Merge lp:~cjwatson/launchpad/show-signing-key-fingerprints into lp:launchpad
- show-signing-key-fingerprints
- Merge into devel
Proposed by
Colin Watson
Status: | Merged |
---|---|
Merged at revision: | 18443 |
Proposed branch: | lp:~cjwatson/launchpad/show-signing-key-fingerprints |
Merge into: | lp:launchpad |
Diff against target: |
666 lines (+90/-74) 23 files modified
lib/lp/archiveuploader/dscfile.py (+1/-1) lib/lp/registry/browser/configure.zcml (+1/-1) lib/lp/registry/browser/tests/test_gpgkey.py (+1/-1) lib/lp/registry/model/gpgkey.py (+3/-2) lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt (+30/-23) lib/lp/registry/stories/gpg-coc/xx-ubuntu-codeofconduct-signer.txt (+2/-1) lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt (+12/-10) lib/lp/registry/stories/person/xx-person-home.txt (+2/-2) lib/lp/registry/templates/codeofconduct-list.pt (+2/-1) lib/lp/registry/templates/person-editpgpkeys.pt (+2/-2) lib/lp/registry/templates/person-portlet-contact-details.pt (+1/-1) lib/lp/services/gpg/doc/gpghandler.txt (+2/-2) lib/lp/services/gpg/handler.py (+3/-2) lib/lp/services/gpg/interfaces.py (+3/-2) lib/lp/services/verification/browser/logintoken.py (+2/-2) lib/lp/services/verification/browser/tests/logintoken-views.txt (+2/-1) lib/lp/services/verification/emailtemplates/validate-gpg.txt (+1/-1) lib/lp/services/verification/model/logintoken.py (+2/-1) lib/lp/services/webservice/wadl-to-refhtml.xsl (+1/-1) lib/lp/soyuz/doc/fakepackager.txt (+7/-7) lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt (+2/-2) lib/lp/soyuz/tests/fakepackager.py (+7/-7) lib/lp/testing/gpgkeys/__init__.py (+1/-1) |
To merge this branch: | bzr merge lp:~cjwatson/launchpad/show-signing-key-fingerprints |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
William Grant | code | Approve | |
Review via email: mp+328305@code.launchpad.net |
Commit message
Show GPG fingerprints rather than collidable short key IDs.
Description of the change
To post a comment you must log in.
Revision history for this message
William Grant (wgrant) : | # |
review:
Approve
(code)
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'lib/lp/archiveuploader/dscfile.py' |
2 | --- lib/lp/archiveuploader/dscfile.py 2017-03-29 09:28:09 +0000 |
3 | +++ lib/lp/archiveuploader/dscfile.py 2017-07-31 12:27:40 +0000 |
4 | @@ -181,7 +181,7 @@ |
5 | |
6 | if key.active == False: |
7 | raise UploadError("File %s is signed with a deactivated key %s" |
8 | - % (filename, key.keyid)) |
9 | + % (filename, key.fingerprint)) |
10 | |
11 | return (key, sig.plain_data) |
12 | |
13 | |
14 | === modified file 'lib/lp/registry/browser/configure.zcml' |
15 | --- lib/lp/registry/browser/configure.zcml 2015-06-19 05:07:14 +0000 |
16 | +++ lib/lp/registry/browser/configure.zcml 2017-07-31 12:27:40 +0000 |
17 | @@ -2534,7 +2534,7 @@ |
18 | /> |
19 | <browser:url |
20 | for="lp.registry.interfaces.gpg.IGPGKey" |
21 | - path_expression="string:+gpg-keys/${keyid}" |
22 | + path_expression="string:+gpg-keys/${fingerprint}" |
23 | rootsite="api" |
24 | attribute_to_parent="owner" |
25 | /> |
26 | |
27 | === modified file 'lib/lp/registry/browser/tests/test_gpgkey.py' |
28 | --- lib/lp/registry/browser/tests/test_gpgkey.py 2016-11-03 15:07:36 +0000 |
29 | +++ lib/lp/registry/browser/tests/test_gpgkey.py 2017-07-31 12:27:40 +0000 |
30 | @@ -24,7 +24,7 @@ |
31 | gpgkey = self.factory.makeGPGKey(person) |
32 | self.assertEqual( |
33 | '%s/+gpg-keys/%s' % ( |
34 | - canonical_url(person, rootsite='api'), gpgkey.keyid), |
35 | + canonical_url(person, rootsite='api'), gpgkey.fingerprint), |
36 | canonical_url(gpgkey)) |
37 | |
38 | |
39 | |
40 | === modified file 'lib/lp/registry/model/gpgkey.py' |
41 | --- lib/lp/registry/model/gpgkey.py 2016-12-22 16:32:38 +0000 |
42 | +++ lib/lp/registry/model/gpgkey.py 2017-07-31 12:27:40 +0000 |
43 | @@ -56,7 +56,8 @@ |
44 | |
45 | @property |
