Package: keyringer Severity: minor Tags: patch upstream -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Dear Maintainer, The keyringer_check_expiration has a bug where, if a public key is listed multiple times by GnuPG, its primary-key expiry-check is broken and it produces noisy bash warnings: > % keyringer oignons-ca decrypt fournisseurs.asc > /usr/bin/../lib/keyringer/actions/../functions: line 705: [[: 1496165541 > 1480493851: syntax error in expression (error token is "1480493851") > [...] This can happen if several keyrings are in use, for instance the user's and the keyrings provided by the debian-keyring package. The bug affects jessie, stretch, sid and the upstream development version. Please find enclosed a patch, that I will forward upstream as soon as I get access to keyringer's bug tracker. Best, nicoo - -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages keyringer depends on: ii gawk 1:4.1.3+dfsg-0.1+b1 ii git 1:2.10.2-3 ii gnupg 2.1.15-9 ii mawk 1.3.3-17 Versions of packages keyringer recommends: ii openssl 1.0.2j-1 ii tree 1.7.0-4 ii wipe 0.22-4 ii xclip 0.12+svn84-4 ii xdg-utils 1.1.1-1 keyringer suggests no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- iQJNBAEBCgA3FiEEiWEbFKE2h/s1SpJPnU+IAQz+GeMFAlhO0VgZHG5pY29sYXNA YnJhdWQtc2FudG9uaS5ldQAKCRCdT4gBDP4Z46TJD/49IcaQ0wBlov26JDuigZ1b HsTbagafPUM3ARBktnVmdg3zvOlOBJ6UrvyxpHWUND0IkAQtS5f5u6gutH2Kelos lRvLFE8Od0FcgF+x7cn8/qs0ZAuRt/bytg0B+aIvubIEpzU3JZHMOG24xrjzXNwn WgM7VUIr7L+Ecx/cOjpXLQuxbAZGkJw44YiXonyJftAFXBwYuXtBM5SaR+W3fu5d 8AaWwBbLXXL6pA9bQhnxOSyhZ6RHj7+zx834XOafyA22TsZ/It1x+Iia30QuSMAC j25/1i7WNQipepsiNVbcn7Ctvcr8wd7lxYpa+dhiTiUBS4ppug7NiwMKMP/k4y9R 6ihQApT+djLVj+ODJmhDo6QQDmHtjX/Ngcw7zx2yXKrqjlT50jbdgiKLUSZKIs3e 4VvZQ1piZCTSRBD6c2Q6m8xnVxE5Znidk7Zu/ou+gYfF1huqIrev4Pb+KfDGWvf5 Ix1UktBrVw1OXMqxU25P4qjfuoX+KUMdzVC3Fldq/hBFOdgn99fYVoI2lh/pKhvG Y+uH1U0g+usZAhHUFpvwBq9oMl+MDdsB8ZRzQgzwnHn0rPkGUh8ZF+HaZavW6Kb+ u3N+aGwWzfT5ZnNYvQS546QyR0sNRqtd0ibNJ1A4NDf9SAr6aBFuKi02U6bcw6Vf sNtBmUC4emD3FTzA3nBGRw== =Wxwe -----END PGP SIGNATURE-----
>From f6751bbf683df4206481abfb41c395f0fdcf8485 Mon Sep 17 00:00:00 2001 From: Nicolas Braud-Santoni <[email protected]> Date: Mon, 12 Dec 2016 17:01:42 +0100 Subject: [PATCH 2/4] keyringer_check_expiration: Handle multiple listings of the pubkey It can happen, when multiple keyrings are used (for instance the user's and /usr/share/keyrings/debian-keyring.gpg) that GnuPG lists several time a given key, yielding several 'pub' lines. Without this fix, $expiry is then a string with one (or more) \n, which of course cannot be used as a number. --- lib/keyringer/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index fd0176b..e5aef10 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -703,7 +703,7 @@ function keyringer_check_expiration { seconds="`date +%s`" # Check the main key - expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | cut -d : -f 7`" + expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | head -n1 | cut -d : -f 7`" # TODO: Time to expire can be configured via repository options. ahead="$((86400 * 30 + $seconds))" -- 2.10.2
