Bug#341976: patch for apt-key adding interactive mode and keyserver support
Am Donnerstag, den 22.10.2009, 17:24 +0200 schrieb Stefan Tomanek: tags 341976 + patch Greetings, I created the attached patch that adds the following features to apt-key: apt-key --interactive add filename will show the keys that are to be imported with their fingerprints, making it possible to inspect them before adding them to the keyring and without polluting the personal key ring with keys that will never be used. apt-key --interactive fetch keyid will download the specified key from a keyserver, presenting its data to the user and awaiting confirmation before adding the key. Without --interactive/-i, the fetch command will be denied due to security considerations. I don't see a reason to do this. This is a command-line tool which only works as root and limiting the root user is non-sense. He could just point gpg to APT's keyring and add the key without apt-key, thus there is no security benefit in requiring interactiveness. The user should have the control over his machine, and if he wants to add a keyring without verifying it manually, he should be allowed to do so. Regards, Julian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#341976: patch for apt-key adding interactive mode and keyserver support
Dies schrieb Julian Andres Klode (j...@debian.org): apt-key --interactive fetch keyid will download the specified key from a keyserver, presenting its data to the user and awaiting confirmation before adding the key. Without --interactive/-i, the fetch command will be denied due to security considerations. I don't see a reason to do this. This is a command-line tool which only works as root and limiting the root user is non-sense. He could just point gpg to APT's keyring and add the key without apt-key, thus there is no security benefit in requiring interactiveness. I added this requirement to keep people from blindly retrieving keys from a keyserver without verifying them or thinking about the trust they put into the people behind the keys. (see also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341976#17) However, I think either removing the --interactive requirement or adding a --force/--noverify option to override it could be worthy of discussion. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#341976: patch for apt-key adding interactive mode and keyserver support
tags 341976 + patch Greetings, I created the attached patch that adds the following features to apt-key: apt-key --interactive add filename will show the keys that are to be imported with their fingerprints, making it possible to inspect them before adding them to the keyring and without polluting the personal key ring with keys that will never be used. apt-key --interactive fetch keyid will download the specified key from a keyserver, presenting its data to the user and awaiting confirmation before adding the key. Without --interactive/-i, the fetch command will be denied due to security considerations. The patch implements these new features by creating a temporary GnuPG directory, importing the keys there and preparing them for inspection. diff --git a/cmdline/apt-key b/cmdline/apt-key index 7bb3024..b3ffdfe 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -18,6 +18,27 @@ ARCHIVE_KEYRING_URI= ARCHIVE_KEYRING=/usr/share/keyrings/debian-archive-keyring.gpg REMOVED_KEYS=/usr/share/keyrings/debian-archive-removed-keys.gpg +cmd_add() { +local FILE=$1 +if [ $INTERACTIVE = 0 ]; then +add_keys_to_keyring $FILE +else +prepare_tmp +$GPG_TMP --batch --import $FILE || return 1 +confirm_tmpkeys add_tmpkeys_to_keyring +destroy_tmp +fi +} + +add_keys_to_keyring() { +local FILE=$1 +$GPG --quiet --batch --import $FILE echo OK +} + +add_tmpkeys_to_keyring() { +$GPG_TMP -q --no-tty --export | add_keys_to_keyring - +} + add_keys_with_verify_against_master_keyring() { ADD_KEYRING=$1 MASTER=$2 @@ -102,9 +123,89 @@ update() { done } +# variables for handling temporary key data +TMP= +TMP_GPGHOME= +GPG_TMP= + +prepare_tmp() { +if [ -n $TMP ]; then +echo prepare_temp() called twice, aborting +exit 1 +fi +TMP=$(mktemp -d -t apt-key.XX) +TMP_GPGHOME=$TMP/gpg + +trap destroy_tmp EXIT INT + +mkdir -p $TMP_GPGHOME +chmod go-rwx $TMP_GPGHOME +# create empty keyrings + $TMP_GPGHOME/pubring.gpg + $TMP_GPGHOME/secring.gpg + +GPG_TMP=gpg --homedir $TMP_GPGHOME --no-options --no-default-keyring --batch +} + +destroy_tmp() { + if [ -z $TMP ]; then +echo destroy_tmp() called