46 | def displayname(self): |
47 | - return '%s%s/%s' % (self.keysize, self.algorithm.title, self.keyid) |
48 | + return '%s%s/%s' % ( |
49 | + self.keysize, self.algorithm.title, self.fingerprint) |
50 | |
51 | |
52 | @implementer(IGPGKeySet) |
53 | @@ -85,7 +86,7 @@ |
54 | ownerID = requester.id |
55 | keyid = key.keyid |
56 | keysize = key.keysize |
57 | - algorithm = GPGKeyAlgorithm.items[key.algorithm] |
58 | + algorithm = key.algorithm |
59 | lp_key = self.new( |
60 | ownerID, keyid, fingerprint, keysize, algorithm, |
61 | can_encrypt=can_encrypt) |
62 | |
63 | === modified file 'lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt' |
64 | --- lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt 2016-03-23 17:55:39 +0000 |
65 | +++ lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt 2017-07-31 12:27:40 +0000 |
66 | @@ -43,7 +43,7 @@ |
67 | >>> browser.getControl(name='import').click() |
68 | >>> print_feedback_messages(browser.contents) |
69 | A message has been sent to test@canonical.com, encrypted |
70 | - with the key 1024D/DFD20543. |
71 | + with the key 1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543. |
72 | To confirm the key is yours, decrypt the message and follow the |
73 | link inside. |
74 | |
75 | @@ -103,8 +103,9 @@ |
76 | >>> key = import_secret_test_key('test@canonical.com.sec') |
77 | |
78 | 'cipher_body' is a message encrypted with the just-imported |
79 | -1024D/DFD20543 OpenPGP key, we need to access the current IGpghandler |
80 | -instance to access this key and decrypt the message. |
81 | +1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543 OpenPGP key, we need to |
82 | +access the current IGpghandler instance to access this key and decrypt the |
83 | +message. |
84 | |
85 | >>> body = decrypt_content(cipher_body, 'test') |
86 | |
87 | @@ -130,13 +131,14 @@ |
88 | >>> browser.url |
89 | 'http://launchpad.dev/~name12' |
90 | >>> print_feedback_messages(browser.contents) |
91 | - The key 1024D/DFD20543 was successfully validated. |
92 | + The key 1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543 was successfully |
93 | + validated. |
94 | |
95 | Certify the key is imported: |
96 | |
97 | >>> browser.open("http://launchpad.dev/~name12/+editpgpkeys") |
98 | >>> browser.getControl(name='DEACTIVATE_GPGKEY').displayOptions |
99 | - ['1024D/DFD20543'] |
100 | + ['1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543'] |
101 | |
102 | Verify that the key was imported with the "can encrypt" flag set: |
103 | |
104 | @@ -165,8 +167,8 @@ |
105 | >>> browser.getControl(name='import').click() |
106 | >>> print_feedback_messages(browser.contents) |
107 | A message has been sent to test@canonical.com. To |
108 | - confirm the key 1024D/17B05A8F is yours, follow |
109 | - the link inside. |
110 | + confirm the key 1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F is yours, |
111 | + follow the link inside. |
112 | |
113 | Sample Person checks their email. |
114 | |
115 | @@ -192,8 +194,8 @@ |
116 | User name : Sample Person |
117 | Email address: test@canonical.com |
118 | ... |
119 | + Key type : 1024D |
120 | Fingerprint : 447DBF38C4F9C4ED752246B77D88913717B05A8F |
121 | - Key type/ID : 1024D/17B05A8F |
122 | <BLANKLINE> |
123 | UIDs: |
124 | sign.only@canonical.com |
125 | @@ -256,7 +258,8 @@ |
126 | The signed content does not match the message found in the email. |
127 | |
128 | If they sign the text with a different key, they get an error |
129 | -message. The following text was signed with the key DFD20543: |
130 | +message. The following text was signed with the key |
131 | +A419AE861E88BC9E04B9C26FBA2B9389DFD20543: |
132 | |
133 | >>> signed_content = """ |
134 | ... -----BEGIN PGP SIGNED MESSAGE----- |
135 | @@ -290,7 +293,8 @@ |
136 | >>> browser.url |
137 | 'http://launchpad.dev/~name12' |
138 | >>> print_feedback_messages(browser.contents) |
139 | - The key 1024D/17B05A8F was successfully validated. |
140 | + The key 1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F was successfully |
141 | + validated. |
142 | |
143 | Now that the key has been validated, the login token is consumed: |
144 | |
145 | @@ -306,16 +310,16 @@ |
146 | |
147 | >>> content = find_main_content(browser.contents) |
148 | >>> browser.getControl(name='DEACTIVATE_GPGKEY').displayOptions |
149 | - [...'1024D/17B05A8F (sign only)'] |
150 | + [...'1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F (sign only)'] |
151 | |
152 | On a mad whim they decide to de-activate the key they just imported. |
153 | |
154 | >>> browser.getControl(name="DEACTIVATE_GPGKEY").displayValue = [ |
155 | - ... '1024D/17B05A8F (sign only)'] |
156 | + ... '1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F (sign only)'] |
157 | >>> browser.getControl('Deactivate Key').click() |
158 | |
159 | >>> print_feedback_messages(browser.contents) |
160 | - Deactivated key(s): 1024D/17B05A8F |
161 | + Deactivated key(s): 1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F |
162 | |
163 | Coming to their senses, they ask for a re-validation of the key. |
164 | |
165 | @@ -324,7 +328,7 @@ |
166 | |
167 | >>> print_feedback_messages(browser.contents) |
168 | A message has been sent to test@canonical.com with instructions |
169 | - to reactivate these key(s): 1024D/17B05A8F |
170 | + to reactivate these key(s): 1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F |
171 | |
172 | They open the page and checks that the key is displayed as pending |
173 | revalidation. |
174 | @@ -427,8 +431,8 @@ |
175 | Active signatures |
176 | If you change your mind about agreeing to a code of conduct, |
177 | you can deactivate your signature. |
178 | - ...: digitally signed by Sample Person (1024D/DFD20543) |
179 | - ... |
180 | + ...: digitally signed by Sample Person |
181 | + (1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543) ... |
182 | |
183 | |
184 | Now Sample Person will deactivate their key... |
185 | @@ -441,7 +445,7 @@ |
186 | >>> print browser.contents |
187 | <... |
188 | ...Your active keys... |
189 | - ...1024D/DFD20543... |
190 | + ...1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543... |
191 | |
192 | |
193 | ... but they forgot to select the checkbox of the key they want to remove. |
194 | @@ -454,12 +458,13 @@ |
195 | |
196 | Now they select the checkbox and deactivate it. |
197 | |
198 | - >>> browser.getControl('1024D/DFD20543').selected = True |
199 | + >>> browser.getControl( |
200 | + ... '1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543').selected = True |
201 | >>> browser.getControl('Deactivate Key').click() |
202 | >>> soup = find_main_content(browser.contents) |
203 | >>> for tag in soup('p', 'informational message'): |
204 | ... print tag.renderContents() |
205 | - Deactivated key(s): 1024D/DFD20543 |
206 | + Deactivated key(s): 1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543 |
207 | |
208 | |
209 | Sample Person already has a deactivated key. |
210 | @@ -471,7 +476,7 @@ |
211 | >>> print browser.contents |
212 | <... |
213 | ...Deactivated keys... |
214 | - ...1024D/DFD20543... |
215 | + ...1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543... |
216 | |
217 | |
218 | Now they'll request their key to be reactivated. |
219 | @@ -482,7 +487,8 @@ |
220 | ... print tag.renderContents() |
221 | No key(s) selected for reactivation. |
222 | |
223 | - >>> browser.getControl('1024D/DFD20543').selected = True |
224 | + >>> browser.getControl( |
225 | + ... '1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543').selected = True |
226 | >>> browser.getControl('Reactivate Key').click() |
227 | >>> soup = find_main_content(browser.contents) |
228 | >>> for tag in soup('p', 'informational message'): |
229 | @@ -524,7 +530,8 @@ |
230 | |
231 | >>> print browser.contents |
232 | <... |
233 | - ...Key 1024D/DFD20543 successfully reactivated... |
234 | + ...Key 1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543 successfully |
235 | + reactivated... |
236 | |
237 | |
238 | And now we can see the key listed as one of Sample Person's active keys. |
239 | @@ -533,7 +540,7 @@ |
240 | >>> print browser.contents |
241 | <... |
242 | ...Your active keys... |
243 | - ...1024D/DFD20543... |
244 | + ...1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543... |
245 | |
246 | This test verifies that we correctly handle keys which are in some way |
247 | special: either invalid, broken, revoked, expired, or already imported. |
248 | |
249 | === modified file 'lib/lp/registry/stories/gpg-coc/xx-ubuntu-codeofconduct-signer.txt' |
250 | --- lib/lp/registry/stories/gpg-coc/xx-ubuntu-codeofconduct-signer.txt 2016-01-26 15:47:37 +0000 |
251 | +++ lib/lp/registry/stories/gpg-coc/xx-ubuntu-codeofconduct-signer.txt 2017-07-31 12:27:40 +0000 |
252 | @@ -15,7 +15,8 @@ |
253 | >>> signatures = find_tags_by_class(admin_browser.contents, 'signature') |
254 | >>> for signature in signatures: |
255 | ... print extract_text(signature) |
256 | - 2005-09-27: digitally signed by Foo Bar (1024D/12345678) |
257 | + 2005-09-27: digitally signed by Foo Bar |
258 | + (1024D/ABCDEF0123456789ABCDDCBA0000111112345678) |
259 | |
260 | A regular user can't see the link to Foo Bar's signed codes of conduct. |
261 | |
262 | |
263 | === modified file 'lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt' |
264 | --- lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt 2016-01-26 15:47:37 +0000 |
265 | +++ lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt 2017-07-31 12:27:40 +0000 |
266 | @@ -40,7 +40,8 @@ |
267 | >>> for tag in find_tags_by_class(browser.contents, 'error message'): |
268 | ... print tag.renderContents() |
269 | <BLANKLINE> |
270 | - The key AACCD97C cannot be validated because it has been publicly revoked. |
271 | + The key 84D205F03E1E67096CB54E262BE83793AACCD97C cannot be validated |
272 | + because it has been publicly revoked. |
273 | You will need to generate a new key (using <kbd>gpg --genkey</kbd>) and |
274 | repeat the process to import it. |
275 | <BLANKLINE> |
276 | @@ -55,10 +56,10 @@ |
277 | >>> for tag in find_tags_by_class(browser.contents, 'error message'): |
278 | ... print tag.renderContents() |
279 | <BLANKLINE> |
280 | - The key 046C6D63 cannot be validated because it has expired. Change the |
281 | - expiry date (in a terminal, enter <kbd>gpg --edit-key |
282 | - <var>your@email.address</var></kbd> then enter <kbd>expire</kbd>), |
283 | - and try again. |
284 | + The key ECA5B797586F2E27381A16CFDE6C9167046C6D63 cannot be validated |
285 | + because it has expired. Change the expiry date (in a terminal, enter |
286 | + <kbd>gpg --edit-key <var>your@email.address</var></kbd> then enter |
287 | + <kbd>expire</kbd>), and try again. |
288 | <BLANKLINE> |
289 | |
290 | |
291 | @@ -90,7 +91,8 @@ |
292 | >>> for tag in find_tags_by_class(browser.contents, 'error message'): |
293 | ... print tag.renderContents() |
294 | There is 1 error. |
295 | - The key AACCD97C cannot be validated because it has been publicly revoked. |
296 | + The key 84D205F03E1E67096CB54E262BE83793AACCD97C cannot be validated |
297 | + because it has been publicly revoked. |
298 | You will need to generate a new key (using <kbd>gpg --genkey</kbd>) and |
299 | repeat the previous process to |
300 | <a href="http://launchpad.dev/~name12/+editpgpkeys">find and import</a> |
301 | @@ -105,10 +107,10 @@ |
302 | >>> for tag in find_tags_by_class(browser.contents, 'error message'): |
303 | ... print tag.renderContents() |
304 | There is 1 error. |
305 | - The key 046C6D63 cannot be validated because it has expired. Change the |
306 | - expiry date (in a terminal, enter <kbd>gpg --edit-key |
