Bug#954815: apt-key fails if umask of calling user is 0222
Package: apt
Version: 2.0.0
Severity: important
Dear Maintainers,
when calling 'apt update' with a umask of 0222 set in the shell of the calling
user, e.g. root, the verification of signatures by apt-key, which is called in
the background, will fail due to denied permissions.
To reproduce:
root@localhorst:~# umask 0222
root@localhorst:~# apt update
Hit:1 http://ftp.de.debian.org/debian bullseye InRelease
Hit:2 http://security.debian.org/debian-security bullseye-security InRelease
Hit:3 http://ftp.de.debian.org/debian bullseye-updates InRelease
Hit:4 http://ftp.de.debian.org/debian unstable InRelease
Err:1 http://ftp.de.debian.org/debian bullseye InRelease
Unknown error executing apt-key
Err:2 http://security.debian.org/debian-security bullseye-security InRelease
Unknown error executing apt-key
[...]
In difference:
root@localhorst:~# apt update
Hit:1 http://prerelease.keybase.io/deb stable InRelease
Hit:2 http://ftp.de.debian.org/debian bullseye InRelease
Hit:3 http://security.debian.org/debian-security bullseye-security InRelease
Hit:4 http://ftp.de.debian.org/debian bullseye-updates InRelease
[...]
-- Package-specific info:
-- (no /etc/apt/preferences present) --
-- (/etc/apt/preferences.d/testing present, but not submitted) --
-- (/etc/apt/sources.list present, but not submitted) --
-- (/etc/apt/sources.list.d/keybase.list present, but not submitted) --
-- (/etc/apt/sources.list.d/skype-stable.list present, but not submitted) --
-- (/etc/apt/sources.list.d/steam.list present, but not submitted) --
-- (/etc/apt/sources.list.d/teamviewer.list present, but not submitted) --
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (900, 'testing'), (400, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apt depends on:
ii adduser 3.118
ii debian-archive-keyring 2019.1
ii gpgv 2.2.19-2
ii libapt-pkg6.0 2.0.0
ii libc6 2.29-10
ii libgcc-s1 10-20200222-1
ii libgnutls30 3.6.12-2
ii libseccomp2 2.4.2-2
ii libstdc++6 10-20200222-1
Versions of packages apt recommends:
ii ca-certificates 20190110
Versions of packages apt suggests:
pn apt-doc <none>
ii aptitude 0.8.12-1
ii dpkg-dev 1.19.7
ii gnupg 2.2.19-2
ii gnupg1 1.4.23-1+b1
ii powermgmt-base 1.36
ii synaptic 0.90
-- no debconf information
Reply to: