[pkg-gnupg-maint] How (not) to detect if a keyring file is a keybox in apt-key

David Kalnischkies david at kalnischkies.de
Fri Aug 4 12:25:47 UTC 2017


Hi,

(thanks Werner & Daniel for the comments!)

On Mon, Jul 31, 2017 at 05:58:17PM -0400, Daniel Kahn Gillmor wrote:
> Can we identify what code is dropping keybox files in that location?
> That seems like the origin of the problem, and we should make sure it
> gets fixed.

Sure. The issues range from buggy packaging (#846892) [perhaps
a detection can also be uplifted to a lintian error later] to buggy
advice on third-party repository websites through, so that doesn't only
take a while but also happens more often than hoped for – and apt-key
isn't the most helpful in this either as it "happily" supports keyboxes
in the list command due to how that is implemented…


> > | You can do this by inspecting the first octet of the ostensible binary
> > | keyring for one of these three values:
> > |
> > |  * 0x98 -- old-format OpenPGP public key packet, up to 255 octets
> > |  * 0x99 -- old-format OpenPGP public key packet, 256-65535 octets
> > |  * 0xc6 -- new-format OpenPGP public key packet, any length

Playing a bit with this I have to note that all keyring files I have on
disk or be able to produce are of the second category judged by the
first byte, but length is all over the place (but I assume there is more
than one packet in a file, so okay). Attached is hence a wip patch
implementing just looking at the first byte.


Best regards

David Kalnischkies
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apt-wip-ignore-unsupported-files-in-apt-key.patch
Type: text/x-diff
Size: 18302 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170804/1a2824c6/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170804/1a2824c6/attachment.sig>


More information about the pkg-gnupg-maint mailing list