307 | - <var>your@email.address</var></kbd> then enter <kbd>expire</kbd>), |
308 | - and try again. |
309 | + The key ECA5B797586F2E27381A16CFDE6C9167046C6D63 cannot be validated |
310 | + because it has expired. Change the expiry date (in a terminal, enter |
311 | + <kbd>gpg --edit-key <var>your@email.address</var></kbd> then enter |
312 | + <kbd>expire</kbd>), and try again. |
313 | |
314 | The login tokens are only consumed if they're successfully processed. |
315 | Otherwise they're kept around so the user can try again after fixing their |
316 | |
317 | === modified file 'lib/lp/registry/stories/person/xx-person-home.txt' |
318 | --- lib/lp/registry/stories/person/xx-person-home.txt 2016-01-26 15:47:37 +0000 |
319 | +++ lib/lp/registry/stories/person/xx-person-home.txt 2017-07-31 12:27:40 +0000 |
320 | @@ -106,7 +106,7 @@ |
321 | |
322 | In order to avoid email harvesters to find a person's email addresses |
323 | just by following the link to that person's OpenPGP keys, only |
324 | -authenticated users can see the key ID with a link to the keyserver. |
325 | +authenticated users can see the key fingerprint with a link to the keyserver. |
326 | |
327 | >>> user_browser.open('http://launchpad.dev/~name16') |
328 | >>> print find_tag_by_id(user_browser.contents, 'pgp-keys') |
329 | @@ -116,7 +116,7 @@ |
330 | >>> anon_browser.open('http://launchpad.dev/~name16') |
331 | >>> print find_tag_by_id(anon_browser.contents, 'pgp-keys') |
332 | <dl... |
333 | - <dd> 12345678... |
334 | + <dd> ABCDEF0123456789ABCDDCBA0000111112345678... |
335 | |
336 | |
337 | Languages |
338 | |
339 | === modified file 'lib/lp/registry/templates/codeofconduct-list.pt' |
340 | --- lib/lp/registry/templates/codeofconduct-list.pt 2016-03-01 14:15:26 +0000 |
341 | +++ lib/lp/registry/templates/codeofconduct-list.pt 2017-07-31 12:27:40 +0000 |
342 | @@ -47,7 +47,8 @@ |
343 | </tal:multiple_keys> |
344 | |
345 | <tal:single_key condition="python: len(gpg_keys) == 1"> |
346 | - The key <code tal:content="python: gpg_keys[0].keyid" /> is |
347 | + The key <code tal:content="python: gpg_keys[0].fingerprint" /> |
348 | + is |
349 | </tal:single_key> |
350 | |
351 | registered on your account. You can skip to the next step if |
352 | |
353 | === modified file 'lib/lp/registry/templates/person-editpgpkeys.pt' |
354 | --- lib/lp/registry/templates/person-editpgpkeys.pt 2016-03-01 14:15:26 +0000 |
355 | +++ lib/lp/registry/templates/person-editpgpkeys.pt 2017-07-31 12:27:40 +0000 |
356 | @@ -52,14 +52,14 @@ |
357 | |
358 | <tal:has_key condition="view/key"> |
359 | <p tal:condition="view/key/revoked" class="error message"> |
360 | - The key <span tal:replace="view/key/keyid" /> cannot be validated |
361 | + The key <span tal:replace="view/key/fingerprint" /> cannot be validated |
362 | because it has been publicly revoked. You will need to generate a |
363 | new key (using <kbd>gpg --genkey</kbd>) and repeat the process |
364 | to import it. |
365 | </p> |
366 | |
367 | <p tal:condition="view/key/expired" class="error message"> |
368 | - The key <span tal:replace="view/key/keyid" /> cannot be validated |
369 | + The key <span tal:replace="view/key/fingerprint" /> cannot be validated |
370 | because it has expired. Change the expiry date (in a terminal, enter |
371 | <kbd>gpg --edit-key <var>your@email.address</var></kbd> then enter |
372 | <kbd>expire</kbd>), and try again. |
373 | |
374 | === modified file 'lib/lp/registry/templates/person-portlet-contact-details.pt' |
375 | --- lib/lp/registry/templates/person-portlet-contact-details.pt 2016-07-28 00:26:13 +0000 |
376 | +++ lib/lp/registry/templates/person-portlet-contact-details.pt 2017-07-31 12:27:40 +0000 |
377 | @@ -142,7 +142,7 @@ |
378 | <tal:keys repeat="key view/gpg_keys"> |
379 | <a tal:attributes="href key/keyserverURL" |
