Przeglądaj źródła

warn if apt-key is used in scripts/its output parsed

apt-key needs gnupg for most of its operations, but depending on it
isn't very efficient as apt-key is hardly used by users – and scripts
shouldn't use it to begin with as it is just a silly wrapper. To draw
more attention on the fact that e.g. 'apt-key add' should not be used in
favor of "just" dropping a keyring file into the trusted.gpg.d
directory this commit implements the display of warnings.
David Kalnischkies 10 lat temu
rodzic
commit
08fcf96288

+ 19 - 1
cmdline/apt-key.in

@@ -494,7 +494,7 @@ prepare_gpg_home() {
     # package depends on gnupg or not. We accept recommends here as
     # package depends on gnupg or not. We accept recommends here as
     # well as the script hopefully uses apt-key optionally then like e.g.
     # well as the script hopefully uses apt-key optionally then like e.g.
     # debian-archive-keyring for (upgrade) cleanup did
     # debian-archive-keyring for (upgrade) cleanup did
-    if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then
+    if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ] && [ -z "$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE" ]; then
 	if ! dpkg-query --show --showformat '${Pre-Depends}${Depends}${Recommends}\n' "$DPKG_MAINTSCRIPT_PACKAGE" 2>/dev/null | grep -q gnupg; then
 	if ! dpkg-query --show --showformat '${Pre-Depends}${Depends}${Recommends}\n' "$DPKG_MAINTSCRIPT_PACKAGE" 2>/dev/null | grep -q gnupg; then
 	    cat >&2 <<EOF
 	    cat >&2 <<EOF
 Warning: The $DPKG_MAINTSCRIPT_NAME maintainerscript of the package $DPKG_MAINTSCRIPT_PACKAGE
 Warning: The $DPKG_MAINTSCRIPT_NAME maintainerscript of the package $DPKG_MAINTSCRIPT_PACKAGE
@@ -554,12 +554,25 @@ exec '$(escape_shell "${GPG_EXE}")' --ignore-time-conflict --no-options --no-def
     fi
     fi
 }
 }
 
 
+warn_on_script_usage() {
+    if [ -n "$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE" ]; then
+	return
+    fi
+    # (Maintainer) scripts should not be using apt-key
+    if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then
+	echo >&2 "Warning: apt-key should not be used in scripts (called from $DPKG_MAINTSCRIPT_NAME maintainerscript of the package ${DPKG_MAINTSCRIPT_PACKAGE})"
+    elif [ ! -t 1 ]; then
+	echo >&2 "Warning: apt-key output should not be parsed (stdout is not a terminal)"
+    fi
+}
+
 if [ "$command" != 'help' ] && [ "$command" != 'verify' ]; then
 if [ "$command" != 'help' ] && [ "$command" != 'verify' ]; then
     prepare_gpg_home
     prepare_gpg_home
 fi
 fi
 
 
 case "$command" in
 case "$command" in
     add)
     add)
+	warn_on_script_usage
 	requires_root
 	requires_root
 	setup_merged_keyring
 	setup_merged_keyring
 	aptkey_execute "$GPG" --quiet --batch --import "$@"
 	aptkey_execute "$GPG" --quiet --batch --import "$@"
@@ -567,11 +580,13 @@ case "$command" in
 	aptkey_echo "OK"
 	aptkey_echo "OK"
         ;;
         ;;
     del|rm|remove)
     del|rm|remove)
+	# no script warning here as removing 'add' usage needs 'del' for cleanup
 	requires_root
 	requires_root
 	foreach_keyring_do 'remove_key_from_keyring' "$@"
 	foreach_keyring_do 'remove_key_from_keyring' "$@"
 	aptkey_echo "OK"
 	aptkey_echo "OK"
         ;;
         ;;
     update)
     update)
+	warn_on_script_usage
 	requires_root
 	requires_root
 	setup_merged_keyring
 	setup_merged_keyring
 	update
 	update
@@ -584,13 +599,16 @@ case "$command" in
 	merge_back_changes
 	merge_back_changes
 	;;
 	;;
     list|finger*)
     list|finger*)
+	warn_on_script_usage
 	foreach_keyring_do 'run_cmd_on_keyring' --fingerprint "$@"
 	foreach_keyring_do 'run_cmd_on_keyring' --fingerprint "$@"
 	;;
 	;;
     export|exportall)
     export|exportall)
+	warn_on_script_usage
 	merge_all_trusted_keyrings_into_pubring
 	merge_all_trusted_keyrings_into_pubring
 	aptkey_execute "$GPG_SH" --keyring "${GPGHOMEDIR}/pubring.gpg" --armor --export "$@"
 	aptkey_execute "$GPG_SH" --keyring "${GPGHOMEDIR}/pubring.gpg" --armor --export "$@"
 	;;
 	;;
     adv*)
     adv*)
+	warn_on_script_usage
 	setup_merged_keyring
 	setup_merged_keyring
 	aptkey_echo "Executing: $GPG $*"
 	aptkey_echo "Executing: $GPG $*"
 	aptkey_execute "$GPG" "$@"
 	aptkey_execute "$GPG" "$@"

