Bug#558784: marked as done (apt: re-adds removed keys)

To: David Kalnischkies <kalnischkies@gmail.com>
Subject: Bug#558784: marked as done (apt: re-adds removed keys)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 13 Aug 2013 12:27:05 +0000
Message-id: <[🔎] handler.558784.D558784.137639668321465.ackdone@bugs.debian.org>
References: <CAAZ6_fBtatnwq0HmNYiBa2e79b241weecopyJmVWBfVzc6yS5w@mail.gmail.com> <87eingm5fk.fsf@qurzaw.linpro.no>

Your message dated Tue, 13 Aug 2013 14:23:55 +0200
with message-id <CAAZ6_fBtatnwq0HmNYiBa2e79b241weecopyJmVWBfVzc6yS5w@mail.gmail.com>
and subject line Bug#558784: marked as done (apt: re-adds removed keys)
has caused the Debian Bug report #558784,
regarding apt: re-adds removed keys
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
558784: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558784
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: apt: re-adds removed keys
From: Tollef Fog Heen <tfheen@err.no>
Date: Mon, 30 Nov 2009 15:51:43 +0100
Message-id: <87eingm5fk.fsf@qurzaw.linpro.no>

Package: apt
Severity: serious
Version: 0.7.24
Justification: overwrites local configuration changes

I have removed some keys from my apt keyring, but it seems like apt
always re-adds them when configuring:

shashlik# apt-key list
/etc/apt/trusted.gpg
--------------------
pub   1024D/6070D3A1 2006-11-20 [expired: 2009-07-01]
uid                  Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>

pub   1024D/ADB11277 2006-09-17
uid                  Etch Stable Release Key <debian-release@lists.debian.org>

[...]

shashlik# apt-key remove ADB11277
OK
shashlik# apt-key update
gpg: key 6070D3A1: "Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>" not changed
gpg: key ADB11277: public key "Etch Stable Release Key <debian-release@lists.debian.org>" imported
gpg: key BBE55AB3: "Debian-Volatile Archive Automatic Signing Key (4.0/etch)" not changed
gpg: key F42584E6: "Lenny Stable Release Key <debian-release@lists.debian.org>" not changed
gpg: key 55BE302B: "Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster@debian.org>" not changed
gpg: key 6D849617: "Debian-Volatile Archive Automatic Signing Key (5.0/lenny)" not changed
gpg: Total number processed: 6
gpg:               imported: 1
gpg:              unchanged: 5
gpg: no ultimately trusted keys found
shashlik# apt-key list
/etc/apt/trusted.gpg
--------------------

[...]

pub   1024D/ADB11277 2006-09-17
uid                  Etch Stable Release Key <debian-release@lists.debian.org>

shashlik# 

from apt.postinst:

case "$1" in
    configure)

        if ! test -f /etc/apt/trusted.gpg; then
                cp /usr/share/apt/debian-archive.gpg /etc/apt/trusted.gpg
        fi

	apt-key update

    ;;

so it is actually a double policy violation: removing
/etc/apt/trusted.gpg is a perfectly legal configuration change that apt
must not override.  Ditto, removing a key is a perfectly legal
configuration change that apt must not override in its postinst.

-- 
Tollef Fog Heen 
UNIX is user friendly, it's just picky about who its friends are

--- End Message ---

--- Begin Message ---

To: 558784-done@bugs.debian.org
Subject: Bug#558784: marked as done (apt: re-adds removed keys)
From: David Kalnischkies <kalnischkies@gmail.com>
Date: Tue, 13 Aug 2013 14:23:55 +0200
Message-id: <CAAZ6_fBtatnwq0HmNYiBa2e79b241weecopyJmVWBfVzc6yS5w@mail.gmail.com>

Version: 0.9.10

Hi *,

This is a manual mail to notify the BTS about the fact that after two
ignore tags and a few days of coding all pieces final felt together
to be able to close this RC bug - but I missed to do the simplest thing
out of all the required changes: add a Closes: tag…
(very promising for the quality of the following indeed)

So here you go:

apt (0.9.10) unstable; urgency=low

  The "Hello to Debconf" upload
[…]
  * always use our own trustdb.gpg in apt-key
  * use a tmpfile for trustdb.gpg in apt-key.
    Thanks to Andreas Beckmann for the initial patch! (Closes: #687611)
  * do not double-slash paths in apt-key (Closes: 665411)
  * make the keyring locations in apt-key configurable
  * let apt-key del work better with softlink and single key keyrings
  * do not call 'apt-key update' in apt.postinst
[…]
 -- Michael Vogt <mvo@debian.org>  Mon, 12 Aug 2013 21:45:07 +0200

The debian-archive-keyring is fixed for a while now, which means
'apt-key update' isn't called anymore by anything.

Problem (hopefully) solved and a whole release cycle to proof it.


Best regards

David Kalnischkies

--- End Message ---

Reply to:

Prev by Date: Bug#719263: still affects Wheezy
Next by Date: Caro usuário
Previous by thread: Bug#719263: still affects Wheezy
Next by thread: Caro usuário
Index(es):
- Date
- Thread