without prepare_tmp() before, aborting +exit 1 +fi +# uninstall handler +trap - EXIT INT + +rm -fr $TMP +TMP= +TMP_GPGHOME= +GPG_TMP= +} + +fetch() { +local KEYID=$1 +local KEYSERVER=wwwkeys.de.pgp.net + +if [ $INTERACTIVE = 0 ]; then +echo For security reasons, fetching keys from a keyserver does only work in --interactive mode. +return 1 +fi + +if [ -z $KEYID ]; then +echo Nothing to fetch +return 1 +fi + +$GPG_TMP -q --no-tty --keyserver $KEYSERVER --recv-keys $KEYID || return 1 + +if confirm_tmpkeys; then +# keys confirmed, import them in the keyring +add_tmpkeys_to_keyring +else +echo Aborted +return 1 +fi +} + +confirm_tmpkeys() { +echo +echo Please compare the key identities and fingerprints below to an +echo independent source to confirm their integrity. +echo + +$GPG_TMP --fingerprint + +CONFIRMATION=Yes, I will + +echo Do your trust this key and wish to add it to your apt keyring? +echo So answer with '$CONFIRMATION'. +read -pANSWER + +[ $ANSWER = $CONFIRMATION ] +} + usage() { -echo Usage: apt-key [command] [arguments] +echo Usage: apt-key [--interactive|-i] [command] [arguments] echo echo Manage apt's list of trusted keys echo @@ -116,10 +217,18 @@ usage() { echo apt-key net-update - update keys using the network echo apt-key list- list keys echo apt-key finger - list fingerprints -echo apt-key adv - pass advanced options to gpg (download key) +echo apt-key -i fetch keyid- fetch key from keyserver (required interactive mode) +echo apt-key adv - pass advanced options to gpg echo } +INTERACTIVE=0 + +if [ $1 = --interactive ] || [ $1 = -i ]; then +INTERACTIVE=1 +shift +fi + command=$1 if [ -z $command ]; then usage @@ -135,8 +244,7 @@ fi case $command in add) -$GPG --quiet --batch --import $1 -echo OK +cmd_add $1 ;; del|rm|remove) $GPG --quiet --batch --delete-key --yes $1 @@ -164,6 +272,11 @@ case $command in echo Executing: $GPG $* $GPG $* ;; +fetch) +prepare_tmp; +fetch $* +destroy_tmp; +;; help) usage ;;
Bug#341976: patch
On Thu, Nov 23, 2006 at 12:21:01PM +0100, Flavio Stanchina wrote: tags 341976 + patch thanks Here's a patch that adds a get keyid server command to apt-key. This patch is dangerously insecure, since it does not perform any verification that the key that gets retrieved actually matches a trusted key fingerprint. If you're going to do this at all, the correct thing to do is probably to require the user to enter the full 40-character (160-bit) key fingerprint as the key id. -- Dwayne C. Litzenberger [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#341976: patch
tags 341976 + patch thanks Here's a patch that adds a get keyid server command to apt-key. Patch against apt 0.6.46.3 -- Ciao, Flavio diff --git a/cmdline/apt-key b/cmdline/apt-key index 7460a24..12b76f2 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -39,6 +39,7 @@ usage() { echo echo apt-key add file - add the key contained in file ('-' for stdin) echo apt-key del keyid - remove the key keyid +echo apt-key get keyid server- receive the key keyid from server echo apt-key update - update keys using the keyring package echo apt-key list- list keys echo @@ -66,6 +67,13 @@ case $command in $GPG --quiet --batch --delete-key --yes $1 echo OK ;; +get) +if [ -z $1 ] || [ -z $2 ]; then +usage +exit 1 +fi +$GPG --batch --keyserver $2 --recv-keys $1 +;; update) update ;; diff --git a/debian/changelog b/debian/changelog index eaf8974..8c75d94 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +apt (0.6.46.4) unstable; urgency=low + + * Non-maintainer upload. + * Add command get keyid server to apt-key. Closes: #341976 + + -- Flavio Stanchina [EMAIL PROTECTED] Thu, 23 Nov 2006 12:13:53 +0100 + apt (0.6.46.3) unstable; urgency=low * apt-pkg/deb/dpkgpm.cc: diff --git a/doc/apt-key.8 b/doc/apt-key.8 index 70d37df..c25090f 100644 --- a/doc/apt-key.8 +++ b/doc/apt-key.8 @@ -36,6 +36,11 @@ del \fIkeyid\fR Remove a key from the list of trusted keys. .RE .PP +get \fIkeyid\fR \fIkeyserver\fR +.RS 3n +Receive a key from the specified \fIkeyserver\fR. +.RE +.PP list .RS 3n List trusted keys. diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml index eac6130..a063458 100644 --- a/doc/apt-key.8.xml +++ b/doc/apt-key.8.xml @@ -63,6 +63,17 @@ /listitem /varlistentry + varlistentrytermget replaceablekeyid/replaceable replaceablekeyserver/replaceable/term + listitem + para + + Receive a key from the specified replaceablekeyserver/replaceable. + + /para + + /listitem + /varlistentry + varlistentrytermlist/term listitem para