Software Properties

Merge lp:~silhusk/software-properties/lp1656100-remove-signing-keys into lp:software-properties

  1. lp1656100-remove-signing-keys
  2. Merge into main
Proposed by Carlo Vanini
Status: Merged
Approved by: Sebastien Bacher
Approved revision: 1060
Merged at revision: 1059
Proposed branch: lp:~silhusk/software-properties/lp1656100-remove-signing-keys
Merge into: lp:software-properties
Diff against target: 105 lines (+18/-9)
4 files modified
softwareproperties/SoftwareProperties.py (+0/-3)
softwareproperties/dbus/SoftwarePropertiesDBus.py (+16/-4)
softwareproperties/gtk/SoftwarePropertiesGtk.py (+1/-1)
softwareproperties/qt/SoftwarePropertiesQt.py (+1/-1)
To merge this branch: bzr merge lp:~silhusk/software-properties/lp1656100-remove-signing-keys
Reviewer Review Type Date Requested Status
Sebastien Bacher Approve
Review via email: mp+361160@code.launchpad.net

Commit message

Fix removal of signing keys in the Authentication tab always failing.

Description of the change

When clicking on "Remove" we were using the first 8 characters of the display string as a 32 bit (short) key ID. But what we get is the first half of a 64 bit ID, which is not a short ID. This fix uses all the 16 characters in the display string.

Move calls to KeysModified() from class SoftwareProperties to SoftwarePropertiesDBus, where it is defined. Otherwise, in SoftwarePropertiesQt it would raise AttributeError because the function is not defined, and make remove_key() fail even though it did not (the "report this bug" dialog shows up). The same for update_keys and add_key.

To post a comment you must log in.
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for the work there, I'm not really familiar with that code but it has no dedicated maintainer so I'm trying to help with review, some comments/questions

* you wrote 'Remove calls to KeysModified which doesnt's exist and causes all actions on
  keys to look like they failed.'

Where does it look like they failed? What actions are you talking about? (unsure why there is no error/traceback printed about those calls)

* shouldn't those calls be moved to the Dbus backend rather than removed, like it was done in http://launchpadlibrarian.net/91837493/software-properties_0.82.3_0.82.4.diff.gz

* apt-key list is listing 8 digits keys, should we do the same on the UI? (but the parsing code doing [:8] takes the wrong half it seems, did that ever worked? [8:16] looks like what we want or just using :16 should be good enough?

(it doesn't help that "apt-key rm <garbage>" always returns "OK" (known as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799342)

review: Needs Information
Revision history for this message
Carlo Vanini (silhusk) wrote :

Hi Sebastien, thank you for looking into it.

> * you wrote 'Remove calls to KeysModified which doesnt's exist and causes all
> actions on
> keys to look like they failed.'

Let's consider remove_key() defined at softwareproperties/SoftwareProperties.py:838, for instance. The call to self.KeysModified is wrapped in a try-except that catches the AttributeError exception (self doesn't have any KeysModified), and make remove_key always return False.
The same holds for add_key() and update_keys().

> * shouldn't those calls be moved to the Dbus backend

Yes, definitely (imho). But that's a different story. Please, see https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1804887 The patch there is just a proof of concept. Since then I ported the whole application to DBus, but did't publish the code yet.

> * apt-key list is listing 8 digits keys, should we do the same on the UI? (but
> the parsing code doing [:8] takes the wrong half it seems, did that ever
> worked? [8:16] looks like what we want or just using :16 should be good
> enough?

I guess at some point the UI was showing 8 digits keys, therefore :8 was used. Now it shows 16. It is now advised to use the full key fingerprint (40 digits) in order to avoid collision attacks, but that's really long (we should change the UI).
Using :16 was just the smallest change to make it work, with the added benefit of using 64 bits key id.
A way to check fingerprints like in Dolphin's file properties for md5/sha1/sha256 would be cool, where you paste some text and it tells you if it does match.

Revision history for this message
Sebastien Bacher (seb128) wrote :

> Let's consider remove_key() defined at softwareproperties/SoftwareProperties.py:838, for instance.
> The call to self.KeysModified is wrapped in a try-except that catches the AttributeError exception
> (self doesn't have any KeysModified), and make remove_key always return False.

Right, I did try to remove the try/except and still don't see an error though, maybe I did test that wrongly, I'm going to give it another try

>> * shouldn't those calls be moved to the Dbus backend
> Yes, definitely (imho). But that's a different story.

Well, I was just speaking about moving the self.KeysModified() lines instead of removing them (same that was done in http://launchpadlibrarian.net/91837493/software-properties_0.82.3_0.82.4.diff.gz). Why do you consider it a "different story"? e.g RemoveKey() in SoftwarePropertiesDbus.py line 312 could have that line added no, that way the change signal keeps being emited? or do you think that's not required for some reason and if so could give some details on why you think those calls are not useful/can be purely removed?

> Using :16 was just the smallest change to make it work, with the added benefit of using 64 bits key id.

