1
=== modified file 'add-apt-repository'
2
--- add-apt-repository	2018-02-08 15:06:39 +0000
3
+++ add-apt-repository	2018-04-03 08:42:06 +0000
4
@@ -10,7 +10,6 @@
5
10
10
6
11
from softwareproperties.SoftwareProperties import SoftwareProperties, shortcut_handler
11
from softwareproperties.SoftwareProperties import SoftwareProperties, shortcut_handler
7
12
from softwareproperties.shortcuts import ShortcutException
12
from softwareproperties.shortcuts import ShortcutException
8
13
from softwareproperties.ppa import DEFAULT_KEYSERVER
9
14
import aptsources
13
import aptsources
10
15
from aptsources.sourceslist import SourceEntry
14
from aptsources.sourceslist import SourceEntry
11
16
from optparse import OptionParser
15
from optparse import OptionParser
12
@@ -60,9 +59,6 @@
13
60
    parser.add_option("-r", "--remove", action="store_true",
59
    parser.add_option("-r", "--remove", action="store_true",
14
61
        dest="remove", default=False,
60
        dest="remove", default=False,
15
62
        help=_("remove repository from sources.list.d directory"))
61
        help=_("remove repository from sources.list.d directory"))
16
63
    parser.add_option("-k", "--keyserver",
17
64
        dest="keyserver", default=DEFAULT_KEYSERVER,
18
65
        help=_("URL of keyserver. Default: %default"))
19
66
    parser.add_option("-s", "--enable-source", action="store_true",
62
    parser.add_option("-s", "--enable-source", action="store_true",
20
67
        dest="enable_source", default=False,
63
        dest="enable_source", default=False,
21
68
        help=_("Allow downloading of the source packages from the repository"))
64
        help=_("Allow downloading of the source packages from the repository"))
22
@@ -75,6 +71,10 @@
23
75
    parser.add_option("-u", "--update", action="store_true",
71
    parser.add_option("-u", "--update", action="store_true",
24
76
        dest="update", default=True,
72
        dest="update", default=True,
25
77
        help=_("Update package cache after adding (legacy option)"))
73
        help=_("Update package cache after adding (legacy option)"))
26
74
    parser.add_option("-k", "--keyserver",
27
75
        dest="keyserver", default="",
28
76
        help=_("Legacy option, unused."))
29
77
    
30
78
    (options, args) = parser.parse_args()
78
    (options, args) = parser.parse_args()
31
79
    
79
    
32
80
    # We prefer to run apt-get update here. The built-in update support
80
    # We prefer to run apt-get update here. The built-in update support
33
81
81
34
=== modified file 'debian/changelog'
35
--- debian/changelog	2018-03-21 16:43:05 +0000
36
+++ debian/changelog	2018-04-03 08:42:06 +0000
37
@@ -1,3 +1,27 @@
38
1
software-properties (0.96.24.25) bionic; urgency=medium
39
2
40
3
  * ppa.py:
41
4
   - rework key retrieval, instead of using hkp & gnupg/dirmngr, use https
42
5
     & python's built in urllib.
43
6
   - thus, add-apt-key for PPAs observes https_proxy for key retrieval
44
7
   - simplify gnupg operations, depend on gpg package only, and use
45
8
     import/public key operations only.
46
9
   - fix unicode process output bugs, when operating in a non-UTF-8
47
10
     locale, thus enabling to import keys for my ppas in C locale.
48
11
   - avoid creating trustdb, or requiring any gpg-agent systemd socket to
49
12
     be activated
50
13
   - update tests to execute key addition fully with less things stubbed
51
14
     out with mock
52
15
   - stop using apt-key for installing keys
53
16
   - dirmngr is a heavy dependency and not used, and it is hard to pass
54
17
     proxy information to it when invoking gpg from a non-standard homedir
55
18
   - deprecate --keyserver option, making HTTPS access to
56
19
     keyserver.ubuntu.com required
57
20
   - LP: #1755192, LP: #1713962, LP: #1699086, LP: #1510220, LP: #1433761,
58
21
     LP: #1395321, LP: #1312267
59
22
60
23
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 02 Apr 2018 10:19:34 +0100
61
24
62
1
software-properties (0.96.24.24) bionic; urgency=medium
25
software-properties (0.96.24.24) bionic; urgency=medium
63
2
26
64
3
  * DialogAuth.py: Implement a dialog to choose between an ubuntu sso account or
27
  * DialogAuth.py: Implement a dialog to choose between an ubuntu sso account or
65
4
28
66
=== modified file 'debian/control'
67
--- debian/control	2018-03-21 15:00:01 +0000
68
+++ debian/control	2018-04-03 08:42:06 +0000
69
@@ -20,7 +20,7 @@
70
20
Section: python
20
Section: python
71
21
Architecture: all
21
Architecture: all
72
22
Depends: ${python:Depends}, ${misc:Depends}, python, python-apt (>=
22
Depends: ${python:Depends}, ${misc:Depends}, python, python-apt (>=
74
23
 0.6.20ubuntu16), python-pycurl, lsb-release, iso-codes, gnupg, dirmngr
23
 0.6.20ubuntu16), python-pycurl, lsb-release, iso-codes, gpg
75
24
Recommends: unattended-upgrades
24
Recommends: unattended-upgrades
76
25
Description: manage the repositories that you install software from
25
Description: manage the repositories that you install software from
77
26
 This software provides an abstraction of the used apt repositories.
