Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] apt: Repos keys must be readable by non-root user #467

Closed
1 task
cpuguy83 opened this issue Dec 9, 2024 · 2 comments · Fixed by #481
Closed
1 task

[BUG] apt: Repos keys must be readable by non-root user #467

cpuguy83 opened this issue Dec 9, 2024 · 2 comments · Fixed by #481
Assignees
@adamperlin

Comments

@cpuguy83
Copy link
Member

cpuguy83 commented Dec 9, 2024

Expected Behavior

Specifying a repo key should not require explicitly setting permissions on the key file(s).

Actual Behavior

Keys must have the correct permissions already set (or defined in the source type).

Steps To Reproduce

extra_repos:
  - keys:
      msft.asc:
        http:
          url: https://packages.microsoft.com/keys/microsoft.asc

Building a spec with the above extra_repos on any apt-based distro will error with an unrelated error due to apt not being able to read the key.

Are you willing to submit PRs to contribute to this bug fix?

  • Yes, I am willing to implement it.
@cpuguy83 cpuguy83 added the bug Something isn't working label Dec 9, 2024
@adamperlin adamperlin self-assigned this Dec 10, 2024
@cpuguy83 cpuguy83 removed the bug Something isn't working label Dec 10, 2024
@cpuguy83 cpuguy83 mentioned this issue Dec 20, 2024
Merged
@adamperlin
Copy link
Contributor

What version of Dalec was this in? This seems to be working for me right now on latest, we should have logic for filling in permissions for HTTP sources that are nested under gpg keys:

dalec/load.go

Line 482 in a9a1f25

if keySource.HTTP != nil {

@adamperlin
Copy link
Contributor

To further clarify here, the issue was when extra_repos was nested under target-specific dependencies, since the targets section of the spec wasn't getting defaults fully filled before #481

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adamperlin adamperlin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: make sure fill defualts and expand args for all types cpuguy83/dalec
2 participants
@cpuguy83 @adamperlin