export/import keys one-by-one

diff --git a/cmdline/apt-key b/cmdline/apt-key
index 104ca656b9d2e2a957d3d30e72736f7d48b1a862..617fed4f8fb9a9d398c760aeca9bd06a0a5f2143 100755 (executable)
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -22,7 +22,7 @@ MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
 ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
 REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
 ARCHIVE_KEYRING_URI=http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
 ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
 REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
 ARCHIVE_KEYRING_URI=http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg

-
+TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg

 
 requires_root() {
        if [ "$(id -u)" -ne 0 ]; then
 
 requires_root() {
        if [ "$(id -u)" -ne 0 ]; then


@@ -34,7 +34,7 @@ requires_root() {
 add_keys_with_verify_against_master_keyring() {
     ADD_KEYRING=$1
     MASTER=$2
 add_keys_with_verify_against_master_keyring() {
     ADD_KEYRING=$1
     MASTER=$2

-    
+

     if [ ! -f "$ADD_KEYRING" ]; then
        echo "ERROR: '$ADD_KEYRING' not found"
        return
     if [ ! -f "$ADD_KEYRING" ]; then
        echo "ERROR: '$ADD_KEYRING' not found"
        return


@@ -50,22 +50,26 @@ add_keys_with_verify_against_master_keyring() {
     #   from a key in the $distro-master-keyring
     add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
     master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`
     #   from a key in the $distro-master-keyring
     add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
     master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`

-    # verify to ensure that there are no key id duplications that may be
-    # used to attack the system, see LP: #857472
+    
+    ADDED=0

     for add_key in $add_keys; do
     for add_key in $add_keys; do

+
+        # ensure there are no colisions LP: #857472

        for master_key in $master_keys; do
             if [ "$add_key" = "$master_key" ]; then
                 echo >&2 "Keyid collision for '$add_key' detected, operation aborted"
                 return 1
             fi
         done
        for master_key in $master_keys; do
             if [ "$add_key" = "$master_key" ]; then
                 echo >&2 "Keyid collision for '$add_key' detected, operation aborted"
                 return 1
             fi
         done

-    done
-    # add all keys signed with any of the master key(s)
-    for add_key in $add_keys; do
-       ADDED=0
+
+        # export the add keyring one-by-one
+        rm -f $TMP_KEYRING
+        $GPG_CMD --keyring $ADD_KEYRING --export $add_key | $GPG_CMD --keyring $TMP_KEYRING --import --trust-model direct
+
+        # check if signed with the master key and only add in this case

        for master_key in $master_keys; do
        for master_key in $master_keys; do

-           if $GPG_CMD --keyring $ADD_KEYRING --verify-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then
-               $GPG_CMD --quiet --batch --keyring $ADD_KEYRING --export $add_key | $GPG --import
+           if $GPG_CMD --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then
+               $GPG --import $TMP_KEYRING

                ADDED=1
            fi
        done
                ADDED=1
            fi
        done


@@ -73,14 +77,13 @@ add_keys_with_verify_against_master_keyring() {
            echo >&2 "Key '$add_key' not added. It is not signed with a master key"
        fi
     done
            echo >&2 "Key '$add_key' not added. It is not signed with a master key"
        fi
     done

+    rm -f $TMP_KEYRING

 }
 
 # update the current archive signing keyring from a network URI
 # the archive-keyring keys needs to be signed with the master key
 # (otherwise it does not make sense from a security POV)
 net_update() {
 }
 
 # update the current archive signing keyring from a network URI
 # the archive-keyring keys needs to be signed with the master key
 # (otherwise it does not make sense from a security POV)
 net_update() {

-    # Disabled for now as code is insecure
-    exit 1

 
     if [ -z "$ARCHIVE_KEYRING_URI" ]; then
        echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set"
 
     if [ -z "$ARCHIVE_KEYRING_URI" ]; then
        echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set"

diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update
index 66aafbbc4794aaa937fb1b97e65001516327a693..710c02f61f5ad31587d01a45364958523958fd75 100755 (executable)
--- a/test/integration/test-apt-key-net-update
+++ b/test/integration/test-apt-key-net-update
@@ -18,10 +18,13 @@ eval "$func"
 
 mkdir -p ./etc/apt
 TRUSTEDFILE=./etc/apt/trusted.gpg
 
 mkdir -p ./etc/apt
 TRUSTEDFILE=./etc/apt/trusted.gpg

+mkdir -p ./var/lib/apt/keyrings
+TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg

 GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
 GPG="$GPG_CMD --keyring $TRUSTEDFILE"
 MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
 
 GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
 GPG="$GPG_CMD --keyring $TRUSTEDFILE"
 MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
 

+

 msgtest "add_keys_with_verify_against_master_keyring"
 if [ ! -e $MASTER_KEYRING ]; then
     echo -n "No $MASTER_KEYRING found"
 msgtest "add_keys_with_verify_against_master_keyring"
 if [ ! -e $MASTER_KEYRING ]; then
     echo -n "No $MASTER_KEYRING found"