Control: tag -1 patch On Fri, Jul 11, 2014 at 02:34:33AM +0200, Axel Beckert wrote: > If I try to delete a key and reference it by an 8 byte keyid instead of > the short and deprecated 4 byte key ID, apt-key says "OK", The "OK" is because apt doesn't think they key is in the keyring, so there's nothing to do. The attached patch (against debian/sid) fixes that and adds a test. > Fixing this issue would also fix https://bugs.debian.org/746574 filed > against gui-apt-key. (I suspect that regression came in when gpg > switched to printing long key IDs by default as the above command is > what gui-apt-key uses to parse the content of the trusted.gpg keyring.) Actually, it came in when apt-key started doing more than simply handing the key to gpg for the del command (04937adc). > Interestingly "apt-key export 2FF9CD59612616B5" works as expected. Yeah, export just hands the key the user provides directly to gpg. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <jamessan@debian.org>
From c9f37d961a9cc102ea0f1cd066cbf454b714a71e Mon Sep 17 00:00:00 2001 From: James McCoy <jamessan@debian.org> Date: Fri, 11 Jul 2014 01:21:28 -0400 Subject: [PATCH] Handle 16-byte key ids in apt-key del If a 16-byte key ID is given, the input will match the entire 5th field of the --with-colons output, so the grep to check if the ID is in the keyring cannot require characters before the given ID. Closes: 754436 Signed-off-by: James McCoy <jamessan@debian.org> --- cmdline/apt-key.in | 2 +- test/integration/test-apt-key | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 0774cf4..b4e0710 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -180,7 +180,7 @@ update() { remove_key_from_keyring() { local GPG="$GPG_CMD --keyring $1" # check if the key is in this keyring: the key id is in the 5 column at the end - if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+$2:"; then + if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]*$2:"; then return fi if [ ! -w "$1" ]; then diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 68b3f97..47230cb 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -105,3 +105,9 @@ testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + +msgtest 'Test key removal with' '8 byte key ID' +cleanplate +cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg +testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE +testempty aptkey list -- 2.0.1
Attachment:
signature.asc
Description: Digital signature