380 | tal:omit-tag="not: request/lp:person"> |
381 | - <tal:keyid replace="key/keyid" |
382 | + <tal:fingerprint replace="key/fingerprint" |
383 | /></a><span tal:condition="not: repeat/key/end">,</span> |
384 | </tal:keys> |
385 | <div tal:condition="not: view/gpg_keys"> |
386 | |
387 | === modified file 'lib/lp/services/gpg/doc/gpghandler.txt' |
388 | --- lib/lp/services/gpg/doc/gpghandler.txt 2015-06-24 00:17:11 +0000 |
389 | +++ lib/lp/services/gpg/doc/gpghandler.txt 2017-07-31 12:27:40 +0000 |
390 | @@ -205,7 +205,7 @@ |
391 | >>> print new_key.secret |
392 | True |
393 | |
394 | - >>> print new_key.algorithm |
395 | + >>> print new_key.algorithm.title |
396 | R |
397 | |
398 | >>> print new_key.keysize |
399 | @@ -244,7 +244,7 @@ |
400 | >>> print pub_key.secret |
401 | False |
402 | |
403 | - >>> print pub_key.algorithm |
404 | + >>> print pub_key.algorithm.title |
405 | R |
406 | |
407 | >>> print pub_key.keysize |
408 | |
409 | === modified file 'lib/lp/services/gpg/handler.py' |
410 | --- lib/lp/services/gpg/handler.py 2017-01-26 12:23:56 +0000 |
411 | +++ lib/lp/services/gpg/handler.py 2017-07-31 12:27:40 +0000 |
412 | @@ -580,7 +580,7 @@ |
413 | self.revoked = subkey.revoked |
414 | self.keysize = subkey.length |
415 | |
416 | - self.algorithm = GPGKeyAlgorithm.items[subkey.pubkey_algo].title |
417 | + self.algorithm = GPGKeyAlgorithm.items[subkey.pubkey_algo] |
418 | self.keyid = self.fingerprint[-8:] |
419 | self.expired = key.expired |
420 | self.secret = key.secret |
421 | @@ -598,7 +598,8 @@ |
422 | |
423 | @property |
424 | def displayname(self): |
425 | - return '%s%s/%s' % (self.keysize, self.algorithm, self.keyid) |
426 | + return '%s%s/%s' % ( |
427 | + self.keysize, self.algorithm.title, self.fingerprint) |
428 | |
429 | def export(self): |
430 | """See `PymeKey`.""" |
431 | |
432 | === modified file 'lib/lp/services/gpg/interfaces.py' |
433 | --- lib/lp/services/gpg/interfaces.py 2017-01-26 12:23:56 +0000 |
434 | +++ lib/lp/services/gpg/interfaces.py 2017-07-31 12:27:40 +0000 |
435 | @@ -144,7 +144,7 @@ |
436 | def __init__(self, key): |
437 | self.key = key |
438 | super(GPGKeyRevoked, self).__init__( |
439 | - "%s has been publicly revoked" % (key.keyid, )) |
440 | + "%s has been publicly revoked" % (key.fingerprint, )) |
441 | |
442 | |
443 | class GPGKeyExpired(Exception): |
444 | @@ -152,7 +152,8 @@ |
445 | |
446 | def __init__(self, key): |
447 | self.key = key |
448 | - super(GPGKeyExpired, self).__init__("%s has expired" % (key.keyid, )) |
449 | + super(GPGKeyExpired, self).__init__( |
450 | + "%s has expired" % (key.fingerprint, )) |
451 | |
452 | |
453 | class GPGKeyMismatchOnServer(Exception): |
454 | |
455 | === modified file 'lib/lp/services/verification/browser/logintoken.py' |
456 | --- lib/lp/services/verification/browser/logintoken.py 2016-11-03 15:07:36 +0000 |
457 | +++ lib/lp/services/verification/browser/logintoken.py 2017-07-31 12:27:40 +0000 |
458 | @@ -358,7 +358,7 @@ |
459 | '(using <kbd>gpg --genkey</kbd>) and repeat the previous ' |
460 | 'process to <a href="${url}/+editpgpkeys">find and ' |
461 | 'import</a> the new key.', |
462 | - mapping=dict(key=e.key.keyid, url=person_url)))) |
463 | + mapping=dict(key=e.key.fingerprint, url=person_url)))) |
464 | except GPGKeyExpired as e: |
465 | self.addError( |
466 | structured(_( |
467 | @@ -366,7 +366,7 @@ |
468 | 'Change the expiry date (in a terminal, enter ' |
469 | '<kbd>gpg --edit-key <var>your@email.address</var></kbd> ' |
470 | 'then enter <kbd>expire</kbd>), and try again.', |
471 | - mapping=dict(key=e.key.keyid)))) |
472 | + mapping=dict(key=e.key.fingerprint)))) |
473 | else: |
474 | return key |
475 | |
476 | |
477 | === modified file 'lib/lp/services/verification/browser/tests/logintoken-views.txt' |
478 | --- lib/lp/services/verification/browser/tests/logintoken-views.txt 2016-01-26 15:47:37 +0000 |
479 | +++ lib/lp/services/verification/browser/tests/logintoken-views.txt 2017-07-31 12:27:40 +0000 |
480 | @@ -57,5 +57,6 @@ |
481 | >>> print "\n".join( |
482 | ... notification.message |
483 | ... for notification in validategpg_view.request.notifications) |
484 | - The key 1024D/DFD20543 was successfully validated... |
485 | + The key 1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543 was successfully |
486 | + validated... |
487 | >>> tac.tearDown() |
488 | |
489 | === modified file 'lib/lp/services/verification/emailtemplates/validate-gpg.txt' |
490 | --- lib/lp/services/verification/emailtemplates/validate-gpg.txt 2011-12-20 11:55:18 +0000 |
491 | +++ lib/lp/services/verification/emailtemplates/validate-gpg.txt 2017-07-31 12:27:40 +0000 |
492 | @@ -9,8 +9,8 @@ |
493 | |
494 | Key details: |
495 | |
496 | + Key type : %(key_type)s |
497 | Fingerprint : %(fingerprint)s |
498 | - Key type/ID : %(displayname)s |
499 | |
500 | UIDs: |
501 | %(uids)s |
502 | |
503 | === modified file 'lib/lp/services/verification/model/logintoken.py' |
504 | --- lib/lp/services/verification/model/logintoken.py 2016-03-23 17:55:39 +0000 |
505 | +++ lib/lp/services/verification/model/logintoken.py 2017-07-31 12:27:40 +0000 |
506 | @@ -152,9 +152,10 @@ |
507 | |
508 | # Here are the instructions that need to be encrypted. |
509 | template = get_email_template('validate-gpg.txt', app=MAIL_APP) |
510 | + key_type = '%s%s' % (key.keysize, key.algorithm.title) |
511 | replacements = {'requester': self.requester.displayname, |
512 | 'requesteremail': self.requesteremail, |
513 | - 'displayname': key.displayname, |
514 | + 'key_type': key_type, |
515 | 'fingerprint': key.fingerprint, |
516 | 'uids': formatted_uids, |
517 | 'token_url': canonical_url(self)} |
518 | |
519 | === modified file 'lib/lp/services/webservice/wadl-to-refhtml.xsl' |
520 | --- lib/lp/services/webservice/wadl-to-refhtml.xsl 2016-04-24 15:31:31 +0000 |
521 | +++ lib/lp/services/webservice/wadl-to-refhtml.xsl 2017-07-31 12:27:40 +0000 |
522 | @@ -371,7 +371,7 @@ |
523 | <xsl:text>/</xsl:text> |
524 | <var><person.name></var> |
525 | <xsl:text>/+gpg-keys/</xsl:text> |
526 | - <var><keyid></var> |
527 | + <var><fingerprint></var> |
528 | </xsl:when> |
529 | <xsl:when test="@id = 'hwdb'"> |
530 | <xsl:text>/+hwdb</xsl:text> |
531 | |
532 | === modified file 'lib/lp/soyuz/doc/fakepackager.txt' |
533 | --- lib/lp/soyuz/doc/fakepackager.txt 2012-01-06 11:08:30 +0000 |
534 | +++ lib/lp/soyuz/doc/fakepackager.txt 2017-07-31 12:27:40 +0000 |
535 | @@ -20,8 +20,8 @@ |
536 | >>> os.path.exists(packager.sandbox_path) |
537 | True |
538 | |
539 | -Source 'name' and 'version' and 'gpg_key_id' are set according to the |
540 | -give arguments passed in the initialization. |
541 | +Source 'name' and 'version' and 'gpg_key_fingerprint' are set according to |
542 | +the arguments passed in the initialization. |
543 | |
544 | >>> print packager.name |
545 | biscuit |
546 | @@ -29,7 +29,7 @@ |
547 | >>> print packager.version |
548 | 1.0 |
549 | |
550 | - >>> print packager.gpg_key_id |
551 | + >>> print packager.gpg_key_fingerprint |
552 | None |
553 | |
554 | The upstream directory is known but not yet created. |
555 | @@ -124,7 +124,7 @@ |
556 | |
557 | The error was raised because no signing key was set. |
558 | |
559 | - >>> print packager.gpg_key_id |
560 | + >>> print packager.gpg_key_fingerprint |
561 | None |
562 | |
563 | A GPG key can only be set on initialization so we will have to create a |
564 | @@ -137,8 +137,8 @@ |
565 | |
566 | GPG key set, now we are able to build a signed version. |
567 | |
568 | - >>> print packager.gpg_key_id |
569 | - 0x5D147547 |
570 | + >>> print packager.gpg_key_fingerprint |
571 | + 0xFD311613D941C6DE55737D310E3498675D147547 |
572 | |
573 | FakePackager also allows us to include as many versions it needs |
574 | before building the package. It helps when the content of the |
