Software Properties

Merge lp:~cyphermox/software-properties/lp1036839 into lp:software-properties

  1. lp1036839
  2. Merge into main
Proposed by Mathieu Trudel-Lapierre
Status: Merged
Merge reported by: Marc Deslauriers
Merged at revision: not available
Proposed branch: lp:~cyphermox/software-properties/lp1036839
Merge into: lp:software-properties
Diff against target: 141 lines (+57/-16)
3 files modified
add-apt-repository (+4/-3)
debian/changelog (+8/-1)
softwareproperties/ppa.py (+45/-12)
To merge this branch: bzr merge lp:~cyphermox/software-properties/lp1036839
Reviewer Review Type Date Requested Status
Marc Deslauriers Approve
Review via email: mp+119753@code.launchpad.net
To post a comment you must log in.
lp:~cyphermox/software-properties/lp1036839 updated
788. By Mathieu Trudel-Lapierre

ppa: Update comment for LAUNCHPAD_PPA_CERT; we don't want people to ever set it
to None; which would mean "don't check certs".

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Looks good, thanks! ACK

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'add-apt-repository'
--- add-apt-repository 2012-07-10 08:55:00 +0000
+++ add-apt-repository 2012-08-16 18:51:31 +0000
@@ -17,7 +17,8 @@
17try:17try:
18 from urllib.error import HTTPError, URLError18 from urllib.error import HTTPError, URLError
19except ImportError:19except ImportError:
20 from urllib2 import HTTPError, URLError20 import pycurl
21 HTTPError = pycurl.error
2122
22def _maybe_suggest_ppa_name_based_on_user(user):23def _maybe_suggest_ppa_name_based_on_user(user):
23 try:24 try:
@@ -109,7 +110,7 @@
109110
110 # display PPA info (if needed)111 # display PPA info (if needed)
111 if line.startswith("ppa:") and not options.assume_yes:112 if line.startswith("ppa:") and not options.assume_yes:
112 from softwareproperties.ppa import get_ppa_info_from_lp, LAUNCHPAD_PPA_API113 from softwareproperties.ppa import PPAException, get_ppa_info_from_lp, LAUNCHPAD_PPA_API
113 user, sep, ppa_name = line.split(":")[1].partition("/")114 user, sep, ppa_name = line.split(":")[1].partition("/")
114 ppa_name = ppa_name or "ppa"115 ppa_name = ppa_name or "ppa"
115 try:116 try:
@@ -123,7 +124,7 @@
123 # exists. If it exists, list down the PPAs124 # exists. If it exists, list down the PPAs
124 _maybe_suggest_ppa_name_based_on_user(user)125 _maybe_suggest_ppa_name_based_on_user(user)
125 sys.exit(1)126 sys.exit(1)
126 except (ValueError, URLError):127 except (ValueError, PPAException):
127 print(_("Cannot access PPA (%s) to get PPA information, "128 print(_("Cannot access PPA (%s) to get PPA information, "
128 "please check your internet connection.") % \129 "please check your internet connection.") % \
129 (LAUNCHPAD_PPA_API % (user, ppa_name)))130 (LAUNCHPAD_PPA_API % (user, ppa_name)))
130131
=== modified file 'debian/changelog'
--- debian/changelog 2012-08-15 07:11:41 +0000
+++ debian/changelog 2012-08-16 18:51:31 +0000
@@ -5,7 +5,14 @@
5 - Fixed the source code checkbox and the submit statistics 5 - Fixed the source code checkbox and the submit statistics
6 checkbox labels to be left-aligned instead of centered.6 checkbox labels to be left-aligned instead of centered.
77
8 -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 15 Aug 2012 09:10:56 +02008 [ Mathieu Trudel-Lapierre ]
9 * Reinstate pycurl to use for getting PPA information from Launchpad, since
10 it can actually verify SSL certificates with python2. Also set
11 LAUNCHPAD_PPA_CERT so that it's a valid path to the system CA certificates
12 bundle to use for urllib and pycurl. (LP: #1036839)
13 - CVE-2012-0955
14
15 -- Mathieu Trudel-Lapierre <mathieu-tl@ubuntu.com> Wed, 15 Aug 2012 13:18:05 -0400
916
10software-properties (0.91) quantal; urgency=low17software-properties (0.91) quantal; urgency=low
1118
1219
=== modified file 'softwareproperties/ppa.py'
--- softwareproperties/ppa.py 2012-07-05 13:32:44 +0000
