Launchpad itself

Merge lp:~cjwatson/launchpad/no-explicit-keyserver-port into lp:launchpad

  1. no-explicit-keyserver-port
  2. Merge into devel
Proposed by Colin Watson
Status: Merged
Merged at revision: 18540
Proposed branch: lp:~cjwatson/launchpad/no-explicit-keyserver-port
Merge into: lp:launchpad
Diff against target: 191 lines (+58/-31)
8 files modified
configs/development/launchpad-lazr.conf (+1/-0)
configs/testrunner/launchpad-lazr.conf (+1/-0)
lib/lp/registry/stories/person/xx-person-rdf.txt (+1/-1)
lib/lp/services/config/schema-lazr.conf (+4/-0)
lib/lp/services/gpg/doc/gpghandler.txt (+1/-24)
lib/lp/services/gpg/handler.py (+7/-4)
lib/lp/services/gpg/tests/test_gpghandler.py (+42/-1)
lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt (+1/-1)
To merge this branch: bzr merge lp:~cjwatson/launchpad/no-explicit-keyserver-port
Reviewer Review Type Date Requested Status
William Grant code Approve
Review via email: mp+336724@code.launchpad.net

Commit message

Construct public keyserver links using HTTPS without an explicit port.

To post a comment you must log in.
Revision history for this message
William Grant (wgrant) :
review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'configs/development/launchpad-lazr.conf'
2--- configs/development/launchpad-lazr.conf 2017-09-07 13:25:13 +0000
3+++ configs/development/launchpad-lazr.conf 2018-01-26 22:52:25 +0000
4@@ -90,6 +90,7 @@
5 [gpghandler]
6 host: keyserver.launchpad.dev
7 public_host: keyserver.launchpad.dev
8+public_https: False
9
10 [launchpad]
11 enable_test_openid_provider: True
12
13=== modified file 'configs/testrunner/launchpad-lazr.conf'
14--- configs/testrunner/launchpad-lazr.conf 2016-05-18 00:33:18 +0000
15+++ configs/testrunner/launchpad-lazr.conf 2018-01-26 22:52:25 +0000
16@@ -95,6 +95,7 @@
17 upload_keys: True
18 host: localhost
19 public_host: keyserver.ubuntu.com
20+public_https: True
21
22 [karmacacheupdater]
23 max_scaling: 2
24
25=== modified file 'lib/lp/registry/stories/person/xx-person-rdf.txt'
26--- lib/lp/registry/stories/person/xx-person-rdf.txt 2017-10-21 18:14:14 +0000
27+++ lib/lp/registry/stories/person/xx-person-rdf.txt 2018-01-26 22:52:25 +0000
28@@ -36,7 +36,7 @@
29 <wot:hex_id>12345678</wot:hex_id>
30 <wot:length>1024</wot:length>
31 <wot:fingerprint>ABCDEF0123456789ABCDDCBA0000111112345678</wot:fingerprint>
32- <wot:pubkeyAddress rdf:resource="http://keyserver.ubuntu.com:11371/pks/lookup?fingerprint=on&amp;op=index&amp;search=0xABCDEF0123456789ABCDDCBA0000111112345678"/>
33+ <wot:pubkeyAddress rdf:resource="https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&amp;op=index&amp;search=0xABCDEF0123456789ABCDDCBA0000111112345678"/>
34 </wot:PubKey>
35 </wot:hasKey>
36 </foaf:Person>
37
38=== modified file 'lib/lp/services/config/schema-lazr.conf'
39--- lib/lp/services/config/schema-lazr.conf 2017-09-07 13:25:13 +0000
40+++ lib/lp/services/config/schema-lazr.conf 2018-01-26 22:52:25 +0000
41@@ -811,6 +811,10 @@
42 # datatype: ip_address_or_hostname
43 public_host: keyserver.ubuntu.com
44
45+# If true, construct public keyserver links using HTTPS, ignoring the value
46+# of `port`.
47+public_https: True
48+
49 # Port number on Host to access the keyserver.
50 # datatype: int
51 port: 11371
52
53=== modified file 'lib/lp/services/gpg/doc/gpghandler.txt'
54--- lib/lp/services/gpg/doc/gpghandler.txt 2017-07-31 11:19:23 +0000
55+++ lib/lp/services/gpg/doc/gpghandler.txt 2018-01-26 22:52:25 +0000
56@@ -2,7 +2,7 @@
57
58 `IGPGHandler` is a utility designed to handle OpenPGP (GPG) operations.
59
60-The following operation are supported:
61+The following operations are supported:
62
63 * Importing public and secret keys;
64 * Generating a new key;
65@@ -260,29 +260,6 @@
66 True
67
68
69-== Keyserver URLs ==
70-
71-The gpghandler can also provide us with convenient links to the
72-keyserver web interface. By default the action is to display the index
73-page. Notice that the fingerprint must be the 40-byte fingerprint,
74-to avoid the retrieval of more than one key.
75-
76- >>> fingerprint = "A419AE861E88BC9E04B9C26FBA2B9389DFD20543"
77- >>> gpghandler.getURLForKeyInServer(fingerprint)
78- 'http://localhost:11371/pks/lookup?fingerprint=on&op=index&search=0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543'
79-
80-But you can also specify your own action:
81-
82- >>> gpghandler.getURLForKeyInServer(fingerprint, action="get")
83- 'http://localhost:11371/pks/lookup?fingerprint=on&op=get&search=0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543'
84-
85-The method accepts a flag to retrieve a link to ubuntu's public
86-keyserver web interface.
87-
88- >>> gpghandler.getURLForKeyInServer(fingerprint, public=True)
89- 'http://keyserver.ubuntu.com:11371/pks/lookup?fingerprint=on&op=index&search=0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543'
