Release Upgrader

Merge lp:~xnox/ubuntu-release-upgrader/gnupg2 into lp:ubuntu-release-upgrader

  1. gnupg2
  2. Merge into trunk
Proposed by Dimitri John Ledkov
Status: Merged
Merged at revision: 3012
Proposed branch: lp:~xnox/ubuntu-release-upgrader/gnupg2
Merge into: lp:ubuntu-release-upgrader
Diff against target: 256 lines (+36/-64)
8 files modified
DistUpgrade/DistUpgradeAptCdrom.py (+8/-7)
DistUpgrade/DistUpgradeFetcherCore.py (+9/-49)
debian/changelog (+6/-0)
debian/control (+1/-0)
tests/test_cdrom.py (+4/-2)
tests/test_end_of_life.py (+2/-0)
tests/test_pep8.py (+1/-1)
tests/test_prerequists.py (+5/-5)
To merge this branch: bzr merge lp:~xnox/ubuntu-release-upgrader/gnupg2
Reviewer Review Type Date Requested Status
Brian Murray Pending
Ubuntu Core Development Team Pending
Review via email: mp+307406@code.launchpad.net

Description of the change

apt-secure key fragment compatibility

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'DistUpgrade/DistUpgradeAptCdrom.py'
2--- DistUpgrade/DistUpgradeAptCdrom.py 2016-03-03 16:56:55 +0000
3+++ DistUpgrade/DistUpgradeAptCdrom.py 2016-10-03 09:58:39 +0000
4@@ -28,6 +28,7 @@
5 import shutil
6 import subprocess
7 import sys
8+import tempfile
9 from gettext import gettext as _
10
11
12@@ -46,6 +47,7 @@
13 self.packages = set()
14 self.signatures = set()
15 self.i18n = set()
16+ apt_pkg.init_config()
17
18 def restore_backup(self, backup_ext):
19 """ restore the backup copy of the cdroms.list file
20@@ -199,17 +201,16 @@
21
22 def _verifyRelease(self, signatures):
23 " verify the signatues and hashes "
24- gpgv = apt_pkg.config.find("Dir::Bin::gpg", "/usr/bin/gpgv")
25- keyring = apt_pkg.config.find("Apt::GPGV::TrustedKeyring",
26- "/etc/apt/trusted.gpg")
27 for sig in signatures:
28 basepath = os.path.split(sig)[0]
29 # do gpg checking
30 releasef = os.path.splitext(sig)[0]
31- cmd = [gpgv, "--keyring", keyring,
32- "--ignore-time-conflict",
33- sig, releasef]
34- ret = subprocess.call(cmd)
35+ verify_env = os.environ.copy()
36+ cmd = ["apt-key", "--quiet", "verify", sig, releasef]
37+ with tempfile.NamedTemporaryFile() as fp:
38+ fp.write(apt_pkg.config.dump())
39+ verify_env["APT_CONFIG"] = fp.name
40+ ret = subprocess.call(cmd, env=verify_env)
41 if not (ret == 0):
42 return False
43 # now do the hash sum checks
44
45=== modified file 'DistUpgrade/DistUpgradeFetcherCore.py'
46--- DistUpgrade/DistUpgradeFetcherCore.py 2015-11-02 17:46:28 +0000
47+++ DistUpgrade/DistUpgradeFetcherCore.py 2016-10-03 09:58:39 +0000
48@@ -78,58 +78,18 @@
49 return False
50
51 def gpgauthenticate(self, file, signature,
52- keyring='/etc/apt/trusted.gpg'):
53+ keyring=None):
54 """ authenticated a file against a given signature, if no keyring
55 is given use the apt default keyring
56 """
57- status_pipe = os.pipe()
58- logger_pipe = os.pipe()
59- if sys.version_info >= (3, 4):
60- os.set_inheritable(status_pipe[1], 1)
61- os.set_inheritable(logger_pipe[1], 1)
62- gpg = [
63- "gpg",
64- "--status-fd", "%d" % status_pipe[1],
65- "--logger-fd", "%d" % logger_pipe[1],
66- "--no-options",
67- "--homedir", self.tmpdir,
68- "--no-default-keyring",
69- "--ignore-time-conflict",
70- "--keyring", keyring,
71- "--verify", signature, file,
72- ]
73-
74- def gpg_preexec():
75- os.close(status_pipe[0])
76- os.close(logger_pipe[0])
77-
78- proc = subprocess.Popen(
