Bug#558784: apt: re-adds removed keys
Am Montag, den 30.11.2009, 15:51 +0100 schrieb Tollef Fog Heen:
> Package: apt
> Severity: serious
> Version: 0.7.24
> Justification: overwrites local configuration changes
>
> I have removed some keys from my apt keyring, but it seems like apt
> always re-adds them when configuring:
>
> shashlik# apt-key list
> /etc/apt/trusted.gpg
> --------------------
> pub 1024D/6070D3A1 2006-11-20 [expired: 2009-07-01]
> uid Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>
>
> pub 1024D/ADB11277 2006-09-17
> uid Etch Stable Release Key <debian-release@lists.debian.org>
>
> [...]
>
> shashlik# apt-key remove ADB11277
> OK
> shashlik# apt-key update
> gpg: key 6070D3A1: "Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>" not changed
> gpg: key ADB11277: public key "Etch Stable Release Key <debian-release@lists.debian.org>" imported
> gpg: key BBE55AB3: "Debian-Volatile Archive Automatic Signing Key (4.0/etch)" not changed
> gpg: key F42584E6: "Lenny Stable Release Key <debian-release@lists.debian.org>" not changed
> gpg: key 55BE302B: "Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster@debian.org>" not changed
> gpg: key 6D849617: "Debian-Volatile Archive Automatic Signing Key (5.0/lenny)" not changed
> gpg: Total number processed: 6
> gpg: imported: 1
> gpg: unchanged: 5
> gpg: no ultimately trusted keys found
> shashlik# apt-key list
> /etc/apt/trusted.gpg
> --------------------
>
> [...]
>
> pub 1024D/ADB11277 2006-09-17
> uid Etch Stable Release Key <debian-release@lists.debian.org>
>
> shashlik#
>
> from apt.postinst:
>
> case "$1" in
> configure)
>
> if ! test -f /etc/apt/trusted.gpg; then
> cp /usr/share/apt/debian-archive.gpg /etc/apt/trusted.gpg
> fi
>
> apt-key update
>
> ;;
>
> so it is actually a double policy violation: removing
> /etc/apt/trusted.gpg is a perfectly legal configuration change that apt
> must not override. Ditto, removing a key is a perfectly legal
> configuration change that apt must not override in its postinst.
We should move it to /var/lib/apt, cupt does this and it seems to be a
much more logical location for such data.
--
Julian Andres Klode - Debian Developer, Ubuntu Member
See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
Reply to: