Bug#316372: marked as done (/etc/apt/trusted.gpg not world readable)
Your message dated Thu, 30 Jun 2005 13:53:19 -0400
with message-id <20050630175319.GA25201@kitenet.net>
and subject line Bug#316372: Acknowledgement (/etc/apt/trusted.gpg not world readable)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 30 Jun 2005 13:52:16 +0000
>From joey@kitenet.net Thu Jun 30 06:52:16 2005
Return-path: <joey@kitenet.net>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DnzSi-0002Js-00; Thu, 30 Jun 2005 06:52:16 -0700
Received: from dragon.kitenet.net (dpc6682244174.direcpc.com [66.82.244.174])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 9E3ED17EED
for <submit@bugs.debian.org>; Thu, 30 Jun 2005 13:52:13 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 8B34A6E599; Thu, 30 Jun 2005 09:52:25 -0400 (EDT)
Date: Thu, 30 Jun 2005 09:52:24 -0400
From: Joey Hess <joeyh@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: /etc/apt/trusted.gpg not world readable
Message-ID: <[🔎] 20050630135224.GA10638@kitenet.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
X-Reportbug-Version: 3.15
User-Agent: Mutt/1.5.9i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: apt
Version: 0.6.38
Severity: normal
/etc/apt/trusted.gpg is mode 600. This breaks anything that uses apt to
download (etc) packages and runs as a regular user, since it cannot
verify signatures. One example is the debian-installer build. We have
worked around the problem there by the hack of pointing apt at
/usr/share/apt/debian-archive.gpg, which I suspect is a temporary
filename and which will cause unnecessary work for derivers.
I don't see any reason to have the file not be world readable in stock
installs, do you?
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)
Versions of packages apt depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared librarie=
s an
ii libgcc1 1:4.0.0-11 GCC support library
ii libstdc++5 1:3.3.6-7 The GNU Standard C++ Library v3
apt recommends no packages.
-- no debconf information
--=20
see shy jo
--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCw/kYd8HHehbQuO8RAm3eAJ93JN/M2MJx4hUkF/vO6R7W0BXmZwCgkpaj
XzZgAaqKbdDN6ZUZg4PsU38=
=Fvpt
-----END PGP SIGNATURE-----
--EVF5PPMfhYS0aIcm--
---------------------------------------
Received: (at 316372-done) by bugs.debian.org; 30 Jun 2005 17:53:34 +0000
>From joey@kitenet.net Thu Jun 30 10:53:34 2005
Return-path: <joey@kitenet.net>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Do3EE-0006JB-00; Thu, 30 Jun 2005 10:53:34 -0700
Received: from dragon.kitenet.net (dpc6682244174.direcpc.com [66.82.244.174])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 531D317DCF
for <316372-done@bugs.debian.org>; Thu, 30 Jun 2005 17:53:29 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id AF6806E599; Thu, 30 Jun 2005 13:53:20 -0400 (EDT)
Date: Thu, 30 Jun 2005 13:53:19 -0400
From: Joey Hess <joeyh@debian.org>
To: 316372-done@bugs.debian.org
Subject: Re: Bug#316372: Acknowledgement (/etc/apt/trusted.gpg not world readable)
Message-ID: <20050630175319.GA25201@kitenet.net>
References: <[🔎] 20050630135224.GA10638@kitenet.net> <handler.316372.B.11201395368931.ack@bugs.debian.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB"
Content-Disposition: inline
In-Reply-To: <handler.316372.B.11201395368931.ack@bugs.debian.org>
User-Agent: Mutt/1.5.9i
Delivered-To: 316372-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User error. Both machines where trusted.gpg was 600 had installed the
first secure apt back in 2003.
I've verified fresh etch installs upgraded to sid have the file 644, and
once I make it 644, no apt-key operations seem to set it back to 600.
--=20
see shy jo
--DocE+STaALJfprDB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCxDGPd8HHehbQuO8RAvNYAJ9EypUl10dk9X3oU1QLodHa3l6C+ACguPdF
S0OzWMp46O5GvHvkLzzU0nA=
=pRb5
-----END PGP SIGNATURE-----
--DocE+STaALJfprDB--
Reply to: