Software Properties

Merge lp:~mvo/software-properties/use-apt-auth into lp:software-properties

  1. use-apt-auth
  2. Merge into main
Proposed by Michael Vogt
Status: Needs review
Proposed branch: lp:~mvo/software-properties/use-apt-auth
Merge into: lp:software-properties
Diff against target: 175 lines (+23/-87)
3 files modified
debian/changelog (+6/-0)
debian/control (+2/-2)
softwareproperties/ppa.py (+15/-85)
To merge this branch: bzr merge lp:~mvo/software-properties/use-apt-auth
Reviewer Review Type Date Requested Status
Barry Warsaw (community) Needs Fixing
Adam Conrad Pending
Review via email: mp+127568@code.launchpad.net

Description of the change

Use apt.auth from python-apt that does the same kind of checks
nowdays

To post a comment you must log in.
Revision history for this message
Barry Warsaw (barry) wrote :

Any chance of getting http://apt.alioth.debian.org/python-apt-doc/contents.html updated? It only covers 0.8.0 and doesn't describe apt.auth at all afaict. Or is there a better, more definitive location for the documentation?

Reply
Revision history for this message
Barry Warsaw (barry) wrote :

Note that the pre-build hook fails when trying to build a source package with this branch. I suspect the test mocks need to be fixed for the new implementation.

Testing ./test_lp.py /home/barry/projects/ubuntu/softprop/build-area/software-properties-0.92.14/tests with python 2
EEEError getting key from keyserver: Only long keyids (v4, 160bit) are supported
...
======================================================================
ERROR: test_add_ppa_signing_key_multiple_fingerprints (__main__.AddPPASigningKeyTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/mock.py", line 1224, in patched
    return func(*args, **keywargs)
  File "./test_lp.py", line 76, in test_add_ppa_signing_key_multiple_fingerprints
    with patch.object(self.t, "_get_fingerprints") as mock:
  File "/usr/lib/python2.7/dist-packages/mock.py", line 1275, in __enter__
    original, local = self.get_original()
  File "/usr/lib/python2.7/dist-packages/mock.py", line 1263, in get_original
    "%s does not have the attribute %r" % (target, name)
AttributeError: <AddPPASigningKeyThread(Thread-1, initial)> does not have the attribute '_get_fingerprints'

======================================================================
ERROR: test_add_ppa_signing_key_ok (__main__.AddPPASigningKeyTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/mock.py", line 1224, in patched
    return func(*args, **keywargs)
  File "./test_lp.py", line 89, in test_add_ppa_signing_key_ok
    with patch.object(self.t, "_get_fingerprints") as mock:
  File "/usr/lib/python2.7/dist-packages/mock.py", line 1275, in __enter__
    original, local = self.get_original()
  File "/usr/lib/python2.7/dist-packages/mock.py", line 1263, in get_original
    "%s does not have the attribute %r" % (target, name)
AttributeError: <AddPPASigningKeyThread(Thread-2, initial)> does not have the attribute '_get_fingerprints'

======================================================================
ERROR: test_add_ppa_signing_key_wrong_fingerprint (__main__.AddPPASigningKeyTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/mock.py", line 1224, in patched
    return func(*args, **keywargs)
  File "./test_lp.py", line 65, in test_add_ppa_signing_key_wrong_fingerprint
    with patch.object(self.t, "_get_fingerprints") as mock:
  File "/usr/lib/python2.7/dist-packages/mock.py", line 1275, in __enter__
    original, local = self.get_original()
  File "/usr/lib/python2.7/dist-packages/mock.py", line 1263, in get_original
    "%s does not have the attribute %r" % (target, name)
AttributeError: <AddPPASigningKeyThread(Thread-3, initial)> does not have the attribute '_get_fingerprints'

----------------------------------------------------------------------
Ran 6 tests in 1.322s

FAILED (errors=3)
make: *** [check] Error 1
bzr: ERROR: The "pre-build" hook failed.

review: Needs Fixing
Reply

Unmerged revisions

813. By Michael Vogt

use apt.auth.add_key_from_keyserver() and upate debian/control

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2012-10-02 18:32:36 +0000
3+++ debian/changelog 2012-10-02 18:42:19 +0000
4@@ -1,3 +1,9 @@
5+software-properties (0.92.10) UNRELEASED; urgency=low
6+
7+ * use apt.auth.add_key_from_keyserver() and upate debian/control
8+
9+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 02 Oct 2012 20:39:23 +0200
10+
11 software-properties (0.92.9) quantal; urgency=low
12
13 * Call GnuPG with an appropriate --homedir argument (LP: #1060335)
14
15=== modified file 'debian/control'
16--- debian/control 2012-09-18 13:13:10 +0000
17+++ debian/control 2012-10-02 18:42:19 +0000
18@@ -19,7 +19,7 @@
19 Section: python
20 Architecture: all
21 Depends: ${python:Depends}, ${misc:Depends}, python, python-apt (>=
22- 0.6.20ubuntu16), lsb-release,
23+ 0.8.7ubuntu3), lsb-release,
24 unattended-upgrades, iso-codes
25 Description: manage the repositories that you install software from
26 This software provides an abstraction of the used apt repositories.
27@@ -30,7 +30,7 @@
28 Section: python
29 Architecture: all
30 Depends: ${python3:Depends}, ${misc:Depends}, python3, python3-apt (>=
31- 0.6.20ubuntu16), lsb-release, unattended-upgrades, iso-codes
32+ 0.8.7ubuntu3), lsb-release, unattended-upgrades, iso-codes
33 Description: manage the repositories that you install software from
34 This software provides an abstraction of the used apt repositories.
35 It allows you to easily manage your distribution and independent software
36
37=== modified file 'softwareproperties/ppa.py'
38--- softwareproperties/ppa.py 2012-10-02 18:32:36 +0000
39+++ softwareproperties/ppa.py 2012-10-02 18:42:19 +0000
40@@ -21,6 +21,7 @@
41
42 from __future__ import print_function
43
44+import apt.auth
45 import apt_pkg
46 import json
47 import os
48@@ -29,6 +30,12 @@
49 import subprocess
50 import tempfile
51
52+
53+from apt.auth import (
54+ AptKeyError,
55+ add_key_from_keyserver,
56+ )
57+
58 from threading import Thread
59
60 try:
61@@ -136,73 +143,16 @@
62 self.ppa_path = ppa_path
63 self.keyserver = (keyserver if keyserver is not None
64 else DEFAULT_KEYSERVER)
65-
66+
67 def run(self):
68 self.add_ppa_signing_key(self.ppa_path)
69-
70- def _recv_key(self, keyring, secret_keyring, signing_key_fingerprint, keyring_dir):
71- # double check that the signing key is a v4 fingerprint (160bit)
72- if not verify_keyid_is_v4(signing_key_fingerprint):
73- print("Error: signing key fingerprint '%s' too short" %
74- signing_key_fingerprint)
75- return False
76- # then get it
77- res = subprocess.call(self.GPG_DEFAULT_OPTIONS + [
78- "--homedir", keyring_dir,
79- "--secret-keyring", secret_keyring,
80- "--keyring", keyring,
81- "--keyserver", self.keyserver,
82- "--recv", signing_key_fingerprint,
83- ])
84- return (res == 0)
85-
86- def _export_key(self, keyring, export_keyring, signing_key_fingerprint, keyring_dir):
87- res = subprocess.call(self.GPG_DEFAULT_OPTIONS + [
88- "--homedir", keyring_dir,
89- "--keyring", keyring,
90- "--output", export_keyring,
91- "--export", signing_key_fingerprint,
92- ])
93- if res != 0:
94- return False
95- return True
96-
97- def _get_fingerprints(self, keyring, keyring_dir):
98- cmd = self.GPG_DEFAULT_OPTIONS + [
99- "--homedir", keyring_dir,
100- "--keyring", keyring,
101- "--fingerprint",
102- "--batch",
103- "--with-colons",
104- ]
105- output = subprocess.check_output(cmd, universal_newlines=True)
106- fingerprints = []
107- for line in output.splitlines():
108- if line.startswith("fpr:"):
109- fingerprints.append(line.split(":")[9])
110- return fingerprints
111-
112- def _verify_fingerprint(self, keyring, expected_fingerprint, keyring_dir):
113- got_fingerprints = self._get_fingerprints(keyring, keyring_dir)
114- if len(got_fingerprints) > 1:
115- print("Got '%s' fingerprints, expected only one" %
116- len(got_fingerprints))
117- return False
118- got_fingerprint = got_fingerprints[0]
119- if got_fingerprint != expected_fingerprint:
120- print("Fingerprints do not match, not importing: '%s' != '%s'" % (
121- expected_fingerprint, got_fingerprint))
122- return False
123- return True
124
125 def add_ppa_signing_key(self, ppa_path):
126 """Query and add the corresponding PPA signing key.
127-
128+
129 The signing key fingerprint is obtained from the Launchpad PPA page,
130 via a secure channel, so it can be trusted.
131 """
132- def cleanup(tmpdir):
133- shutil.rmtree(tmp_keyring_dir)
134 owner_name, ppa_name, distro = ppa_path[1:].split('/')
135 try:
136 ppa_info = get_ppa_info_from_lp(owner_name, ppa_name)
137@@ -214,32 +164,12 @@
138 except IndexError as e:
139 print("Error: can't find signing_key_fingerprint at %s" % ppa_path)
140 return False
141- # create temp keyrings
142- tmp_keyring_dir = tempfile.mkdtemp()
143- tmp_secret_keyring = os.path.join(tmp_keyring_dir, "secring.gpg")
144- tmp_keyring = os.path.join(tmp_keyring_dir, "pubring.gpg")
145- # download the key into a temp keyring first
146- if not self._recv_key(
147- tmp_keyring, tmp_secret_keyring, signing_key_fingerprint, tmp_keyring_dir):
148- cleanup(tmp_keyring_dir)
149- return False
150- # now export the key into a temp keyring using the long key id
151- tmp_export_keyring = os.path.join(tmp_keyring_dir, "export-keyring.gpg")
152- if not self._export_key(
153- tmp_keyring, tmp_export_keyring, signing_key_fingerprint, tmp_keyring_dir):
154- cleanup(tmp_keyring_dir)
155- return False
156- # now verify the fingerprint
157- if not self._verify_fingerprint(
158- tmp_export_keyring, signing_key_fingerprint, tmp_keyring_dir):
159- cleanup(tmp_keyring_dir)
160- return False
161- # and add it
162- res = subprocess.call(["apt-key", "add", tmp_keyring])
163- # cleanup
164- cleanup(tmp_keyring_dir)
165- return (res == 0)
166-
167+ try:
168+ add_key_from_keyserver(signing_key_fingerprint, self.keyserver)
169+ except AptKeyError as e:
170+ print("Error getting key from keyserver: %s" % e)
171+ return False
172+ return True
173
174 if __name__ == "__main__":
175 import sys

Subscribers

People subscribed via source and target branches

to status/vote changes: