diff options
author | Dave Reisner <dreisner@archlinux.org> | 2013-06-03 14:13:08 -0400 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2013-06-04 14:01:41 +1000 |
commit | d080a469a002a6fd3d99e58211494292172fd77a (patch) | |
tree | 8f967d3c26b8cc670eee0b7da3f4f3e44cab7f26 | |
parent | dd62fde53ec00f1b08d312951b919e15050efe86 (diff) | |
download | pacman-d080a469a002a6fd3d99e58211494292172fd77a.tar.xz |
pacman-key: Do not reinterpret keys from revoked keyrings
Given a revoked keyring containing only:
BC1FBE4D2826A0B51E47ED62E2539214C6C11350
We should only disable this specific keyid. This change enforces that the
contents of the -revoked keyring file are full fingerprints which can uniquely
identify a key.
Before:
# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
-> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
-> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
-> Disabling key 1390420191...
-> Disabling key E2539214C6C11350...
-> Disabling key 8544EA82113502DE...
==> Updating trust database...
gpg: next trustdb check due at 2014-01-22
After:
# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
-> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
-> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
-> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
==> Updating trust database...
gpg: next trustdb check due at 2014-01-22
Partially addresses FS#35478. This does nothing to confirm whether or not the
key was successfully disabled -- a ridiculously simple request which appears to
be far too difficult for gpg to manage.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r-- | scripts/pacman-key.sh.in | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 92875eff..30fba10b 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -310,19 +310,12 @@ populate_keyring() { done fi - # Read the revoked key IDs to an array. The conversion from whatever is - # inside the file to key ids is important, because key ids are the only - # guarantee of identification for the keys. local -A revoked_ids for keyring in "${KEYRINGIDS[@]}"; do - if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then - mapfile -t keys < "${KEYRING_IMPORT_DIR}/${keyring}-revoked" - while IFS=: read _ _ _ _ key_id _; do - if [[ -n $key_id ]]; then - # Mark this key to be disabled - revoked_ids[$key_id]="${keyring}" - fi - done < <("${GPG_PACMAN[@]}" --quiet --with-colons --list-keys "${keys[@]}" 2>/dev/null) + if [[ -s $KEYRING_IMPORT_DIR/$keyring-revoked ]]; then + while read -r key_id; do + revoked_ids["$key_id"]=1 + done <"$KEYRING_IMPORT_DIR/$keyring-revoked" fi done |