+ 16 - 1
doc/apt-key.8.xml

@@ -13,7 +13,7 @@
    &apt-email;
    &apt-email;
    &apt-product;
    &apt-product;
    <!-- The last update date -->
    <!-- The last update date -->
-   <date>2015-10-15T00:00:00Z</date>
+   <date>2016-07-01T00:00:00Z</date>
  </refentryinfo>
  </refentryinfo>
 
 
  <refmeta>
  <refmeta>
@@ -36,6 +36,15 @@
    by apt to authenticate packages.  Packages which have been
    by apt to authenticate packages.  Packages which have been
    authenticated using these keys will be considered trusted.
    authenticated using these keys will be considered trusted.
    </para>
    </para>
+   <para>
+   Note that if usage of <command>apt-key</command> is desired the additional
+   installation of the GNU Privacy Guard suite (packaged in
+   <package>gnupg</package>) is required. For this reason alone the programatic
+   usage (especially in package maintainerscripts!) is strongly discouraged.
+   Further more the output format of all commands is undefined and can and does
+   change whenever the underlying commands change. <command>apt-key</command> will
+   try to detect such usage and generates warnings on stderr in these cases.
+   </para>
 </refsect1>
 </refsect1>
 
 
 <refsect1><title>Commands</title>
 <refsect1><title>Commands</title>
@@ -53,6 +62,12 @@
      verified to belong to the owner of the repositories they claim to be for
      verified to belong to the owner of the repositories they claim to be for
      otherwise the &apt-secure; infrastructure is completely undermined.
      otherwise the &apt-secure; infrastructure is completely undermined.
      </para>
      </para>
+     <para>
+       Instead of using this command a keyring can be placed directly in the
+       <filename>/etc/apt/trusted.gpg.d/</filename> directory with a descriptive name
+       (same rules for filename apply as for &apt-conf; files) and "<literal>gpg</literal>"
+       as file extension.
+     </para>
      </listitem>
      </listitem>
      </varlistentry>
      </varlistentry>
 
 

+ 1 - 0
test/integration/framework

@@ -403,6 +403,7 @@ EOF
 	fi
 	fi
 	echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https
 	echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https
 	echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
 	echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
+	export APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=no
 	echo 'Acquire::Connect::AddrConfig "false";' > rootdir/etc/apt/apt.conf.d/connect-addrconfig
 	echo 'Acquire::Connect::AddrConfig "false";' > rootdir/etc/apt/apt.conf.d/connect-addrconfig
 
 
 	configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
 	configcompression '.' 'gz' #'bz2' 'lzma' 'xz'

+ 10 - 2
test/integration/test-apt-key-used-in-maintainerscript

@@ -5,6 +5,7 @@ TESTDIR="$(readlink -f "$(dirname "$0")")"
 . "$TESTDIR/framework"
 . "$TESTDIR/framework"
 
 
 setupenvironment
 setupenvironment
+unset APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE
 configarchitecture 'native'
 configarchitecture 'native'
 configdpkgnoopchroot
 configdpkgnoopchroot
 
 
@@ -14,7 +15,7 @@ buildingpkg() {
 	setupsimplenativepackage "$PKG" 'native' '1' 'unstable' "$@"
 	setupsimplenativepackage "$PKG" 'native' '1' 'unstable' "$@"
 	BUILDDIR="incoming/${PKG}-1"
 	BUILDDIR="incoming/${PKG}-1"
 	echo '#!/bin/sh
 	echo '#!/bin/sh
-apt-key list' > "${BUILDDIR}/debian/postinst"
+apt-key list >/dev/null' > "${BUILDDIR}/debian/postinst"
 	buildpackage "$BUILDDIR" 'unstable' 'main' 'native'
 	buildpackage "$BUILDDIR" 'unstable' 'main' 'native'
 	rm -rf "$BUILDDIR"
 	rm -rf "$BUILDDIR"
 }
 }
@@ -27,8 +28,15 @@ insertinstalledpackage 'unrelated' 'native' '1'
 insertinstalledpackage 'gnupg' 'native' '1'
 insertinstalledpackage 'gnupg' 'native' '1'
 
 
 testsuccess apt install aptkeyuser-depends -y
 testsuccess apt install aptkeyuser-depends -y
-testfailure grep '^Warning: This will BREAK' rootdir/tmp/testsuccess.output
+cp rootdir/tmp/testsuccess.output apt.output
+testfailure grep '^Warning: This will BREAK' apt.output
+testsuccess grep '^Warning: apt-key' apt.output
 
 
 testsuccess apt install aptkeyuser-nodepends -y
 testsuccess apt install aptkeyuser-nodepends -y
 cp rootdir/tmp/testsuccess.output apt.output
 cp rootdir/tmp/testsuccess.output apt.output
 testsuccess grep '^Warning: This will BREAK' apt.output
 testsuccess grep '^Warning: This will BREAK' apt.output
+testsuccess grep '^Warning: apt-key' apt.output
+
+testsuccess aptkey list
+cp rootdir/tmp/testsuccess.output aptkey.list
+testsuccess grep '^Warning: apt-key' aptkey.list