79- gpg, stderr=subprocess.PIPE, preexec_fn=gpg_preexec,
80- close_fds=False, universal_newlines=True)
81- os.close(status_pipe[1])
82- os.close(logger_pipe[1])
83- status_handle = os.fdopen(status_pipe[0])
84- logger_handle = os.fdopen(logger_pipe[0])
85- try:
86- gpgres = status_handle.read()
87- ret = proc.wait()
88- if ret != 0:
89- # gnupg returned a problem (non-zero exit)
90- print("gpg exited %d" % ret)
91- print("Debug information: ")
92- print(status_handle.read())
93- print(proc.stderr.read())
94- print(logger_handle.read())
95- return False
96- if "VALIDSIG" in gpgres:
97- return True
98- print("invalid result from gpg:")
99- print(gpgres)
100- return False
101- finally:
102- status_handle.close()
103- proc.stderr.close()
104- logger_handle.close()
105+ gpg = ["apt-key"]
106+
107+ if keyring:
108+ gpg += ["--keyring", keyring]
109+
110+ gpg += ["verify", signature, file]
111+ ret = subprocess.call(gpg, stderr=subprocess.PIPE)
112+ return ret == 0
113
114 def extractDistUpgrader(self):
115 # extract the tarball
116
117=== modified file 'debian/changelog'
118--- debian/changelog 2016-09-27 22:17:44 +0000
119+++ debian/changelog 2016-10-03 09:58:39 +0000
120@@ -1,10 +1,16 @@
121 ubuntu-release-upgrader (1:16.10.4) UNRELEASED; urgency=medium
122
123+ [ Brian Murray ]
124 * DistUpgradeController.py: fix UnboundLocalError - thanks to Launchpad user
125 MissionSix for the patch. (LP: #1611470)
126 * po/POTFILES.in: use check_new_release_gtk.py to allow for fuzzy
127 translations.
128
129+ [ Dimitri John Ledkov ]
130+ * Mirgrate to using apt-key, instead of gpg/gpgv directly to gain
131+ support for apt-secure trustedparts (key fragments in
132+ /etc/apt/trusted.gpg.d).
133+
134 -- Brian Murray <brian@ubuntu.com> Mon, 15 Aug 2016 14:10:55 -0700
135
136 ubuntu-release-upgrader (1:16.10.3) yakkety; urgency=medium
137
138=== modified file 'debian/control'
139--- debian/control 2016-02-23 17:08:53 +0000
140+++ debian/control 2016-10-03 09:58:39 +0000
141@@ -40,6 +40,7 @@
142 ${misc:Depends},
143 python3-update-manager (>= 1:0.196.2~),
144 python3-apt (>= 0.8.5~),
145+ gpgv,
146 lsb-release
147 Replaces: python3-update-manager (<< 1:0.165)
148 Breaks: python3-update-manager (<< 1:0.165)
149
150=== added file 'tests/test-data/mvo.gpg'
151Binary files tests/test-data/mvo.gpg 1970-01-01 00:00:00 +0000 and tests/test-data/mvo.gpg 2016-10-03 09:58:39 +0000 differ
152=== modified file 'tests/test_cdrom.py'
153--- tests/test_cdrom.py 2015-01-20 22:30:06 +0000
154+++ tests/test_cdrom.py 2016-10-03 09:58:39 +0000
155@@ -26,9 +26,9 @@
156
157 def testWriteDatabase(self):
158 expect = \
159- "CD::0380987599d9f666b749fbfe29d5b440-2 " \
160+ "CD::47dd35831a1e27f9a0ca8c8c50014981-2 " \
161 "\"Ubuntu 8.10 _Intrepid Ibex_ - Beta amd64 (20080930.4)\";\n" \
162- "CD::0380987599d9f666b749fbfe29d5b440-2::Label " \
163+ "CD::47dd35831a1e27f9a0ca8c8c50014981-2::Label " \
164 "\"Ubuntu 8.10 _Intrepid Ibex_ - Beta amd64 (20080930.4)\";\n"
165 p = CURDIR + "/test-data-cdrom/"
166 database = CURDIR + "/test-data-cdrom/cdrom.list"
167@@ -106,6 +106,7 @@
168
169 def testVerifyRelease(self):
170 cdrom = AptCdrom(None, CURDIR + "/test-data-cdrom")
171+ apt_pkg.config.set("Dir::Etc::trusted", CURDIR + "/test-data/mvo.gpg")
172 (p, s, i18n) = cdrom._scanCD()
173 res = cdrom._verifyRelease(s)
174 self.assertTrue(res)
