[Bug 1672710] Re: apt fails to verify keys when Dir has space, and set via cmdline

Dimitri John Ledkov launchpad at surgut.co.uk
Tue Mar 14 13:12:35 UTC 2017 

I made the apt-key dump the passed config file...

The difference between the generated files in the first and second cases
are:

-CommandLine::AsString "apt update";
+CommandLine::AsString "apt -o Dir="/tmp/tmp.26IBhxIxAw/Sub Dir" update"";

When executing apt-config with the second file as the APT_CONFIG to get
the trusted keys I get:

$ APT_CONFIG=/tmp/apt-key-cheat-1489496770 apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
E: Syntax error /tmp/apt-key-cheat-1489496770:213: Extra junk at end of file

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1672710

Title:
  apt fails to verify keys when Dir has space, and set via cmdline

Status in apt package in Ubuntu:
  Confirmed

Bug description:
  When Dir has a space, and it is set via APT_CONFIG file, keys are found and validated correctly.
  When Dir is set without a space via cmdline, keys are found and validated correctly.
  When Dir is set with a space via cmdline, keys are not found and repositories are not verified.

  
  Please see attached reproducer, which works on xenial system (gpg1) but not on zesty system (gpg2)

  $ bash reproducer.sh
  ++ mktemp -d
  + tmpdir=/tmp/tmp.sFipy6h5yL
  + pushd /tmp/tmp.sFipy6h5yL
  /tmp/tmp.sFipy6h5yL ~
  + mkdir 'Sub Dir'
  + pushd 'Sub Dir'
  /tmp/tmp.sFipy6h5yL/Sub Dir /tmp/tmp.sFipy6h5yL ~
  + mkdir -p etc/apt/apt.conf.d
  + mkdir -p etc/apt/trusted.gpg.d
  + mkdir -p etc/apt/preferences.d
  + mkdir -p var/lib/apt/lists/partial
  + mkdir -p var/lib/dpkg
  + touch var/lib/dpkg/status
  + cp /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg etc/apt/trusted.gpg.d/
  + echo 'deb http://archive.ubuntu.com/ubuntu/ trusty main'
  + echo 'Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";'
  + export APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf
  + APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf
  + cat /tmp/tmp.sFipy6h5yL/apt.conf
  Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";
  + :
  + : == list available keys ==
  + apt-key list
  /tmp/tmp.sFipy6h5yL/Sub Dir/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
  ---------------------------------------------------------------------------------
  pub   rsa4096 2012-05-11 [SC]
        790B C727 7767 219C 42C8  6F93 3B4F E6AC C0B2 1F32
  uid           [ unknown] Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>

  + :
  + : == update with environ APT_CONFIG setting the Dir variable ==
  + apt update
  Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
  Get:2 http://archive.ubuntu.com/ubuntu trusty Release [58.5 kB]
  Get:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg [933 B]
  Get:4 http://archive.ubuntu.com/ubuntu trusty/main amd64 Packages [1,350 kB]
  Fetched 1,410 kB in 0s (1,959 kB/s) 
  Reading package lists... Done
  Building dependency tree... Done
  All packages are up to date.
  + unset APT_CONFIG
  + :
  + : == update with cmdline Dir option setting Dir to relative pwd ==
  + apt -o Dir=./ update
  Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
  Hit:2 http://archive.ubuntu.com/ubuntu trusty Release
  Reading package lists... Done
  Building dependency tree... Done
  All packages are up to date.
  + :
  + : == update with cmdline Dir option setting Dir to absolute pwd with space ==
  + apt -o 'Dir=/tmp/tmp.sFipy6h5yL/Sub Dir' update
  Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
  Hit:2 http://archive.ubuntu.com/ubuntu trusty Release
  Err:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg
    The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
  Reading package lists... Done
  Building dependency tree... Done
  All packages are up to date.
  W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com/ubuntu trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
  W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
  W: Some index files failed to download. They have been ignored, or old ones used instead.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1672710/+subscriptions

More information about the foundations-bugs mailing list