26
 This software provides an abstraction of the used apt repositories.
78
@@ -31,7 +31,7 @@
79
31
Section: python
31
Section: python
80
32
Architecture: all
32
Architecture: all
81
33
Depends: ${python3:Depends}, ${misc:Depends}, python3, python3-apt (>=
33
Depends: ${python3:Depends}, ${misc:Depends}, python3, python3-apt (>=
83
34
 0.6.20ubuntu16), lsb-release, iso-codes, gnupg, dirmngr
34
 0.6.20ubuntu16), lsb-release, iso-codes, gpg
84
35
Recommends: unattended-upgrades
35
Recommends: unattended-upgrades
85
36
Description: manage the repositories that you install software from
36
Description: manage the repositories that you install software from
86
37
 This software provides an abstraction of the used apt repositories.
37
 This software provides an abstraction of the used apt repositories.
87
38
38
88
=== modified file 'debian/tests/add-apt-repository'
89
--- debian/tests/add-apt-repository	2016-09-01 10:23:19 +0000
90
+++ debian/tests/add-apt-repository	2018-04-03 08:42:06 +0000
91
@@ -1,10 +1,14 @@
92
1
#!/bin/sh
1
#!/bin/sh
93
2
set -e
2
set -e
94
3
3
102
4
rm -f /etc/apt/sources.list.d/xnox-ubuntu-nonvirt-*.list
4
for locale in C.UTF-8 C
103
5
rm -f /etc/apt/trusted.gpg.d/xnox_ubuntu_nonvirt.gpg
5
do
104
6
6
    export LC_ALL=$locale
105
7
add-apt-repository ppa:xnox/nonvirt --yes
7
    echo LC_ALL=$locale test...
106
8
8
    rm -f /etc/apt/sources.list.d/xnox-ubuntu-nonvirt-*.list
107
9
[ -s /etc/apt/sources.list.d/xnox-ubuntu-nonvirt-*.list ]
9
    rm -f /etc/apt/trusted.gpg.d/xnox_ubuntu_nonvirt.gpg
108
10
[ -s /etc/apt/trusted.gpg.d/xnox_ubuntu_nonvirt.gpg ]
10
    add-apt-repository ppa:xnox/nonvirt --yes --no-update
109
11
    [ -s /etc/apt/sources.list.d/xnox-ubuntu-nonvirt-*.list ]
110
12
    [ -s /etc/apt/trusted.gpg.d/xnox_ubuntu_nonvirt.gpg ]
111
13
    gpg -q --homedir $(mktemp -d)  --no-default-keyring --keyring /etc/apt/trusted.gpg.d/xnox_ubuntu_nonvirt.gpg --fingerprint
112
14
done
113
11
15
114
=== modified file 'debian/tests/control'
115
--- debian/tests/control	2017-04-10 21:30:25 +0000
116
+++ debian/tests/control	2018-04-03 08:42:06 +0000
117
@@ -1,6 +1,6 @@
118
1
Tests: run-tests
1
Tests: run-tests
120
2
Depends: @, xvfb, dbus-x11, python-dbus, python-pycurl, python3-pycurl, python-mock, python3-mock, python-distutils-extra, python-setuptools, python3-distutils-extra, python3-setuptools, python-gi, python3-gi, pyflakes, pyflakes3, gnupg
2
Depends: @, xvfb, dbus-x11, python-dbus, python-pycurl, python3-pycurl, python-mock, python3-mock, python-distutils-extra, python-setuptools, python3-distutils-extra, python3-setuptools, python-gi, python3-gi, pyflakes, pyflakes3, gpg
121
3
3
122
4
Tests: add-apt-repository
4
Tests: add-apt-repository
125
5
Depends: software-properties-common, gnupg
5
Depends: software-properties-common, gpg
126
6
Restrictions: needs-root, breaks-testbed, allow-stderr
6
Restrictions: needs-root, breaks-testbed
127
7
7
128
=== modified file 'debian/tests/run-tests'
129
--- debian/tests/run-tests	2017-04-10 21:30:25 +0000
130
+++ debian/tests/run-tests	2018-04-03 08:42:06 +0000
131
@@ -13,15 +13,6 @@
132
13
# the test work in other locales too.
13
# the test work in other locales too.
133
14
export LC_ALL=C.UTF-8
14
export LC_ALL=C.UTF-8
134
15
15
135
16
# dirmngr and/or gpg-agent fail without ~/.gnupg present maybe some
136
17
# places should be properly declaring homedir, instead of just keyrings
137
18
if ! out=$(gpg --list-keys 2>&1); then
138
19
    ret=$?
