Software Properties

Merge lp:~silhusk/software-properties/lp1656100-remove-signing-keys into lp:software-properties

  1. lp1656100-remove-signing-keys
  2. Merge into main
Proposed by Carlo Vanini
Status: Merged
Approved by: Sebastien Bacher
Approved revision: 1060
Merged at revision: 1059
Proposed branch: lp:~silhusk/software-properties/lp1656100-remove-signing-keys
Merge into: lp:software-properties
Diff against target: 105 lines (+18/-9)
4 files modified
softwareproperties/SoftwareProperties.py (+0/-3)
softwareproperties/dbus/SoftwarePropertiesDBus.py (+16/-4)
softwareproperties/gtk/SoftwarePropertiesGtk.py (+1/-1)
softwareproperties/qt/SoftwarePropertiesQt.py (+1/-1)
To merge this branch: bzr merge lp:~silhusk/software-properties/lp1656100-remove-signing-keys
Reviewer Review Type Date Requested Status
Sebastien Bacher Approve
Review via email: mp+361160@code.launchpad.net

Commit message

Fix removal of signing keys in the Authentication tab always failing.

Description of the change

When clicking on "Remove" we were using the first 8 characters of the display string as a 32 bit (short) key ID. But what we get is the first half of a 64 bit ID, which is not a short ID. This fix uses all the 16 characters in the display string.

Move calls to KeysModified() from class SoftwareProperties to SoftwarePropertiesDBus, where it is defined. Otherwise, in SoftwarePropertiesQt it would raise AttributeError because the function is not defined, and make remove_key() fail even though it did not (the "report this bug" dialog shows up). The same for update_keys and add_key.

To post a comment you must log in.
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for the work there, I'm not really familiar with that code but it has no dedicated maintainer so I'm trying to help with review, some comments/questions

* you wrote 'Remove calls to KeysModified which doesnt's exist and causes all actions on
  keys to look like they failed.'

Where does it look like they failed? What actions are you talking about? (unsure why there is no error/traceback printed about those calls)

* shouldn't those calls be moved to the Dbus backend rather than removed, like it was done in http://launchpadlibrarian.net/91837493/software-properties_0.82.3_0.82.4.diff.gz

* apt-key list is listing 8 digits keys, should we do the same on the UI? (but the parsing code doing [:8] takes the wrong half it seems, did that ever worked? [8:16] looks like what we want or just using :16 should be good enough?

(it doesn't help that "apt-key rm <garbage>" always returns "OK" (known as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799342)

review: Needs Information
Revision history for this message
Carlo Vanini (silhusk) wrote :

Hi Sebastien, thank you for looking into it.

> * you wrote 'Remove calls to KeysModified which doesnt's exist and causes all
> actions on
> keys to look like they failed.'

Let's consider remove_key() defined at softwareproperties/SoftwareProperties.py:838, for instance. The call to self.KeysModified is wrapped in a try-except that catches the AttributeError exception (self doesn't have any KeysModified), and make remove_key always return False.
The same holds for add_key() and update_keys().

> * shouldn't those calls be moved to the Dbus backend

Yes, definitely (imho). But that's a different story. Please, see https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1804887 The patch there is just a proof of concept. Since then I ported the whole application to DBus, but did't publish the code yet.

> * apt-key list is listing 8 digits keys, should we do the same on the UI? (but
> the parsing code doing [:8] takes the wrong half it seems, did that ever
> worked? [8:16] looks like what we want or just using :16 should be good
> enough?

I guess at some point the UI was showing 8 digits keys, therefore :8 was used. Now it shows 16. It is now advised to use the full key fingerprint (40 digits) in order to avoid collision attacks, but that's really long (we should change the UI).
Using :16 was just the smallest change to make it work, with the added benefit of using 64 bits key id.
A way to check fingerprints like in Dolphin's file properties for md5/sha1/sha256 would be cool, where you paste some text and it tells you if it does match.

Revision history for this message
Sebastien Bacher (seb128) wrote :

> Let's consider remove_key() defined at softwareproperties/SoftwareProperties.py:838, for instance.
> The call to self.KeysModified is wrapped in a try-except that catches the AttributeError exception
> (self doesn't have any KeysModified), and make remove_key always return False.

