require to be root for add, rm, update and net-update

[apt.git] / cmdline / apt-key

diff --git a/cmdline/apt-key b/cmdline/apt-key
index 86e9820548298c8eb6b50b1cc47f7f2d30779c30..843163f82c5fc3367f9a4d023817763888af8312 100755 (executable)
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -21,6 +21,13 @@ ARCHIVE_KEYRING_URI=""
 ARCHIVE_KEYRING=/usr/share/keyrings/debian-archive-keyring.gpg
 REMOVED_KEYS=/usr/share/keyrings/debian-archive-removed-keys.gpg
 
+requires_root() {
+       if [ "$(id -u)" -ne 0 ]; then
+               echo >&1 "ERROR: This command can only be used by root."
+               exit 1
+       fi
+}
+
 add_keys_with_verify_against_master_keyring() {
     ADD_KEYRING=$1
     MASTER=$2
@@ -62,6 +69,7 @@ net_update() {
        echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set"
        exit 1
     fi
+    requires_root
     # in theory we would need to depend on wget for this, but this feature
     # isn't useable in debian anyway as we have no keyring uri nor a master key
     if ! which wget >/dev/null 2>&1; then
@@ -93,6 +101,7 @@ update() {
        echo >&2 "Is the debian-archive-keyring package installed?"
        exit 1
     fi
+    requires_root
 
     # add new keys from the package;
 
@@ -184,10 +193,12 @@ fi
 
 case "$command" in
     add)
+        requires_root
         $GPG --quiet --batch --import "$1"
         echo "OK"
         ;;
     del|rm|remove)
+        requires_root
         $GPG --quiet --batch --delete-key --yes "$1"
         echo "OK"
         ;;