[Bug 1995247] Re: Leftover /tmp/apt-key.* files after updates with embedded gpg keys in deb822 sources
Chris Halse Rogers
1995247 at bugs.launchpad.net
Wed Feb 8 01:03:49 UTC 2023
The kinetic sbuild autopkgtest regression *looks* to be a real regression to me - having a bit of a look, it seems mmdebstrap is checking the apt version against
```
$content =~ /^apt ([0-9]+\.[0-9]+\.[0-9]+)[a-z0-9]* \([a-z0-9-]+\)$/m
```
while this SRU has version string "apt 2.5.3ubuntu0.1 (amd64)". I'm not a perl expert, but I'm pretty sure that doesn't match, leaving mmdebstrap failing to detect the apt version and bailing.
It looks like this might require an mmdebstrap SRU before we can release
apt?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1995247
Title:
Leftover /tmp/apt-key.* files after updates with embedded gpg keys in
deb822 sources
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Jammy:
Fix Committed
Status in apt source package in Kinetic:
Fix Committed
Status in apt source package in Lunar:
Fix Released
Bug description:
[Impact]
When keys are embedded into deb822 sources files as Signed-By, apt writes them to a temporary file, but the code to delete them accidentally had an if (0) in front of the deletion, so they don't get deleted and accumulate with each `apt update` run.
[Test plan]
Including a test case for this in our comprehensive integration test suite which runs as autopkgtest, so passing autopkgtest = good.
[Where problems could occur]
Files could end up being removed too soon if the code is otherwise wrong?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1995247/+subscriptions
More information about the foundations-bugs
mailing list