Right, that makes sense, that's fine with me. I would like to see the KeysModified question resolved before we merge the changes though.

review: Needs Information
lp:~silhusk/software-properties/lp1656100-remove-signing-keys updated
1060. By Carlo <carlo@mela>

Emit KeysModified signal when keys are modified

Revision history for this message
Carlo Vanini (silhusk) wrote :

> Well, I was just speaking about moving the self.KeysModified() lines instead
> of removing them (same that was done in http://launchpadlibrarian.net/91837493
> /software-properties_0.82.3_0.82.4.diff.gz).

I didn't understand correctly what you meant, sorry. You are right! The branch is now updated.
In fact the exception is only raised in SoftwarePropertiesQt. In the dbus service KeysModified is defined in class SoftwarePropertiesDBus, although it is called from parent class SoftwareProperties. After the changes both the calls and the definition are in the same class SoftwarePropertiesDBus.

s-p-qt is not using dbus, and is reloading keys anyway.

Revision history for this message
Sebastien Bacher (seb128) wrote :

That looks good now, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'softwareproperties/SoftwareProperties.py'
2--- softwareproperties/SoftwareProperties.py 2018-04-09 19:29:09 +0000
3+++ softwareproperties/SoftwareProperties.py 2019-01-12 13:07:33 +0000
4@@ -844,7 +844,6 @@
5 return False
6 try:
7 res = self.apt_key.add(path)
8- self.KeysModified()
9 return res
10 except:
11 return False
12@@ -860,7 +859,6 @@
13 """Remove a gnupg key from the list of trusted software vendors"""
14 try:
15 self.apt_key.rm(keyid)
16- self.KeysModified()
17 return True
18 except:
19 return False
20@@ -869,7 +867,6 @@
21 """ Run apt-key update """
22 try:
23 self.apt_key.update()
24- self.KeysModified()
25 return True
26 except:
27 return False
28
29=== modified file 'softwareproperties/dbus/SoftwarePropertiesDBus.py'
30--- softwareproperties/dbus/SoftwarePropertiesDBus.py 2017-08-30 18:57:54 +0000
31+++ softwareproperties/dbus/SoftwarePropertiesDBus.py 2019-01-12 13:07:33 +0000
32@@ -293,7 +293,10 @@
33 def AddKey(self, path, sender=None, conn=None):
34 self._check_policykit_privilege(
35 sender, conn, "com.ubuntu.softwareproperties.applychanges")
36- return self.add_key(path)
37+ res = self.add_key(path)
38+ if res:
39+ self.KeysModified()
40+ return res
41
42 @dbus.service.method(DBUS_INTERFACE_NAME,
43 sender_keyword="sender", connection_keyword="conn",
44@@ -301,7 +304,10 @@
45 def AddKeyFromData(self, keyData, sender=None, conn=None):
46 self._check_policykit_privilege(
47 sender, conn, "com.ubuntu.softwareproperties.applychanges")
48- return self.add_key_from_data(keyData)
49+ res = self.add_key_from_data(keyData)
50+ if res:
51+ self.KeysModified()
52+ return res
53
54 @dbus.service.method(DBUS_INTERFACE_NAME,
55 sender_keyword="sender", connection_keyword="conn",
56@@ -309,7 +315,10 @@
57 def RemoveKey(self, keyid, sender=None, conn=None):
58 self._check_policykit_privilege(
59 sender, conn, "com.ubuntu.softwareproperties.applychanges")
60- return self.remove_key(keyid)
61+ res = self.remove_key(keyid)
62+ if res:
63+ self.KeysModified()
64+ return res
65
66 @dbus.service.method(DBUS_INTERFACE_NAME,
67 sender_keyword="sender", connection_keyword="conn",
68@@ -317,7 +326,10 @@
69 def UpdateKeys(self, sender=None, conn=None):
70 self._check_policykit_privilege(
71 sender, conn, "com.ubuntu.softwareproperties.applychanges")
72- return self.update_keys()
73+ res = self.update_keys()
74+ if res:
75+ self.KeysModified()
76+ return res
77
78 # LivePatch
79 @dbus.service.method(DBUS_INTERFACE_NAME,
80
81=== modified file 'softwareproperties/gtk/SoftwarePropertiesGtk.py'
82--- softwareproperties/gtk/SoftwarePropertiesGtk.py 2018-12-11 22:35:38 +0000
83+++ softwareproperties/gtk/SoftwarePropertiesGtk.py 2019-01-12 13:07:33 +0000
84@@ -1015,7 +1015,7 @@
85 return
86 key = model.get_value(a_iter, 0)
87 try:
88- if not self.backend.RemoveKey(key[:8]):
89+ if not self.backend.RemoveKey(key[:16]):
90 error(self.main,
91 _("Error removing the key"),
92 _("The key you selected could not be removed. "
93
94=== modified file 'softwareproperties/qt/SoftwarePropertiesQt.py'
95--- softwareproperties/qt/SoftwarePropertiesQt.py 2018-07-14 10:45:16 +0000
96+++ softwareproperties/qt/SoftwarePropertiesQt.py 2019-01-12 13:07:33 +0000
97@@ -677,7 +677,7 @@
98 if item == None:
99 return
100 key = item.text(0)
101- if not self.remove_key(key[:8]):
102+ if not self.remove_key(key[:16]):
103 title = _("Error removing the key")
104 text = _("The key you selected could not be removed. "
105 "Please report this as a bug.")

Subscribers

People subscribed via source and target branches

to status/vote changes: