[Bug 1672710] Re: apt fails to verify keys when Dir has space, and set via cmdline

Julian Andres Klode jak at jak-linux.org
Tue Mar 14 13:42:00 UTC 2017 

apt config does not support double quote escaping. "" just ends the
first string and starts another. and \" does not work either.

Specifying Dir on the commandline does not really work in a sane way
anyway, as it loads the configuration files from /etc, but the rest from
within the specified directory. You likely always want to use APT_CONFIG
if you want to specify Dir.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1672710

Title:
  apt fails to verify keys when Dir has space, and set via cmdline

Status in apt package in Ubuntu:
  Confirmed

Bug description:
  When Dir has a space, and it is set via APT_CONFIG file, keys are found and validated correctly.
  When Dir is set without a space via cmdline, keys are found and validated correctly.
  When Dir is set with a space via cmdline, keys are not found and repositories are not verified.

  
  Please see attached reproducer, which works on xenial system (gpg1) but not on zesty system (gpg2)

  $ bash reproducer.sh
  ++ mktemp -d
  + tmpdir=/tmp/tmp.sFipy6h5yL
  + pushd /tmp/tmp.sFipy6h5yL
  /tmp/tmp.sFipy6h5yL ~
  + mkdir 'Sub Dir'
  + pushd 'Sub Dir'
  /tmp/tmp.sFipy6h5yL/Sub Dir /tmp/tmp.sFipy6h5yL ~
  + mkdir -p etc/apt/apt.conf.d
  + mkdir -p etc/apt/trusted.gpg.d
  + mkdir -p etc/apt/preferences.d
  + mkdir -p var/lib/apt/lists/partial
  + mkdir -p var/lib/dpkg
  + touch var/lib/dpkg/status
  + cp /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg etc/apt/trusted.gpg.d/
  + echo 'deb http://archive.ubuntu.com/ubuntu/ trusty main'
  + echo 'Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";'
  + export APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf
  + APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf
  + cat /tmp/tmp.sFipy6h5yL/apt.conf
  Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";
  + :
  + : == list available keys ==
  + apt-key list
  /tmp/tmp.sFipy6h5yL/Sub Dir/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
  ---------------------------------------------------------------------------------
  pub   rsa4096 2012-05-11 [SC]
        790B C727 7767 219C 42C8  6F93 3B4F E6AC C0B2 1F32
  uid           [ unknown] Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>

  + :
  + : == update with environ APT_CONFIG setting the Dir variable ==
  + apt update
  Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
  Get:2 http://archive.ubuntu.com/ubuntu trusty Release [58.5 kB]
  Get:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg [933 B]
  Get:4 http://archive.ubuntu.com/ubuntu trusty/main amd64 Packages [1,350 kB]
  Fetched 1,410 kB in 0s (1,959 kB/s) 
  Reading package lists... Done
  Building dependency tree... Done
  All packages are up to date.
  + unset APT_CONFIG
  + :
  + : == update with cmdline Dir option setting Dir to relative pwd ==
  + apt -o Dir=./ update
  Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
  Hit:2 http://archive.ubuntu.com/ubuntu trusty Release
  Reading package lists... Done
  Building dependency tree... Done
  All packages are up to date.
  + :
  + : == update with cmdline Dir option setting Dir to absolute pwd with space ==
  + apt -o 'Dir=/tmp/tmp.sFipy6h5yL/Sub Dir' update
  Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
  Hit:2 http://archive.ubuntu.com/ubuntu trusty Release
  Err:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg
    The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
  Reading package lists... Done
  Building dependency tree... Done
  All packages are up to date.
  W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com/ubuntu trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
  W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
  W: Some index files failed to download. They have been ignored, or old ones used instead.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1672710/+subscriptions

More information about the foundations-bugs mailing list