Merge lp:~xnox/ubuntu-release-upgrader/gnupg2 into lp:ubuntu-release-upgrader
- gnupg2
- Merge into trunk
Proposed by
Dimitri John Ledkov
Status: | Merged |
---|---|
Merged at revision: | 3012 |
Proposed branch: | lp:~xnox/ubuntu-release-upgrader/gnupg2 |
Merge into: | lp:ubuntu-release-upgrader |
Diff against target: |
256 lines (+36/-64) 8 files modified
DistUpgrade/DistUpgradeAptCdrom.py (+8/-7) DistUpgrade/DistUpgradeFetcherCore.py (+9/-49) debian/changelog (+6/-0) debian/control (+1/-0) tests/test_cdrom.py (+4/-2) tests/test_end_of_life.py (+2/-0) tests/test_pep8.py (+1/-1) tests/test_prerequists.py (+5/-5) |
To merge this branch: | bzr merge lp:~xnox/ubuntu-release-upgrader/gnupg2 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Brian Murray | Pending | ||
Ubuntu Core Development Team | Pending | ||
Review via email: mp+307406@code.launchpad.net |
Commit message
Description of the change
apt-secure key fragment compatibility
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'DistUpgrade/DistUpgradeAptCdrom.py' | |||
2 | --- DistUpgrade/DistUpgradeAptCdrom.py 2016-03-03 16:56:55 +0000 | |||
3 | +++ DistUpgrade/DistUpgradeAptCdrom.py 2016-10-03 09:58:39 +0000 | |||
4 | @@ -28,6 +28,7 @@ | |||
5 | 28 | import shutil | 28 | import shutil |
6 | 29 | import subprocess | 29 | import subprocess |
7 | 30 | import sys | 30 | import sys |
8 | 31 | import tempfile | ||
9 | 31 | from gettext import gettext as _ | 32 | from gettext import gettext as _ |
10 | 32 | 33 | ||
11 | 33 | 34 | ||
12 | @@ -46,6 +47,7 @@ | |||
13 | 46 | self.packages = set() | 47 | self.packages = set() |
14 | 47 | self.signatures = set() | 48 | self.signatures = set() |
15 | 48 | self.i18n = set() | 49 | self.i18n = set() |
16 | 50 | apt_pkg.init_config() | ||
17 | 49 | 51 | ||
18 | 50 | def restore_backup(self, backup_ext): | 52 | def restore_backup(self, backup_ext): |
19 | 51 | """ restore the backup copy of the cdroms.list file | 53 | """ restore the backup copy of the cdroms.list file |
20 | @@ -199,17 +201,16 @@ | |||
21 | 199 | 201 | ||
22 | 200 | def _verifyRelease(self, signatures): | 202 | def _verifyRelease(self, signatures): |
23 | 201 | " verify the signatues and hashes " | 203 | " verify the signatues and hashes " |
24 | 202 | gpgv = apt_pkg.config.find("Dir::Bin::gpg", "/usr/bin/gpgv") | ||
25 | 203 | keyring = apt_pkg.config.find("Apt::GPGV::TrustedKeyring", | ||
26 | 204 | "/etc/apt/trusted.gpg") | ||
27 | 205 | for sig in signatures: | 204 | for sig in signatures: |
28 | 206 | basepath = os.path.split(sig)[0] | 205 | basepath = os.path.split(sig)[0] |
29 | 207 | # do gpg checking | 206 | # do gpg checking |
30 | 208 | releasef = os.path.splitext(sig)[0] | 207 | releasef = os.path.splitext(sig)[0] |
35 | 209 | cmd = [gpgv, "--keyring", keyring, | 208 | verify_env = os.environ.copy() |
36 | 210 | "--ignore-time-conflict", | 209 | cmd = ["apt-key", "--quiet", "verify", sig, releasef] |
37 | 211 | sig, releasef] | 210 | with tempfile.NamedTemporaryFile() as fp: |
38 | 212 | ret = subprocess.call(cmd) | 211 | fp.write(apt_pkg.config.dump()) |
39 | 212 | verify_env["APT_CONFIG"] = fp.name | ||