175@@ -135,6 +136,7 @@
176 def test_comment_out(self):
177 tmpdir = tempfile.mkdtemp()
178 sourceslist = os.path.join(tmpdir, "sources.list")
179+ open(sourceslist, 'w').close()
180 apt_pkg.config.set("dir::etc::sourcelist", sourceslist)
181 apt_pkg.config.set("dir::state::lists", tmpdir)
182 view = Mock()
183
184=== modified file 'tests/test_end_of_life.py'
185--- tests/test_end_of_life.py 2013-09-17 21:33:23 +0000
186+++ tests/test_end_of_life.py 2016-10-03 09:58:39 +0000
187@@ -1,5 +1,7 @@
188 #!/usr/bin/python
189
190+import gi
191+gi.require_version('Gtk', '3.0')
192 from gi.repository import Gtk, GLib
193 from mock import patch
194
195
196=== modified file 'tests/test_pep8.py'
197--- tests/test_pep8.py 2014-06-26 06:43:50 +0000
198+++ tests/test_pep8.py 2016-10-03 09:58:39 +0000
199@@ -6,7 +6,7 @@
200 import unittest
201
202 # pep8 is overdoing it a bit IMO
203-IGNORE_PEP8 = "W,E125,E126,E265"
204+IGNORE_PEP8 = "W,E125,E126,E265,E402"
205 # FIXME: this list should be empty
206 IGNORE_FILES = (
207 "DistUpgradeViewKDE.py",
208
209=== modified file 'tests/test_prerequists.py'
210--- tests/test_prerequists.py 2016-04-06 17:20:53 +0000
211+++ tests/test_prerequists.py 2016-10-03 09:58:39 +0000
212@@ -35,7 +35,7 @@
213 self.orig_sourceparts = apt_pkg.config.get("Dir::Etc::sourceparts")
214 self.orig_state = apt_pkg.config.get("Dir::State")
215 self.orig_status = apt_pkg.config.get("Dir::State::status")
216- self.orig_trusted = apt_pkg.config.get("APT::GPGV::TrustedKeyring")
217+ self.orig_trusted = apt_pkg.config.get("Dir::Etc::trusted")
218
219 apt_pkg.config.set("Dir::Etc", self.testdir)
220 apt_pkg.config.set("Dir::Etc::sourceparts",
221@@ -48,7 +48,7 @@
222 apt_pkg.config.set("Dir::Etc::sourceparts", self.orig_sourceparts)
223 apt_pkg.config.set("Dir::State", self.orig_state)
224 apt_pkg.config.set("Dir::State::status", self.orig_status)
225- apt_pkg.config.set("APT::GPGV::TrustedKeyring", self.orig_trusted)
226+ apt_pkg.config.set("Dir::Etc::trusted", self.orig_trusted)
227
228 def testPreReqSourcesListAddingSimple(self):
229 " test adding the prerequists when a mirror is known "
230@@ -112,7 +112,7 @@
231 tmpdir = tempfile.mkdtemp()
232 #apt_pkg.config.set("Debug::pkgAcquire::Auth","true")
233 #apt_pkg.config.set("Debug::Acquire::gpgv","true")
234- apt_pkg.config.set("APT::GPGV::TrustedKeyring",
235+ apt_pkg.config.set("Dir::Etc::trusted",
236 self.testdir + "/trusted.gpg")
237 # set sourceparts
238 apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir)
239@@ -137,7 +137,7 @@
240 tmpdir = tempfile.mkdtemp()
241 #apt_pkg.config.set("Debug::pkgAcquire::Auth","true")
242 #apt_pkg.config.set("Debug::Acquire::gpgv","true")
243- apt_pkg.config.set("APT::GPGV::TrustedKeyring",
244+ apt_pkg.config.set("Dir::Etc::trusted",
245 self.testdir + "/trusted.gpg")
246 # set sourceparts
247 apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir)
248@@ -164,7 +164,7 @@
249 tmpdir = tempfile.mkdtemp()
250 #apt_pkg.config.set("Debug::pkgAcquire::Auth","true")
251 #apt_pkg.config.set("Debug::Acquire::gpgv","true")
252- apt_pkg.config.set("APT::GPGV::TrustedKeyring",
253+ apt_pkg.config.set("Dir::Etc::trusted",
254 self.testdir + "/trusted.gpg")
255 # set sourceparts
256 apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir)

Subscribers

People subscribed via source and target branches