575 | @@ -163,7 +163,7 @@ |
576 | >>> gpghandler = getUtility(IGPGHandler) |
577 | >>> sig = gpghandler.verifySignature(content) |
578 | |
579 | - >>> sig.fingerprint[-8:] == packager.gpg_key_id[2:] |
580 | + >>> sig.fingerprint == packager.gpg_key_fingerprint[2:] |
581 | True |
582 | |
583 | Continuing in the same 'sandbox', we can generate subsequent packages |
584 | |
585 | === modified file 'lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt' |
586 | --- lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt 2016-07-18 08:25:34 +0000 |
587 | +++ lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt 2017-07-31 12:27:40 +0000 |
588 | @@ -573,14 +573,14 @@ |
589 | ... anon_browser.contents, 'signing-key') |
590 | |
591 | >>> print extract_text(signing_key_section) |
592 | - Signing key: 1024D/12345678 (What is this?) |
593 | + Signing key: 1024D/ABCDEF0123456789ABCDDCBA0000111112345678 (What is this?) |
594 | Fingerprint: ABCDEF0123456789ABCDDCBA0000111112345678 |
595 | |
596 | The key fingerprint links to the actual key available in the ubuntu |
597 | keyserver. |
598 | |
599 | >>> print anon_browser.getLink( |
600 | - ... '1024D/12345678').url |
601 | + ... '1024D/ABCDEF0123456789ABCDDCBA0000111112345678').url |
602 | http://keyserver.ubuntu.com:11371/pks/lookup?fingerprint=on&op=index&search=0xABCDEF0123456789ABCDDCBA0000111112345678 |
603 | |
604 | Using software from a PPA can be hard for novices. We offer two |
605 | |
606 | === modified file 'lib/lp/soyuz/tests/fakepackager.py' |
607 | --- lib/lp/soyuz/tests/fakepackager.py 2011-12-22 04:46:24 +0000 |
608 | +++ lib/lp/soyuz/tests/fakepackager.py 2017-07-31 12:27:40 +0000 |
609 | @@ -89,9 +89,9 @@ |
610 | self.version = version |
611 | |
612 | if key_path is not None: |
613 | - self.gpg_key_id = self._importGPGKey(key_path) |
614 | + self.gpg_key_fingerprint = self._importGPGKey(key_path) |
615 | else: |
616 | - self.gpg_key_id = None |
617 | + self.gpg_key_fingerprint = None |
618 | |
619 | self.upstream_directory = os.path.join( |
620 | self.sandbox_path, '%s-%s' % (self.name, self.version)) |
621 | @@ -119,19 +119,19 @@ |
622 | def _importGPGKey(self, key_path): |
623 | """Import the given secret GPG key to sign packages. |
624 | |
625 | - Return the key ID import as '0xAABBCCDD' |
626 | + Return the fingerprint of the imported key, prefixed with '0x'. |
627 | """ |
628 | gpghandler = getUtility(IGPGHandler) |
629 | |
630 | if key_path is None: |
631 | - self.gpg_key_id = None |
632 | + self.gpg_key_fingerprint = None |
633 | return |
634 | |
635 | gpghandler.resetLocalState() |
636 | import_secret_test_key(key_path) |
637 | key = list(gpghandler.localKeys())[0] |
638 | |
639 | - return '0x%s' % key.keyid |
640 | + return '0x%s' % key.fingerprint |
641 | |
642 | def _appendContents(self, content): |
643 | """Append a given content in the upstream 'contents' file. |
644 | @@ -360,9 +360,9 @@ |
645 | if not signed: |
646 | debuild_options.extend(['-uc', '-us']) |
647 | else: |
648 | - assert self.gpg_key_id is not None, ( |
649 | + assert self.gpg_key_fingerprint is not None, ( |
650 | 'Cannot build signed packages because the key is not set.') |
651 | - debuild_options.append('-k%s' % self.gpg_key_id) |
652 | + debuild_options.append('-k%s' % self.gpg_key_fingerprint) |
653 | |
654 | if include_orig: |
655 | debuild_options.append('-sa') |
656 | |
657 | === modified file 'lib/lp/testing/gpgkeys/__init__.py' |
658 | --- lib/lp/testing/gpgkeys/__init__.py 2017-01-12 15:03:09 +0000 |
659 | +++ lib/lp/testing/gpgkeys/__init__.py 2017-07-31 12:27:40 +0000 |
660 | @@ -70,7 +70,7 @@ |
661 | keyid=key.keyid, |
662 | fingerprint=key.fingerprint, |
663 | keysize=key.keysize, |
664 | - algorithm=GPGKeyAlgorithm.items[key.algorithm], |
665 | + algorithm=key.algorithm, |
666 | active=(not key.revoked)) |
667 | |
668 |