139
20
    echo "Failed [$ret] to initialize ~/.gnupg with: gpg --list-keys" 1>&2
140
21
    echo "$out" 1>&2;
141
22
    exit $ret
142
23
fi
143
24
144
25
code=0
16
code=0
145
26
if [ "$TMPDIR" ]; then
17
if [ "$TMPDIR" ]; then
146
27
	env -u TMPDIR xvfb-run -e "$tmpdir/xvfb.log" sh -ec "TMPDIR=\"$TMPDIR\" python setup.py test && python3 setup.py test" || code="$?"
18
	env -u TMPDIR xvfb-run -e "$tmpdir/xvfb.log" sh -ec "TMPDIR=\"$TMPDIR\" python setup.py test && python3 setup.py test" || code="$?"
147
28
19
148
=== modified file 'software-properties-gtk'
149
--- software-properties-gtk	2013-06-19 07:30:35 +0000
150
+++ software-properties-gtk	2018-04-03 08:42:06 +0000
151
@@ -35,7 +35,6 @@
152
35
#sys.path.append("@prefix@/share/update-manager/python")
35
#sys.path.append("@prefix@/share/update-manager/python")
153
36
36
154
37
from softwareproperties.gtk.SoftwarePropertiesGtk import SoftwarePropertiesGtk
37
from softwareproperties.gtk.SoftwarePropertiesGtk import SoftwarePropertiesGtk
155
38
from softwareproperties.ppa import DEFAULT_KEYSERVER
156
39
38
157
40
if __name__ == "__main__":
39
if __name__ == "__main__":
158
41
  _ = gettext.gettext
40
  _ = gettext.gettext
159
@@ -68,8 +67,8 @@
160
68
                    action="store", type="string", default=None,
67
                    action="store", type="string", default=None,
161
69
                    help="Enable PPA with the given name")
68
                    help="Enable PPA with the given name")
162
70
  parser.add_option("-k", "--keyserver",
69
  parser.add_option("-k", "--keyserver",
165
71
                    dest="keyserver", default=DEFAULT_KEYSERVER,
70
                    dest="keyserver", default="",
166
72
                    help="URL of keyserver. Default: %default")
71
                    help="Legacy option, unused")
167
73
  parser.add_option("--data-dir", "",
72
  parser.add_option("--data-dir", "",
168
74
                    action="store", type="string", default="/usr/share/software-properties/",
73
                    action="store", type="string", default="/usr/share/software-properties/",
169
75
                    help="Use data files (UI) from the given directory")
74
                    help="Use data files (UI) from the given directory")
170
76
75
171
=== modified file 'software-properties-kde'
172
--- software-properties-kde	2014-12-01 07:04:29 +0000
173
+++ software-properties-kde	2018-04-03 08:42:06 +0000
174
@@ -36,7 +36,6 @@
175
36
#sys.path.append("@prefix@/share/update-manager/python")
36
#sys.path.append("@prefix@/share/update-manager/python")
176
37
37
177
38
from softwareproperties.kde.SoftwarePropertiesKDE import SoftwarePropertiesKDE
38
from softwareproperties.kde.SoftwarePropertiesKDE import SoftwarePropertiesKDE
178
39
from softwareproperties.ppa import DEFAULT_KEYSERVER
179
40
39
180
41
import sip
40
import sip
181
42
41
182
@@ -45,7 +44,6 @@
183
45
    massive_debug = False
44
    massive_debug = False
184
46
    no_update = False
45
    no_update = False
185
47
    enable_component = ""
46
    enable_component = ""
186
48
    keyserver = DEFAULT_KEYSERVER
187
49
47
188
50
#--------------- main ------------------
48
#--------------- main ------------------
189
51
if __name__ == '__main__':
49
if __name__ == '__main__':
190
@@ -89,7 +87,7 @@
191
89
                                   "name");
87
                                   "name");
192
90
    parser.addOption(ppaOption);
88
    parser.addOption(ppaOption);
193
91
    keyServerOption = QCommandLineOption("keyserver",
89
    keyServerOption = QCommandLineOption("keyserver",
195
92
                                         _("URL of keyserver"),
90
                                         _("Legacy option, unused"),
196
93
                                         "url");
91
                                         "url");
197
94
    parser.addOption(keyServerOption);
92
    parser.addOption(keyServerOption);
198
95
    winidOption = QCommandLineOption("attach", _("Win ID to act as a dialogue for"),
93
    winidOption = QCommandLineOption("attach", _("Win ID to act as a dialogue for"),
199
@@ -126,8 +124,6 @@
200
126
    attachWinID = None
124
    attachWinID = None
201
127
    if parser.isSet(winidOption):
125
    if parser.isSet(winidOption):
202
128
        attachWinID = parser.value(winidOption)
126
        attachWinID = parser.value(winidOption)
203
129