+++ softwareproperties/ppa.py 2012-08-16 18:51:31 +0000
@@ -28,18 +28,31 @@
28from threading import Thread28from threading import Thread
2929
30try:30try:
31 import urllib.request as urllib231 import urllib.request
32 from urllib.error import URLError32 from urllib.error import URLError
33 import urllib.parse33 import urllib.parse
34except ImportError:34except ImportError:
35 import urllib235 import pycurl
3636
37DEFAULT_KEYSERVER = "hkp://keyserver.ubuntu.com:80/"37DEFAULT_KEYSERVER = "hkp://keyserver.ubuntu.com:80/"
38# maintained until 201538# maintained until 2015
39LAUNCHPAD_PPA_API = 'https://launchpad.net/api/1.0/~%s/+archive/%s'39LAUNCHPAD_PPA_API = 'https://launchpad.net/api/1.0/~%s/+archive/%s'
40# None means use the system default SSL store.40# Specify to use the system default SSL store; change to a different path
41# Otherwise a path to a file is expected (as a bundle of certs)41# to test with custom certificates.
42LAUNCHPAD_PPA_CERT = None42LAUNCHPAD_PPA_CERT = "/etc/ssl/certs/ca-certificates.crt"
43
44class CurlCallback:
45 def __init__(self):
46 self.contents = ''
47
48 def body_callback(self, buf):
49 self.contents = self.contents + buf
50
51class PPAException(Exception):
52 def __init__(self, value):
53 self.value = value
54 def __str__(self):
55 return repr(self.value)
4356
44def encode(s):57def encode(s):
45 return re.sub("[^a-zA-Z0-9_-]","_", s)58 return re.sub("[^a-zA-Z0-9_-]","_", s)
@@ -70,12 +83,32 @@
70 # we ask for a JSON structure from lp_page, we could use83 # we ask for a JSON structure from lp_page, we could use
71 # simplejson, but the format is simple enough for the regexp84 # simplejson, but the format is simple enough for the regexp
72 # only useful for testing85 # only useful for testing
73 request = urllib2.Request(str(lp_url), headers={"Accept":" application/json"})
74 try:86 try:
75 lp_page = urllib2.urlopen(request, cafile=LAUNCHPAD_PPA_CERT)87 try:
76 except TypeError:88 request = urllib.request.Request(str(lp_url), headers={"Accept":" application/json"})
77 lp_page = urllib2.urlopen(request)89 lp_page = urllib.request.urlopen(request, cafile=LAUNCHPAD_PPA_CERT)
78 return json.loads(lp_page.read().decode("utf-8", "strict"))90 json_data = lp_page.read().decode("utf-8", "strict")
91 except URLError as e:
92 raise PPAException("Error reading %s: %s" % (lp_url, e.reason))
93 except PPAException:
94 raise
95 except:
96 try:
97 callback = CurlCallback()
98 curl = pycurl.Curl()
99 curl.setopt(pycurl.SSL_VERIFYPEER, 1)
100 curl.setopt(pycurl.SSL_VERIFYHOST, 2)
101 curl.setopt(pycurl.WRITEFUNCTION, callback.body_callback)
102 if LAUNCHPAD_PPA_CERT:
103 curl.setopt(pycurl.CAINFO, LAUNCHPAD_PPA_CERT)
104 curl.setopt(pycurl.URL, str(lp_url))
105 curl.setopt(pycurl.HTTPHEADER, ["Accept: application/json"])
106 curl.perform()
107 curl.close()
108 json_data = callback.contents
109 except pycurl.error as e:
110 raise PPAException("Error reading %s: %s" % (lp_url, e[1]))
111 return json.loads(json_data)
79112
80class AddPPASigningKeyThread(Thread):113class AddPPASigningKeyThread(Thread):
81 " thread class for adding the signing key in the background "114 " thread class for adding the signing key in the background "
@@ -98,8 +131,8 @@
98 owner_name, ppa_name, distro = ppa_path[1:].split('/')131 owner_name, ppa_name, distro = ppa_path[1:].split('/')
99 try:132 try:
100 ppa_info = get_ppa_info_from_lp(owner_name, ppa_name)133 ppa_info = get_ppa_info_from_lp(owner_name, ppa_name)
101 except URLError as e:134 except PPAException as e:
102 print("Error reading %s: %s" % (lp_url, e.strerror))135 print(e.value)
103 return False136 return False
104 try:137 try:
105 signing_key_fingerprint = ppa_info["signing_key_fingerprint"]138 signing_key_fingerprint = ppa_info["signing_key_fingerprint"]

Subscribers

People subscribed via source and target branches

to status/vote changes: