[Bug 1644516] Re: apt-key del does not delete key but also not report any error

Tyler Hicks tyhicks at canonical.com
Fri Dec 2 17:36:34 UTC 2016 

*** This bug is a duplicate of bug 1481871 ***
    https://bugs.launchpad.net/bugs/1481871

Thanks for the bug report, Roman.

I can confirm this on at least Ubuntu 14.04 using apt 1.0.1ubuntu2.15.

After digging around, it looks like this issue is already known and
public so I'm making this bug report public and marking it as a dupe of
this Launchpad bug:

 https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1481871

There's also a Debian bug related to this issue:

 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754436

** Bug watch added: Debian Bug tracker #754436
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754436

** Information type changed from Private Security to Public Security

** This bug has been marked a duplicate of bug 1481871
   apt-key del silently fails to delete keys due to limited understanding of GPG key ID formats

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1644516

Title:
  apt-key del does not delete key but also not report any error

Status in apt package in Ubuntu:
  New

Bug description:
  During routine quality check of our keyring package, it was detected,
  that "apt-key del" does not really remove keys from the keyring. This
  was seen on Ubuntu Trusty, other releases were not tested yet.

  To reproduce use:

  $ sudo /usr/bin/apt-key del AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
  echo $?

  Even if a key with that key-id would exist, it is not removed but also
  no error reported. Please note, that the short key ID (only lower 32
  bits) is prone to manipulation and should not be used.

  As a result, keys of former employees or keys exposed to data breaches
  may stay on systems.

  # lsb_release -rd
  Description:    Ubuntu 14.04.5 LTS
  Release:        14.04

  # apt-cache policy apt
  apt:
    Installed: 1.0.1ubuntu2.15
    Candidate: 1.0.1ubuntu2.15
    Version table:
   *** 1.0.1ubuntu2.15 0
          500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       1.0.1ubuntu2.13 0
          500 http://archive.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
       1.0.1ubuntu2 0
          500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1644516/+subscriptions

More information about the foundations-bugs mailing list