[dpkg] 04/11: Dpkg::OpenPGP::Backend::GnuPG: Deprecate KeyBox formatted keyrings

Mon, 15 Dec 2025 06:03:17 -0800 

This is an automated email from the git hooks/post-receive script.

guillem pushed a commit to branch main
in repository dpkg.

View the commit online:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6f76980f9125dd126fb75cb4ae7fe77326e4ccf4

commit 6f76980f9125dd126fb75cb4ae7fe77326e4ccf4
Author: Guillem Jover <[email protected]>
AuthorDate: Sat May 24 21:00:24 2025 +0200

    Dpkg::OpenPGP::Backend::GnuPG: Deprecate KeyBox formatted keyrings
    
    This is a GnuPG specific, custom and unportable file format, that
    cannot be used transparently by other OpenPGP implementations.
    
    Swap the preferred order of the GnuPG trustedkeys lookup from .kbx then
    .gpg, to .gpg then .kbx, so that the user can override the file and
    avoid one of the warnings.
---
 scripts/Dpkg/OpenPGP/Backend/GnuPG.pm | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm 
b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm
index 4134083be..ed4728f48 100644
--- a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm
+++ b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm
@@ -86,7 +86,7 @@ sub get_trusted_keyrings {
     }
 
     my @keyrings;
-    foreach my $keyring (qw(trustedkeys.kbx trustedkeys.gpg)) {
+    foreach my $keyring (qw(trustedkeys.gpg trustedkeys.kbx)) {
         push @keyrings, "$keystore/$keyring" if -r "$keystore/$keyring";
     }
     return @keyrings;
@@ -122,6 +122,23 @@ sub _gpg_options_weak_digests {
     return @gpg_weak_digests;
 }
 
+sub _file_is_keybox($file)
+{
+    my $header;
+
+    open my $fh, '<', $file
+        or syserr(g_('cannot open %s'), $file);
+    my $rc = read $fh, $header, 32;
+    if (! defined $rc || $rc != 32) {
+        syserr(g_('cannot read %s'), $file);
+    }
+    close $fh;
+
+    my ($lead, $magic) = unpack 'a8a4', $header;
+
+    return $magic eq 'KBXf';
+}
+
 sub _gpg_verify {
     my ($self, $signeddata, $sig, $data, @certs) = @_;
 
@@ -150,9 +167,13 @@ sub _gpg_verify {
             SUFFIX => '.pgp',
         );
         my $rc;
-        if ($cert =~ m{\.kbx$}) {
-            # Accept GnuPG apparent keybox-format keyrings as-is.
+        if ($cert =~ m{\.kbx$} || _file_is_keybox($cert)) {
+            # Accept GnuPG apparent or real keybox-format keyrings as-is, but
+            # warn that they are deprecated.
             $rc = 1;
+            warning(g_('using GnuPG specific KeyBox formatted keyring %s is 
deprecated; ' .
+                       'use an OpenPGP formatted keyring instead'),
+                    $cert);
         } else {
             # Note that these _pgp_* functions are only necessary while
             # relying on gpgv, and gpgv itself does not verify multiple

-- 
Dpkg.Org's dpkg

Reply via email to