    if parser.isSet(keyServerOption):
204
130
        options.keyserver = parser.value(keyServerOption)
205
131
    # datadir has a default value, so always read it
127
    # datadir has a default value, so always read it
206
132
    data_dir = parser.value(dataDirOption)
128
    data_dir = parser.value(dataDirOption)
207
133
129
208
134
130
209
=== modified file 'softwareproperties/ppa.py'
210
--- softwareproperties/ppa.py	2016-09-21 20:01:50 +0000
211
+++ softwareproperties/ppa.py	2018-04-03 08:42:06 +0000
212
@@ -46,7 +46,7 @@
213
46
    HTTPError = pycurl.error
46
    HTTPError = pycurl.error
214
47
47
215
48
48
217
49
DEFAULT_KEYSERVER = "hkp://keyserver.ubuntu.com:80/"
49
SKS_KEYSERVER = 'https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&exact=on&search=0x%s'
218
50
# maintained until 2015
50
# maintained until 2015
219
51
LAUNCHPAD_PPA_API = 'https://launchpad.net/api/1.0/%s/+archive/%s'
51
LAUNCHPAD_PPA_API = 'https://launchpad.net/api/1.0/%s/+archive/%s'
220
52
LAUNCHPAD_USER_API = 'https://launchpad.net/api/1.0/%s'
52
LAUNCHPAD_USER_API = 'https://launchpad.net/api/1.0/%s'
221
@@ -79,13 +79,20 @@
222
79
def encode(s):
79
def encode(s):
223
80
    return re.sub("[^a-zA-Z0-9_-]", "_", s)
80
    return re.sub("[^a-zA-Z0-9_-]", "_", s)
224
81
81
226
82
def get_info_from_lp(lp_url):
82
def get_info_from_https(url, accept_json):
227
83
    if NEED_PYCURL:
83
    if NEED_PYCURL:
228
84
        # python2 has no cert verification so we need pycurl
84
        # python2 has no cert verification so we need pycurl
230
85
        return _get_https_content_pycurl(lp_url)
85
        data = _get_https_content_pycurl(url, accept_json)
231
86
    else:
86
    else:
232
87
        # python3 has cert verification so we can use the buildin urllib
87
        # python3 has cert verification so we can use the buildin urllib
234
88
        return _get_https_content_py3(lp_url)
88
        data = _get_https_content_py3(url, accept_json)
235
89
    if accept_json:
236
90
        return json.loads(data)
237
91
    else:
238
92
        return data
239
93
240
94
def get_info_from_lp(lp_url):
241
95
    return get_info_from_https(lp_url, True)
242
89
96
243
90
def get_ppa_info_from_lp(owner_name, ppa):
97
def get_ppa_info_from_lp(owner_name, ppa):
244
91
    if owner_name[0] != '~':
98
    if owner_name[0] != '~':
245
@@ -106,19 +113,20 @@
246
106
    return os.path.basename(get_info_from_lp(lp_url)["current_series_link"])
113
    return os.path.basename(get_info_from_lp(lp_url)["current_series_link"])
247
107
114
248
108
115
250
109
def _get_https_content_py3(lp_url):
116
def _get_https_content_py3(lp_url, accept_json):
251
110
    try:
117
    try:
253
111
        request = urllib.request.Request(str(lp_url), headers={"Accept":" application/json"})
118
        headers = {"Accept":" application/json"} if accept_json else {}
254
119
        request = urllib.request.Request(str(lp_url), headers=headers)
255
112
        lp_page = urllib.request.urlopen(request, cafile=LAUNCHPAD_PPA_CERT)
120
        lp_page = urllib.request.urlopen(request, cafile=LAUNCHPAD_PPA_CERT)
257
113
        json_data = lp_page.read().decode("utf-8", "strict")
121
        data = lp_page.read().decode("utf-8", "strict")
258
114
    except (URLError, HTTPException) as e:
122
    except (URLError, HTTPException) as e:
259
115
        # HTTPException doesn't have a reason but might have a string
123
        # HTTPException doesn't have a reason but might have a string
260
116
        # representation
124
        # representation
261
117
        reason = hasattr(e, "reason") and e.reason or e
125
        reason = hasattr(e, "reason") and e.reason or e
262
118
        raise PPAException("Error reading %s: %s" % (lp_url, reason), e)
126
        raise PPAException("Error reading %s: %s" % (lp_url, reason), e)
264
119
    return json.loads(json_data)
127
    return data
265
120
128
267
121
def _get_https_content_pycurl(lp_url):
129
def _get_https_content_pycurl(lp_url, accept_json):
268
122
    # this is the fallback code for python2
130
    # this is the fallback code for python2
269
123
    try:
131
    try:
270
124
        callback = CurlCallback()
132
        callback = CurlCallback()
271
@@ -129,16 +137,17 @@
272
129
        if LAUNCHPAD_PPA_CERT:
137
        if LAUNCHPAD_PPA_CERT:
273
130
            curl.setopt(pycurl.CAINFO, LAUNCHPAD_PPA_CERT)
138
