From dacb75c62564f436a5f56b0a04169dc71ec3a9cd Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 30 Sep 2014 15:21:44 +0200 Subject: adjust version numbers for the planed upload --- debian/apt.postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debian/apt.postinst') diff --git a/debian/apt.postinst b/debian/apt.postinst index 01f78a1dd..deb422aa5 100755 --- a/debian/apt.postinst +++ b/debian/apt.postinst @@ -15,7 +15,7 @@ set -e case "$1" in configure) - if dpkg --compare-versions "$2" lt 1.0.7; then + if dpkg --compare-versions "$2" lt 1.1~exp4; then # apt-key before 0.9.10 could leave empty keyrings around find /etc/apt/trusted.gpg.d/ -name '*.gpg' | while read keyring; do if ! test -s "$keyring"; then -- cgit v1.2.3 From 8b32e72c6f7143de4ec02f44e362b0df9e21e024 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 1 Oct 2014 23:58:05 +0200 Subject: ensure world-readability for trusted.gpg in postinst apt-key creates trusted.gpg if it needs it with 644 nowadays, but before it ensured this, it was gpg creating it, which gives it by default 600. Not a problem as long as our gpgv is run as root, but now that we drop privileges we have to ensure that we can also read trusted.gpg files created by earlier apt-key versions. Closes: 647001 --- debian/apt.postinst | 4 ++++ test/integration/test-apt-key | 7 +++++++ 2 files changed, 11 insertions(+) (limited to 'debian/apt.postinst') diff --git a/debian/apt.postinst b/debian/apt.postinst index deb422aa5..5820db587 100755 --- a/debian/apt.postinst +++ b/debian/apt.postinst @@ -22,6 +22,10 @@ case "$1" in rm -f "$keyring" fi done + # apt-key before 0.9.8.2 could create 0600 trusted.gpg file + if test -e /etc/apt/trusted.gpg ; then + chmod -f 0644 /etc/apt/trusted.gpg || true + fi fi if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index d5adec5bd..e6ac530a6 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -41,7 +41,14 @@ gpg: unchanged: 1' aptkey --fakeroot update testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' + testsuccess test ! -e rootdir/etc/apt/trusted.gpg testsuccess aptkey --fakeroot add ./keys/rexexpired.pub + msgtest 'Check if trusted.gpg is created with permissions set to' '0644' + if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then + msgpass + else + msgfail + fi testaptkeys 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] pub 2048R/DBAC8DAE 2010-08-18' -- cgit v1.2.3