40 | 213 | ret = subprocess.call(cmd, env=verify_env) | ||
41 | 213 | if not (ret == 0): | 214 | if not (ret == 0): |
42 | 214 | return False | 215 | return False |
43 | 215 | # now do the hash sum checks | 216 | # now do the hash sum checks |
44 | 216 | 217 | ||
45 | === modified file 'DistUpgrade/DistUpgradeFetcherCore.py' | |||
46 | --- DistUpgrade/DistUpgradeFetcherCore.py 2015-11-02 17:46:28 +0000 | |||
47 | +++ DistUpgrade/DistUpgradeFetcherCore.py 2016-10-03 09:58:39 +0000 | |||
48 | @@ -78,58 +78,18 @@ | |||
49 | 78 | return False | 78 | return False |
50 | 79 | 79 | ||
51 | 80 | def gpgauthenticate(self, file, signature, | 80 | def gpgauthenticate(self, file, signature, |
53 | 81 | keyring='/etc/apt/trusted.gpg'): | 81 | keyring=None): |
54 | 82 | """ authenticated a file against a given signature, if no keyring | 82 | """ authenticated a file against a given signature, if no keyring |
55 | 83 | is given use the apt default keyring | 83 | is given use the apt default keyring |
56 | 84 | """ | 84 | """ |
105 | 85 | status_pipe = os.pipe() | 85 | gpg = ["apt-key"] |
106 | 86 | logger_pipe = os.pipe() | 86 | |
107 | 87 | if sys.version_info >= (3, 4): | 87 | if keyring: |
108 | 88 | os.set_inheritable(status_pipe[1], 1) | 88 | gpg += ["--keyring", keyring] |
109 | 89 | os.set_inheritable(logger_pipe[1], 1) | 89 | |
110 | 90 | gpg = [ | 90 | gpg += ["verify", signature, file] |
111 | 91 | "gpg", | 91 | ret = subprocess.call(gpg, stderr=subprocess.PIPE) |
112 | 92 | "--status-fd", "%d" % status_pipe[1], | 92 | return ret == 0 |
65 | 93 | "--logger-fd", "%d" % logger_pipe[1], | ||
66 | 94 | "--no-options", | ||
67 | 95 | "--homedir", self.tmpdir, | ||
68 | 96 | "--no-default-keyring", | ||
69 | 97 | "--ignore-time-conflict", | ||
70 | 98 | "--keyring", keyring, | ||
71 | 99 | "--verify", signature, file, | ||
72 | 100 | ] | ||
73 | 101 | |||
74 | 102 | def gpg_preexec(): | ||
75 | 103 | os.close(status_pipe[0]) | ||
76 | 104 | os.close(logger_pipe[0]) | ||
77 | 105 | |||
78 | 106 | proc = subprocess.Popen( | ||
79 | 107 | gpg, stderr=subprocess.PIPE, preexec_fn=gpg_preexec, | ||
80 | 108 | close_fds=False, universal_newlines=True) | ||
81 | 109 | os.close(status_pipe[1]) | ||
82 | 110 | os.close(logger_pipe[1]) | ||
83 | 111 | status_handle = os.fdopen(status_pipe[0]) | ||
84 | 112 | logger_handle = os.fdopen(logger_pipe[0]) | ||
85 | 113 | try: | ||
86 | 114 | gpgres = status_handle.read() | ||
87 | 115 | ret = proc.wait() | ||
88 | 116 | if ret != 0: | ||
89 | 117 | # gnupg returned a problem (non-zero exit) | ||
90 | 118 | print("gpg exited %d" % ret) | ||
91 | 119 | print("Debug information: ") | ||
92 | 120 | print(status_handle.read()) | ||
93 | 121 | print(proc.stderr.read()) | ||
94 | 122 | print(logger_handle.read()) | ||
95 | 123 | return False | ||
96 | 124 | if "VALIDSIG" in gpgres: | ||
97 | 125 | return True | ||
98 | 126 | print("invalid result from gpg:") | ||
99 | 127 | print(gpgres) | ||
100 | 128 | return False | ||
101 | 129 | finally: | ||
102 | 130 | status_handle.close() | ||
103 | 131 | proc.stderr.close() | ||
104 | 132 | logger_handle.close() | ||
113 | 133 | 93 | ||