            curl.setopt(pycurl.CAINFO, LAUNCHPAD_PPA_CERT)
274
131
        curl.setopt(pycurl.URL, str(lp_url))
139
        curl.setopt(pycurl.URL, str(lp_url))
276
132
        curl.setopt(pycurl.HTTPHEADER, ["Accept: application/json"])
140
        if accept_json:
277
141
            curl.setopt(pycurl.HTTPHEADER, ["Accept: application/json"])
278
133
        curl.perform()
142
        curl.perform()
279
134
        response = curl.getinfo(curl.RESPONSE_CODE)
143
        response = curl.getinfo(curl.RESPONSE_CODE)
280
135
        curl.close()
144
        curl.close()
282
136
        json_data = callback.contents
145
        data = callback.contents
283
137
    except pycurl.error as e:
146
    except pycurl.error as e:
284
138
        raise PPAException("Error reading %s: %s" % (lp_url, e), e)
147
        raise PPAException("Error reading %s: %s" % (lp_url, e), e)
285
139
    if response != 200:
148
    if response != 200:
286
140
        raise PPAException("Error reading %s: response code %i" % (lp_url, response))
149
        raise PPAException("Error reading %s: response code %i" % (lp_url, response))
288
141
    return json.loads(json_data)
150
    return data
289
142
151
290
143
152
291
144
def mangle_ppa_shortcut(shortcut):
153
def mangle_ppa_shortcut(shortcut):
292
@@ -168,14 +177,18 @@
293
168
class AddPPASigningKey(object):
177
class AddPPASigningKey(object):
294
169
    " thread class for adding the signing key in the background "
178
    " thread class for adding the signing key in the background "
295
170
179
296
171
    GPG_DEFAULT_OPTIONS = ["gpg", "--no-default-keyring", "--no-options"]
297
172
298
173
    def __init__(self, ppa_path, keyserver=None):
180
    def __init__(self, ppa_path, keyserver=None):
299
174
        self.ppa_path = ppa_path
181
        self.ppa_path = ppa_path
304
175
        self.keyserver = (keyserver if keyserver is not None
182
        self._homedir = tempfile.mkdtemp()
305
176
                          else DEFAULT_KEYSERVER)
183
306
177
184
    def __del__(self):
307
178
    def _recv_key(self, keyring, secret_keyring, signing_key_fingerprint, keyring_dir):
185
        shutil.rmtree(self._homedir)
308
186
309
187
    def gpg_cmd(self, args):
310
188
        cmd = "gpg -q --homedir %s --no-default-keyring --no-options --import --import-options %s" % (self._homedir, args)
311
189
        return subprocess.Popen(cmd.split(), stdin=subprocess.PIPE, stdout=subprocess.PIPE)
312
190
        
313
191
    def _recv_key(self, signing_key_fingerprint):
314
179
        try:
192
        try:
315
180
            # double check that the signing key is a v4 fingerprint (160bit)
193
            # double check that the signing key is a v4 fingerprint (160bit)
316
181
            if not verify_keyid_is_v4(signing_key_fingerprint):
194
            if not verify_keyid_is_v4(signing_key_fingerprint):
317
@@ -185,57 +198,30 @@
318
185
        except TypeError:
198
        except TypeError:
319
186
            print("Error: signing key fingerprint does not exist")
199
            print("Error: signing key fingerprint does not exist")
320
187
            return False
200
            return False
363
188
        # then get it
201
364
189
        res = subprocess.call(self.GPG_DEFAULT_OPTIONS + [
202
        return get_info_from_https(SKS_KEYSERVER % signing_key_fingerprint, accept_json=False)
365
190
            "--homedir", keyring_dir,
203
366
191
            "--secret-keyring", secret_keyring,
204
    def _minimize_key(self, key):
367
192
            "--keyring", keyring,
205
        p = self.gpg_cmd("import-minimal,import-export")
368
193
            "--keyserver", self.keyserver,
206
        (minimal_key, _) = p.communicate(key.encode())
369
194
            "--recv", signing_key_fingerprint,
207
        
370
195
            ])
208
        if p.returncode != 0:
371
196
        return (res == 0)
209
            return False
372
197
210
        return minimal_key
373
198
    def _export_key(self, keyring, export_keyring, signing_key_fingerprint, keyring_dir):
211
374
199
        res = subprocess.call(self.GPG_DEFAULT_OPTIONS + [
212
    def _get_fingerprints(self, key):
333
200
          "--homedir", keyring_dir,
334
201
          "--keyring", keyring,
335
202
          "--output", export_keyring,
336
203
          "--export", signing_key_fingerprint,
337
204
          ])
338
205
        if res != 0:
339
206
            return False
340
207
        return True
341
208
342
209
    def _export_armor_key(self, keyring, export_keyring, signing_key_fingerprint, keyring_dir):
343
210
        res = subprocess.call(self.GPG_DEFAULT_OPTIONS + [
344
211
          "--homedir", keyring_dir,
345
212
          "--keyring", keyring,
346
213
          "--output", export_keyring,
347
214
          "--armor",
348
215
          "--export", signing_key_fingerprint,
349
216
          ])
350
217
        if res != 0:
351
218
            return False
352
219
        return True
353
220
354
221
    def _get_fingerprints(self, keyring, keyring_dir):
355
222
        cmd = self.GPG_DEFAULT_OPTIONS + [
356
223
          "--homedir", keyring_dir,
357
224
          "--keyring", keyring,
358
225
          "--fingerprint",
359
226
          "--batch",
360
227
          "--with-colons",
361
228
          ]
362
229
        output = subprocess.check_output(cmd, universal_newlines=True)
375
230
        fingerprints = []
213
        fingerprints = []
379
231
        for line in output.splitlines():
214
        p = self.gpg_cmd("show-only --fingerprint --batch --with-colons")
380
232
            if line.startswith("fpr:"):
215
        (output, _) = p.communicate(key)
381
233
                fingerprints.append(line.split(":")[9])
216
        if p.returncode == 0:
382
217
            for line in output.decode('utf-8').splitlines():
383
218
                if line.startswith("fpr:"):
384
219
                    fingerprints.append(line.split(":")[9])
385
234
        return fingerprints
220
        return fingerprints
386
235
221
390
236
    def _verify_fingerprint(self, keyring, expected_fingerprint, keyring_dir):
222
    def _verify_fingerprint(self, key, expected_fingerprint):
391
237
        got_fingerprints = self._get_fingerprints(keyring, keyring_dir)
223
        got_fingerprints = self._get_fingerprints(key)
392
238
        if len(got_fingerprints) > 1:
224
        if len(got_fingerprints) != 1:
393
239
            print("Got '%s' fingerprints, expected only one" %
225
            print("Got '%s' fingerprints, expected only one" %
394
240
                  len(got_fingerprints))
226
                  len(got_fingerprints))
395
241
            return False
227
            return False
396
@@ -255,9 +241,6 @@
397
255
        if ppa_path is None:
241
        if ppa_path is None:
398
256
            ppa_path = self.ppa_path
242
            ppa_path = self.ppa_path
399
257
243
400
258
        def cleanup(tmpdir):
401
259
            shutil.rmtree(tmp_keyring_dir)
402
260
403
261
        try:
244
        try:
404
262
            ppa_info = get_ppa_info(ppa_path)
245
            ppa_info = get_ppa_info(ppa_path)
405
263
        except PPAException as e:
246
        except PPAException as e:
406
@@ -268,41 +251,26 @@
407
268
        except IndexError as e:
251
        except IndexError as e:
408
269
            print("Error: can't find signing_key_fingerprint at %s" % ppa_path)
252
            print("Error: can't find signing_key_fingerprint at %s" % ppa_path)
409
270
            return False
253
            return False
437
271
        # create temp keyrings
254
        
438
272
        tmp_keyring_dir = tempfile.mkdtemp()
255
        #  download the armored_key
439
273
        tmp_secret_keyring = os.path.join(tmp_keyring_dir, "secring.gpg")
256
        armored_key = self._recv_key(signing_key_fingerprint)
440
274
        tmp_keyring = os.path.join(tmp_keyring_dir, "pubring.gpg")
257
        if not armored_key:
441
275
        #  download the key into a temp keyring first
258
            return False
442
276
        if not self._recv_key(
259
416
277
            tmp_keyring, tmp_secret_keyring, signing_key_fingerprint, tmp_keyring_dir):
417
278
            cleanup(tmp_keyring_dir)
418
279
            return False
419
280
        # now export the key into a temp keyring using the long key id
420
281
        tmp_export_keyring = os.path.join(tmp_keyring_dir, "export-keyring.gpg")
421
282
        if not self._export_key(
422
283
            tmp_keyring, tmp_export_keyring, signing_key_fingerprint, tmp_keyring_dir):
423
284
            cleanup(tmp_keyring_dir)
424
285
            return False
425
286
        # now verify the fingerprint
426
287
        if not self._verify_fingerprint(
427
288
            tmp_export_keyring, signing_key_fingerprint, tmp_keyring_dir):
