Bug#954815: apt-key fails if umask of calling user is 0222

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#954815: apt-key fails if umask of calling user is 0222
From: Florian Streibelt <debian_2020xafe3w@f-streibelt.de>
Date: Mon, 23 Mar 2020 22:55:28 +0100
Message-id: <[🔎] 158500052895.214768.9401067477714377628.reportbug@lap-16-72.inet.mpi-inf.mpg.de>
Reply-to: Florian Streibelt <debian_2020xafe3w@f-streibelt.de>, 954815@bugs.debian.org

Package: apt
Version: 2.0.0
Severity: important

Dear Maintainers,

when calling 'apt update' with a umask of 0222 set in the shell of the calling
user, e.g. root, the verification of signatures by apt-key, which is called in
the background, will fail due to denied permissions.


To reproduce:

root@localhorst:~# umask 0222
root@localhorst:~# apt update
Hit:1 http://ftp.de.debian.org/debian bullseye InRelease
Hit:2 http://security.debian.org/debian-security bullseye-security InRelease
Hit:3 http://ftp.de.debian.org/debian bullseye-updates InRelease
Hit:4 http://ftp.de.debian.org/debian unstable InRelease
Err:1 http://ftp.de.debian.org/debian bullseye InRelease
  Unknown error executing apt-key
Err:2 http://security.debian.org/debian-security bullseye-security InRelease
  Unknown error executing apt-key
[...]



In difference:

root@localhorst:~# apt update
Hit:1 http://prerelease.keybase.io/deb stable InRelease
Hit:2 http://ftp.de.debian.org/debian bullseye InRelease
Hit:3 http://security.debian.org/debian-security bullseye-security InRelease
Hit:4 http://ftp.de.debian.org/debian bullseye-updates InRelease
[...]






-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- (/etc/apt/preferences.d/testing present, but not submitted) --


-- (/etc/apt/sources.list present, but not submitted) --


-- (/etc/apt/sources.list.d/keybase.list present, but not submitted) --


-- (/etc/apt/sources.list.d/skype-stable.list present, but not submitted) --


-- (/etc/apt/sources.list.d/steam.list present, but not submitted) --


-- (/etc/apt/sources.list.d/teamviewer.list present, but not submitted) --


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (900, 'testing'), (400, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt depends on:
ii  adduser                 3.118
ii  debian-archive-keyring  2019.1
ii  gpgv                    2.2.19-2
ii  libapt-pkg6.0           2.0.0
ii  libc6                   2.29-10
ii  libgcc-s1               10-20200222-1
ii  libgnutls30             3.6.12-2
ii  libseccomp2             2.4.2-2
ii  libstdc++6              10-20200222-1

Versions of packages apt recommends:
ii  ca-certificates  20190110

Versions of packages apt suggests:
pn  apt-doc         <none>
ii  aptitude        0.8.12-1
ii  dpkg-dev        1.19.7
ii  gnupg           2.2.19-2
ii  gnupg1          1.4.23-1+b1
ii  powermgmt-base  1.36
ii  synaptic        0.90

-- no debconf information

Reply to:

Prev by Date: Bug#954807: apt upgrade sometimes marks packages as manually installed
Next by Date: Processed: Bug#953527 marked as pending in apt
Previous by thread: Bug#954807: apt upgrade sometimes marks packages as manually installed
Next by thread: Bug#953804: marked as done (apt: [INTL:ru] Russian translation update)
Index(es):
- Date
- Thread