Bug#816691: apt-key del 0xdeadbeef says "OK", but fails to remove the associated key

Fri, 04 Mar 2016 10:33:36 -0800 

Package: apt
Version: 1.2.4
Severity: normal
Tags: patch

It's common to indicate OpenPGP key IDs or fingerprints with a leading
0x, like "0xdeadbeef" instead of just "deadbeef"

However, "apt-key del 0xdeadbeef" prints out "OK" but doesn't actually
remove the key with that keyid.

The printing out of "OK" when nothing is matched is bad, but it is
addressed in #799342.  This report is about not actually removing keys
that have been asked to be removed.

The attached patch resolves things for me.

    --dkg

-- Package-specific info:

-- (/etc/apt/preferences present, but not submitted) --


-- (/etc/apt/sources.list present, but not submitted) --


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing'), (200, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt depends on:
ii  adduser                 3.113+nmu3
ii  debian-archive-keyring  2014.3
ii  gnupg                   1.4.20-4
ii  gnupg2                  2.1.11-5
ii  gpgv                    1.4.20-4
ii  gpgv2                   2.1.11-5
ii  libapt-pkg5.0           1.2.4
ii  libc6                   2.21-9
ii  libgcc1                 1:5.3.1-8
ii  libstdc++6              5.3.1-8

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc                      <none>
pn  aptitude | synaptic | wajig  <none>
ii  dpkg-dev                     1.18.4
ii  python-apt                   1.1.0~beta1+b1

-- debconf-show failed

>From e91ebeafd2070283ac039a082d038672e0e908ec Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Date: Fri, 4 Mar 2016 10:23:24 +0100
Subject: [PATCH] apt-key del should correctly handle keyids prefixed with 0x

---
 cmdline/apt-key.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 80eee62..cfd4be3 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -191,6 +191,10 @@ remove_key_from_keyring() {
     for KEY in "$@"; do
 	local FINGERPRINTS="${GPGHOMEDIR}/keyringfile.keylst"
 	get_fingerprints_of_keyring "$KEYRINGFILE" > "$FINGERPRINTS"
+
+        # strip leading 0x, if present:
+        KEY="$(printf %s "$KEY" | sed s/^0x//)"
+
 	# check if the key is in this keyring
 	if ! grep -iq "^[0-9A-F]*${KEY}$" "$FINGERPRINTS"; then
 	    continue
-- 
2.7.0

Reply via email to