428
289
            cleanup(tmp_keyring_dir)
429
290
            return False
430
291
        # now export armor key, because apt-key cannot import keybox
431
292
        tmp_export_armor_keyring = os.path.join(tmp_keyring_dir, "export-armor-keyring.gpg")
432
293
        if not self._export_armor_key(
433
294
            tmp_keyring, tmp_export_armor_keyring, signing_key_fingerprint, tmp_keyring_dir):
434
295
            cleanup(tmp_keyring_dir)
435
296
            return False
436
297
        # and add it
443
298
        trustedgpgd = apt_pkg.config.find_dir("Dir::Etc::trustedparts")
260
        trustedgpgd = apt_pkg.config.find_dir("Dir::Etc::trustedparts")
451
299
        apt_keyring = os.path.join(trustedgpgd, "%s.gpg" % (
261
        apt_keyring = os.path.join(trustedgpgd, encode(ppa_info["reference"][1:]))
452
300
            encode(ppa_info["reference"][1:])))
262
453
301
        res = subprocess.call(["apt-key", "--keyring", apt_keyring, "add",
263
        minimal_key = self._minimize_key(armored_key)
454
302
            tmp_export_armor_keyring])
264
        if not minimal_key:
455
303
        # cleanup
265
            return False
456
304
        cleanup(tmp_keyring_dir)
266
        
457
305
        return (res == 0)
267
        if not self._verify_fingerprint(minimal_key, signing_key_fingerprint):
458
268
            return False
459
269
460
270
        with open('%s.gpg' % apt_keyring, 'wb') as f:
461
271
            f.write(minimal_key)
462
272
463
273
        return True
464
306
274
465
307
275
466
308
class AddPPASigningKeyThread(Thread, AddPPASigningKey):
276
class AddPPASigningKeyThread(Thread, AddPPASigningKey):
467
309
277
468
=== modified file 'tests/test_lp.py'
469
--- tests/test_lp.py	2017-12-20 20:55:27 +0000
470
+++ tests/test_lp.py	2018-04-03 08:42:06 +0000
471
@@ -27,6 +27,37 @@
472
27
    'reference': '~mvo/ubuntu/ppa',
27
    'reference': '~mvo/ubuntu/ppa',
473
28
    }
28
    }
474
29
29
475
30
MOCK_KEY="""
476
31
-----BEGIN PGP PUBLIC KEY BLOCK-----
477
32
Version: SKS 1.1.6
478
33
Comment: Hostname: keyserver.ubuntu.com
479
34
480
35
mI0ESXP67wEEAN2m3xWkAP0p1erHbJx1wYBCL6tLqWXESx1BmF0htLzdD9lfsUYiNs+Zgg3w
481
36
uU0PrQIcqZtyTESh514tw3KQ+OAK2I0a2XJR99lXPksiKoxaOOsr0pTVWDYuIlfV3yfmXvnK
482
37
FZSmaMjjKuqQbCwZe8Ev7yry9Gh9pM5Y87MbNT05ABEBAAG0HkxhdW5jaHBhZCBQUEEgZm9y
483
38
IE1pY2hhZWwgVm9ndIi2BBMBAgAgBQJJc/rvAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AA
484
39
CgkQEpGWRw6xLwVofAP/YyU3YykXbr8p7wRp1EpFlDmtbPlFXp00gt4Cqlu2AWVOkwkVoMRQ
485
40
Ncb7wog2Z6u7KyUhD8pgC2FEL0+FQjyNemv7D0OYBG+6DLdjtRsv0CumLdWFmviU96j3OcwT
486
41
G2GkIC/eB2maTrV/vj7vlZ0Qe/T1NL6XLpr0A6Rg6JAtkFM=
487
42
=SMbJ
488
43
-----END PGP PUBLIC KEY BLOCK-----
489
44
"""
490
45
491
46
MOCK_SECOND_KEY="""
492
47
-----BEGIN PGP PUBLIC KEY BLOCK-----
493
48
Version: SKS 1.1.6
494
49
Comment: Hostname: keyserver.ubuntu.com
495
50
496
51
mI0ESX34EgEEAOTzplZO3TXmb9dRLu7kOuIEia21e4gwQ/RQe+LD7HdhikcETjf2Ruu0mn6S
497
52
sgPLL+duhKxmv6ZciLUgkk0qEDCZuR6BPxdgAIwqmQmFipcv6UTMQitRPUa9WlPU37Qg+joL
498
53
cTBUdamnVq+yJhLmnuO44UWAty85nNJzDd29gxqXABEBAAG0LUxhdW5jaHBhZCBQUEEgZm9y
499
54
INCU0LzQuNGC0YDQuNC5INCb0LXQtNC60L7Qsoi2BBMBAgAgBQJJffgSAhsDBgsJCAcDAgQV
500
55
AggDBBYCAwECHgECF4AACgkQFXlR/kAx0oeuSwQAuhhgWgeeG3F9XMYDqgJShzMSeQOLMKBq
501
56
6mNFEL1sDhRdbinf7rwuQFXDSSNCj8/PLa3DF/u09tAm6CTi10iwxxbXf16pTq21gxCA3/xS
502
57
fszv352yZpcN85MD5aozqv7qUCGOQ9Gey7JzgD7L4wMEjyRScVjx1chfLgyapdj822E=
503
58
=pdql
504
59
-----END PGP PUBLIC KEY BLOCK-----
505
60
"""
506
30
61
507
31
class LaunchpadPPATestCase(unittest.TestCase):
62
class LaunchpadPPATestCase(unittest.TestCase):
508
32
	
63
	
509
@@ -34,7 +65,7 @@
510
34
    def setUpClass(cls):
65
    def setUpClass(cls):
511
35
        for k in apt_pkg.config.keys():
66
        for k in apt_pkg.config.keys():
512
36
            apt_pkg.config.clear(k)
67
            apt_pkg.config.clear(k)
514
37
        apt_pkg.init()
68
        apt_pkg.init()        
515
38
69
516
39
    @unittest.skipUnless(
70
    @unittest.skipUnless(
517
40
        "TEST_ONLINE" in os.environ,
71
        "TEST_ONLINE" in os.environ,
518
@@ -73,7 +104,13 @@
519
73
        for k in apt_pkg.config.keys():
104
        for k in apt_pkg.config.keys():
520
74
            apt_pkg.config.clear(k)
105
            apt_pkg.config.clear(k)
521
75
        apt_pkg.init()
106
        apt_pkg.init()
523