Right, I did try to remove the try/except and still don't see an error though, maybe I did test that wrongly, I'm going to give it another try

>> * shouldn't those calls be moved to the Dbus backend
> Yes, definitely (imho). But that's a different story.

Well, I was just speaking about moving the self.KeysModified() lines instead of removing them (same that was done in http://launchpadlibrarian.net/91837493/software-properties_0.82.3_0.82.4.diff.gz). Why do you consider it a "different story"? e.g RemoveKey() in SoftwarePropertiesDbus.py line 312 could have that line added no, that way the change signal keeps being emited? or do you think that's not required for some reason and if so could give some details on why you think those calls are not useful/can be purely removed?

> Using :16 was just the smallest change to make it work, with the added benefit of using 64 bits key id.

Right, that makes sense, that's fine with me. I would like to see the KeysModified question resolved before we merge the changes though.

review: Needs Information
lp:~silhusk/software-properties/lp1656100-remove-signing-keys updated
1060. By Carlo <carlo@mela>

Emit KeysModified signal when keys are modified

Revision history for this message
Carlo Vanini (silhusk) wrote :

> Well, I was just speaking about moving the self.KeysModified() lines instead
> of removing them (same that was done in http://launchpadlibrarian.net/91837493
> /software-properties_0.82.3_0.82.4.diff.gz).

I didn't understand correctly what you meant, sorry. You are right! The branch is now updated.
In fact the exception is only raised in SoftwarePropertiesQt. In the dbus service KeysModified is defined in class SoftwarePropertiesDBus, although it is called from parent class SoftwareProperties. After the changes both the calls and the definition are in the same class SoftwarePropertiesDBus.

s-p-qt is not using dbus, and is reloading keys anyway.

Revision history for this message
Sebastien Bacher (seb128) wrote :

That looks good now, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'softwareproperties/SoftwareProperties.py'
--- softwareproperties/SoftwareProperties.py 2018-04-09 19:29:09 +0000
+++ softwareproperties/SoftwareProperties.py 2019-01-12 13:07:33 +0000
@@ -844,7 +844,6 @@
844 return False844 return False
845 try:845 try:
846 res = self.apt_key.add(path)846 res = self.apt_key.add(path)
847 self.KeysModified()
848 return res847 return res
849 except:848 except:
850 return False849 return False
@@ -860,7 +859,6 @@
860 """Remove a gnupg key from the list of trusted software vendors"""859 """Remove a gnupg key from the list of trusted software vendors"""
861 try:860 try:
862 self.apt_key.rm(keyid)861 self.apt_key.rm(keyid)
863 self.KeysModified()
864 return True862 return True
865 except:863 except:
866 return False864 return False
@@ -869,7 +867,6 @@
869 """ Run apt-key update """867 """ Run apt-key update """
870 try:868 try:
871 self.apt_key.update()869 self.apt_key.update()
872 self.KeysModified()
873 return True870 return True
874 except:871 except:
875 return False872 return False
876873
=== modified file 'softwareproperties/dbus/SoftwarePropertiesDBus.py'
--- softwareproperties/dbus/SoftwarePropertiesDBus.py 2017-08-30 18:57:54 +0000
+++ softwareproperties/dbus/SoftwarePropertiesDBus.py 2019-01-12 13:07:33 +0000
@@ -293,7 +293,10 @@
293 def AddKey(self, path, sender=None, conn=None):293 def AddKey(self, path, sender=None, conn=None):
294 self._check_policykit_privilege(294 self._check_policykit_privilege(
295 sender, conn, "com.ubuntu.softwareproperties.applychanges")295 sender, conn, "com.ubuntu.softwareproperties.applychanges")
296 return self.add_key(path)296 res = self.add_key(path)
297 if res:
298 self.KeysModified()
299 return res
297300
298 @dbus.service.method(DBUS_INTERFACE_NAME,301 @dbus.service.method(DBUS_INTERFACE_NAME,
299 sender_keyword="sender", connection_keyword="conn",302 sender_keyword="sender", connection_keyword="conn",
@@ -301,7 +304,10 @@
301 def AddKeyFromData(self, keyData, sender=None, conn=None):304 def AddKeyFromData(self, keyData, sender=None, conn=None):
302 self._check_policykit_privilege(305 self._check_policykit_privilege(
303 sender, conn, "com.ubuntu.softwareproperties.applychanges")306 sender, conn, "com.ubuntu.softwareproperties.applychanges")
304 return self.add_key_from_data(keyData)307 res = self.add_key_from_data(keyData)
308 if res:
309 self.KeysModified()
310 return res
305311
306 @dbus.service.method(DBUS_INTERFACE_NAME,312 @dbus.service.method(DBUS_INTERFACE_NAME,
307 sender_keyword="sender", connection_keyword="conn",313 sender_keyword="sender", connection_keyword="conn",
@@ -309,7 +315,10 @@
309 def RemoveKey(self, keyid, sender=None, conn=None):315 def RemoveKey(self, keyid, sender=None, conn=None):
310 self._check_policykit_privilege(316 self._check_policykit_privilege(
311 sender, conn, "com.ubuntu.softwareproperties.applychanges")317 sender, conn, "com.ubuntu.softwareproperties.applychanges")
312 return self.remove_key(keyid)318 res = self.remove_key(keyid)
319 if res:
320 self.KeysModified()
321 return res
313322
314 @dbus.service.method(DBUS_INTERFACE_NAME,323 @dbus.service.method(DBUS_INTERFACE_NAME,
315 sender_keyword="sender", connection_keyword="conn",324 sender_keyword="sender", connection_keyword="conn",
@@ -317,7 +326,10 @@
317 def UpdateKeys(self, sender=None, conn=None):326 def UpdateKeys(self, sender=None, conn=None):
318 self._check_policykit_privilege(327 self._check_policykit_privilege(
319 sender, conn, "com.ubuntu.softwareproperties.applychanges")328 sender, conn, "com.ubuntu.softwareproperties.applychanges")
320 return self.update_keys()329 res = self.update_keys()
330 if res:
331 self.KeysModified()
332 return res
321333
322 # LivePatch334 # LivePatch
323 @dbus.service.method(DBUS_INTERFACE_NAME,335 @dbus.service.method(DBUS_INTERFACE_NAME,
324336
=== modified file 'softwareproperties/gtk/SoftwarePropertiesGtk.py'
--- softwareproperties/gtk/SoftwarePropertiesGtk.py 2018-12-11 22:35:38 +0000
+++ softwareproperties/gtk/SoftwarePropertiesGtk.py 2019-01-12 13:07:33 +0000
@@ -1015,7 +1015,7 @@
1015 return1015 return
1016 key = model.get_value(a_iter, 0)1016 key = model.get_value(a_iter, 0)
1017 try:1017 try:
1018 if not self.backend.RemoveKey(key[:8]):1018 if not self.backend.RemoveKey(key[:16]):
1019 error(self.main,1019 error(self.main,
1020 _("Error removing the key"),1020 _("Error removing the key"),
1021 _("The key you selected could not be removed. "1021 _("The key you selected could not be removed. "
10221022
=== modified file 'softwareproperties/qt/SoftwarePropertiesQt.py'
--- softwareproperties/qt/SoftwarePropertiesQt.py 2018-07-14 10:45:16 +0000
+++ softwareproperties/qt/SoftwarePropertiesQt.py 2019-01-12 13:07:33 +0000
@@ -677,7 +677,7 @@
677 if item == None:677 if item == None:
678 return678 return
679 key = item.text(0)679 key = item.text(0)
680 if not self.remove_key(key[:8]):680 if not self.remove_key(key[:16]):
681 title = _("Error removing the key")681 title = _("Error removing the key")
682 text = _("The key you selected could not be removed. "682 text = _("The key you selected could not be removed. "
683 "Please report this as a bug.")683 "Please report this as a bug.")

Subscribers

People subscribed via source and target branches

to status/vote changes: