gpg: key F42584E6: "Lenny Stable Release Key <debian-release@lists.debian.org>" not changed
> gpg: key 55BE302B: "Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster@debian.org>" not changed
> gpg: key 6D849617: "Debian-Volatile Archive Automatic Signing Key (5.0/lenny)" not changed
> gpg: Total number processed: 6
> gpg:               imported: 1
> gpg:              unchanged: 5
> gpg: no ultimately trusted keys found
> shashlik# apt-key list
> /etc/apt/trusted.gpg
> --------------------
> 
> [...]
> 
> pub   1024D/ADB11277 2006-09-17
> uid                  Etch Stable Release Key <debian-release@lists.debian.org>
> 
> shashlik# 
> 
> from apt.postinst:
> 
> case "$1" in
>     configure)
> 
>         if ! test -f /etc/apt/trusted.gpg; then
>                 cp /usr/share/apt/debian-archive.gpg /etc/apt/trusted.gpg
>         fi
> 
> 	apt-key update
> 
>     ;;
> 
> so it is actually a double policy violation: removing
> /etc/apt/trusted.gpg is a perfectly legal configuration change that apt
> must not override.  Ditto, removing a key is a perfectly legal
> configuration change that apt must not override in its postinst.
We should move it to /var/lib/apt, cupt does this and it seems to be a
much more logical location for such data.

-- 
Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.

Reply to:

Follow-Ups:
- Bug#558784: apt: re-adds removed keys
  - From: Tollef Fog Heen <tfheen@err.no>

Prev by Date: Bug#561636: several paragraphs english (not translated) in /usr/share/man/de/man8/apt-cache.8.gz
Next by Date: Bug#558784: apt: re-adds removed keys
Previous by thread: Processed: Re: Bug#558784: apt: re-adds removed keys
Next by thread: Bug#558784: apt: re-adds removed keys
Index(es):
- Date
- Thread