76
		
107
        cls.trustedgpg = os.path.join(
524
108
            os.path.dirname(__file__), "aptroot", "etc", "apt", "trusted.gpg.d")
525
109
        try:
526
110
            os.makedirs(cls.trustedgpg)
527
111
        except:
528
112
            pass
529
113
530
77
    def setUp(self):
114
    def setUp(self):
531
78
        self.t = AddPPASigningKeyThread("~mvo/ubuntu/ppa")
115
        self.t = AddPPASigningKeyThread("~mvo/ubuntu/ppa")
532
79
116
533
@@ -91,38 +128,30 @@
534
91
        self.assertFalse(mock_subprocess.call.called)
128
        self.assertFalse(mock_subprocess.call.called)
535
92
129
536
93
    @patch("softwareproperties.ppa.get_ppa_info_from_lp")
130
    @patch("softwareproperties.ppa.get_ppa_info_from_lp")
569
94
    @patch("softwareproperties.ppa.subprocess")
131
    @patch("softwareproperties.ppa.get_info_from_https")
570
95
    def test_add_ppa_signing_key_wrong_fingerprint(self, mock_subprocess, mock_get_ppa_info):
132
    def test_add_ppa_signing_key_wrong_fingerprint(self, mock_https, mock_get_ppa_info):
571
96
        mock_get_ppa_info.return_value = MOCK_PPA_INFO
133
        mock_get_ppa_info.return_value = MOCK_PPA_INFO
572
97
        mock_subprocess.call.return_value = 0
134
        mock_https.return_value = MOCK_SECOND_KEY
573
98
        with patch.object(self.t, "_get_fingerprints") as mock:
135
        res = self.t.add_ppa_signing_key("~mvo/ubuntu/ppa")
574
99
            # setup wrong fingerprint
136
        self.assertFalse(res)
575
100
            mock.return_value = ["48B913EC7093C0C675DADCC04BEF262422DF4087"]
137
576
101
            res = self.t.add_ppa_signing_key("~mvo/ubuntu/ppa")
138
    @patch("softwareproperties.ppa.get_ppa_info_from_lp")
577
102
            self.assertFalse(res)
139
    @patch("softwareproperties.ppa.get_info_from_https")
578
103
140
    def test_add_ppa_signing_key_multiple_fingerprints(self, mock_https, mock_get_ppa_info):
579
104
    @patch("softwareproperties.ppa.get_ppa_info_from_lp")
141
        mock_get_ppa_info.return_value = MOCK_PPA_INFO
580
105
    @patch("softwareproperties.ppa.subprocess")
142
        mock_https.return_value = '\n'.join([MOCK_KEY, MOCK_SECOND_KEY])
581
106
    def test_add_ppa_signing_key_multiple_fingerprints(self, mock_subprocess, mock_get_ppa_info):
143
        res = self.t.add_ppa_signing_key("~mvo/ubuntu/ppa")
582
107
        mock_get_ppa_info.return_value = MOCK_PPA_INFO
144
        self.assertFalse(res)
583
108
        mock_subprocess.call.return_value = 0
145
584
109
        with patch.object(self.t, "_get_fingerprints") as mock:
146
    @patch("softwareproperties.ppa.get_ppa_info_from_lp")
585
110
            # setup multiple fingerprints
147
    @patch("softwareproperties.ppa.get_info_from_https")
586
111
            mock.return_value = ["019A25FED88F961763935D7F129196470EB12F05",
148
    @patch("apt_pkg.config")
587
112
                                 "48B913EC7093C0C675DADCC04BEF262422DF4087"]
149
    def test_add_ppa_signing_key_ok(self, mock_config, mock_https, mock_get_ppa_info):
588
113
            res = self.t.add_ppa_signing_key("~mvo/ubuntu/ppa")
150
        mock_get_ppa_info.return_value = MOCK_PPA_INFO
589
114
            self.assertFalse(res)
151
        mock_https.return_value = MOCK_KEY
590
115
152
        mock_config.find_dir.return_value = self.trustedgpg
591
116
    @patch("softwareproperties.ppa.get_ppa_info_from_lp")
153
        res = self.t.add_ppa_signing_key("~mvo/ubuntu/ppa")
592
117
    @patch("softwareproperties.ppa.subprocess")
154
        self.assertTrue(res)
561
118
    def test_add_ppa_signing_key_ok(self, mock_subprocess, mock_get_ppa_info):
562
119
        mock_get_ppa_info.return_value = MOCK_PPA_INFO
563
120
        mock_subprocess.call.return_value = 0
564
121
        # setup correct signing key
565
122
        with patch.object(self.t, "_get_fingerprints") as mock:
566
123
            mock.return_value = ["019A25FED88F961763935D7F129196470EB12F05"]
567
124
            res = self.t.add_ppa_signing_key("~mvo/ubuntu/ppa")
568
125
            self.assertTrue(res)
593
126
    
155
    
594
127
    def test_verify_keyid_is_v4(self):
156
    def test_verify_keyid_is_v4(self):
595
128
        keyid = "0EB12F05"
157
        keyid = "0EB12F05"
Reviewer	Review Type	Date Requested	Status
Ubuntu Core Development Team		2018-04-02	Pending
Review via email: mp+342500@code.launchpad.net