90-
91-
92 == Keyserver uploads ==
93
94 IGPGHandler also allow callsites to upload the public part of a local
95
96=== modified file 'lib/lp/services/gpg/handler.py'
97--- lib/lp/services/gpg/handler.py 2017-07-31 11:19:23 +0000
98+++ lib/lp/services/gpg/handler.py 2018-01-26 22:52:25 +0000
99@@ -1,4 +1,4 @@
100-# Copyright 2009-2017 Canonical Ltd. This software is licensed under the
101+# Copyright 2009-2018 Canonical Ltd. This software is licensed under the
102 # GNU Affero General Public License version 3 (see the file LICENSE).
103
104 __metaclass__ = type
105@@ -478,9 +478,12 @@
106 host = config.gpghandler.public_host
107 else:
108 host = config.gpghandler.host
109- return 'http://%s:%s/pks/lookup?%s' % (
110- host, config.gpghandler.port,
111- urllib.urlencode(sorted(params.items())))
112+ if public and config.gpghandler.public_https:
113+ base = 'https://%s' % host
114+ else:
115+ base = 'http://%s:%s' % (host, config.gpghandler.port)
116+ return '%s/pks/lookup?%s' % (
117+ base, urllib.urlencode(sorted(params.items())))
118
119 def _getPubKey(self, fingerprint):
120 """See IGPGHandler for further information."""
121
122=== modified file 'lib/lp/services/gpg/tests/test_gpghandler.py'
123--- lib/lp/services/gpg/tests/test_gpghandler.py 2018-01-02 10:54:31 +0000
124+++ lib/lp/services/gpg/tests/test_gpghandler.py 2018-01-26 22:52:25 +0000
125@@ -1,4 +1,4 @@
126-# Copyright 2009-2017 Canonical Ltd. This software is licensed under the
127+# Copyright 2009-2018 Canonical Ltd. This software is licensed under the
128 # GNU Affero General Public License version 3 (see the file LICENSE).
129
130 import base64
131@@ -207,6 +207,47 @@
132 GPGKeyDoesNotExistOnServer,
133 removeSecurityProxy(self.gpg_handler)._getPubKey, fingerprint)
134
135+ def test_getURLForKeyInServer_default(self):
136+ # By default the action is to display the key's index page. Notice
137+ # that the fingerprint must be the 40-byte fingerprint, to avoid the
138+ # retrieval of more than one key.
139+ fingerprint = "A419AE861E88BC9E04B9C26FBA2B9389DFD20543"
140+ self.assertEqual(
141+ "http://localhost:11371/pks/lookup?fingerprint=on&"
142+ "op=index&search=0x%s" % fingerprint,
143+ self.gpg_handler.getURLForKeyInServer(fingerprint))
144+
145+ def test_getURLForKeyInServer_different_action(self):
146+ # The caller can specify a different action.
147+ fingerprint = "A419AE861E88BC9E04B9C26FBA2B9389DFD20543"
148+ self.assertEqual(
149+ "http://localhost:11371/pks/lookup?fingerprint=on&"
150+ "op=get&search=0x%s" % fingerprint,
151+ self.gpg_handler.getURLForKeyInServer(fingerprint, action="get"))
152+
153+ def test_getURLForKeyInServer_public_http(self):
154+ # The caller can request a link to the public keyserver web
155+ # interface. If the configuration item gpghandler.public_https is
156+ # false, then this uses HTTP and gpghandler.port.
157+ self.pushConfig("gpghandler", public_https=False)
158+ fingerprint = "A419AE861E88BC9E04B9C26FBA2B9389DFD20543"
159+ self.assertEqual(
160+ "http://keyserver.ubuntu.com:11371/pks/lookup?fingerprint=on&"
161+ "op=index&search=0x%s" % fingerprint,
162+ self.gpg_handler.getURLForKeyInServer(fingerprint, public=True))
163+
164+ def test_getURLForKeyInServer_public_https(self):
165+ # The caller can request a link to the public keyserver web
166+ # interface. If the configuration item gpghandler.public_https is
167+ # true, then this uses HTTPS and the default HTTPS port.
168+ # This is the testrunner default, but let's be explicit here.
169+ self.pushConfig("gpghandler", public_https=True)
170+ fingerprint = "A419AE861E88BC9E04B9C26FBA2B9389DFD20543"
171+ self.assertEqual(
172+ "https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&"
173+ "op=index&search=0x%s" % fingerprint,
174+ self.gpg_handler.getURLForKeyInServer(fingerprint, public=True))
175+
176 def test_signContent_uses_sha512_digests(self):
177 secret_keys = [
178 ("ppa-sample@canonical.com.sec", ""), # 1024R
179
180=== modified file 'lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt'
181--- lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt 2017-07-31 11:45:32 +0000
182+++ lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt 2018-01-26 22:52:25 +0000
183@@ -581,7 +581,7 @@
184
185 >>> print anon_browser.getLink(
186 ... '1024D/ABCDEF0123456789ABCDDCBA0000111112345678').url
187- http://keyserver.ubuntu.com:11371/pks/lookup?fingerprint=on&op=index&search=0xABCDEF0123456789ABCDDCBA0000111112345678
188+ https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=index&search=0xABCDEF0123456789ABCDDCBA0000111112345678
189
190 Using software from a PPA can be hard for novices. We offer two
191 links to the same help pop-up that describes how to add a PPA and