Bug#558784: apt: re-adds removed keys

Mon, 30 Nov 2009 07:00:54 -0800 

Package: apt
Severity: serious
Version: 0.7.24
Justification: overwrites local configuration changes

I have removed some keys from my apt keyring, but it seems like apt
always re-adds them when configuring:

shashlik# apt-key list
/etc/apt/trusted.gpg
--------------------
pub   1024D/6070D3A1 2006-11-20 [expired: 2009-07-01]
uid                  Debian Archive Automatic Signing Key (4.0/etch) 
<ftpmas...@debian.org>

pub   1024D/ADB11277 2006-09-17
uid                  Etch Stable Release Key <debian-rele...@lists.debian.org>

[...]

shashlik# apt-key remove ADB11277
OK
shashlik# apt-key update
gpg: key 6070D3A1: "Debian Archive Automatic Signing Key (4.0/etch) 
<ftpmas...@debian.org>" not changed
gpg: key ADB11277: public key "Etch Stable Release Key 
<debian-rele...@lists.debian.org>" imported
gpg: key BBE55AB3: "Debian-Volatile Archive Automatic Signing Key (4.0/etch)" 
not changed
gpg: key F42584E6: "Lenny Stable Release Key <debian-rele...@lists.debian.org>" 
not changed
gpg: key 55BE302B: "Debian Archive Automatic Signing Key (5.0/lenny) 
<ftpmas...@debian.org>" not changed
gpg: key 6D849617: "Debian-Volatile Archive Automatic Signing Key (5.0/lenny)" 
not changed
gpg: Total number processed: 6
gpg:               imported: 1
gpg:              unchanged: 5
gpg: no ultimately trusted keys found
shashlik# apt-key list
/etc/apt/trusted.gpg
--------------------

[...]

pub   1024D/ADB11277 2006-09-17
uid                  Etch Stable Release Key <debian-rele...@lists.debian.org>

shashlik# 

from apt.postinst:

case "$1" in
    configure)

        if ! test -f /etc/apt/trusted.gpg; then
                cp /usr/share/apt/debian-archive.gpg /etc/apt/trusted.gpg
        fi

        apt-key update

    ;;

so it is actually a double policy violation: removing
/etc/apt/trusted.gpg is a perfectly legal configuration change that apt
must not override.  Ditto, removing a key is a perfectly legal
configuration change that apt must not override in its postinst.

-- 
Tollef Fog Heen 
UNIX is user friendly, it's just picky about who its friends are



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to