114 | 134 | def extractDistUpgrader(self): | 94 | def extractDistUpgrader(self): |
115 | 135 | # extract the tarball | 95 | # extract the tarball |
116 | 136 | 96 | ||
117 | === modified file 'debian/changelog' | |||
118 | --- debian/changelog 2016-09-27 22:17:44 +0000 | |||
119 | +++ debian/changelog 2016-10-03 09:58:39 +0000 | |||
120 | @@ -1,10 +1,16 @@ | |||
121 | 1 | ubuntu-release-upgrader (1:16.10.4) UNRELEASED; urgency=medium | 1 | ubuntu-release-upgrader (1:16.10.4) UNRELEASED; urgency=medium |
122 | 2 | 2 | ||
123 | 3 | [ Brian Murray ] | ||
124 | 3 | * DistUpgradeController.py: fix UnboundLocalError - thanks to Launchpad user | 4 | * DistUpgradeController.py: fix UnboundLocalError - thanks to Launchpad user |
125 | 4 | MissionSix for the patch. (LP: #1611470) | 5 | MissionSix for the patch. (LP: #1611470) |
126 | 5 | * po/POTFILES.in: use check_new_release_gtk.py to allow for fuzzy | 6 | * po/POTFILES.in: use check_new_release_gtk.py to allow for fuzzy |
127 | 6 | translations. | 7 | translations. |
128 | 7 | 8 | ||
129 | 9 | [ Dimitri John Ledkov ] | ||
130 | 10 | * Mirgrate to using apt-key, instead of gpg/gpgv directly to gain | ||
131 | 11 | support for apt-secure trustedparts (key fragments in | ||
132 | 12 | /etc/apt/trusted.gpg.d). | ||
133 | 13 | |||
134 | 8 | -- Brian Murray <brian@ubuntu.com> Mon, 15 Aug 2016 14:10:55 -0700 | 14 | -- Brian Murray <brian@ubuntu.com> Mon, 15 Aug 2016 14:10:55 -0700 |
135 | 9 | 15 | ||
136 | 10 | ubuntu-release-upgrader (1:16.10.3) yakkety; urgency=medium | 16 | ubuntu-release-upgrader (1:16.10.3) yakkety; urgency=medium |
137 | 11 | 17 | ||
138 | === modified file 'debian/control' | |||
139 | --- debian/control 2016-02-23 17:08:53 +0000 | |||
140 | +++ debian/control 2016-10-03 09:58:39 +0000 | |||
141 | @@ -40,6 +40,7 @@ | |||
142 | 40 | ${misc:Depends}, | 40 | ${misc:Depends}, |
143 | 41 | python3-update-manager (>= 1:0.196.2~), | 41 | python3-update-manager (>= 1:0.196.2~), |
144 | 42 | python3-apt (>= 0.8.5~), | 42 | python3-apt (>= 0.8.5~), |
145 | 43 | gpgv, | ||
146 | 43 | lsb-release | 44 | lsb-release |
147 | 44 | Replaces: python3-update-manager (<< 1:0.165) | 45 | Replaces: python3-update-manager (<< 1:0.165) |
148 | 45 | Breaks: python3-update-manager (<< 1:0.165) | 46 | Breaks: python3-update-manager (<< 1:0.165) |
149 | 46 | 47 | ||
150 | === added file 'tests/test-data/mvo.gpg' | |||
151 | 47 | Binary files tests/test-data/mvo.gpg 1970-01-01 00:00:00 +0000 and tests/test-data/mvo.gpg 2016-10-03 09:58:39 +0000 differ | 48 | Binary files tests/test-data/mvo.gpg 1970-01-01 00:00:00 +0000 and tests/test-data/mvo.gpg 2016-10-03 09:58:39 +0000 differ |
152 | === modified file 'tests/test_cdrom.py' | |||
153 | --- tests/test_cdrom.py 2015-01-20 22:30:06 +0000 | |||
154 | +++ tests/test_cdrom.py 2016-10-03 09:58:39 +0000 | |||
155 | @@ -26,9 +26,9 @@ | |||
156 | 26 | 26 | ||
157 | 27 | def testWriteDatabase(self): | 27 | def testWriteDatabase(self): |
158 | 28 | expect = \ | 28 | expect = \ |
160 | 29 | "CD::0380987599d9f666b749fbfe29d5b440-2 " \ | 29 | "CD::47dd35831a1e27f9a0ca8c8c50014981-2 " \ |
161 | 30 | "\"Ubuntu 8.10 _Intrepid Ibex_ - Beta amd64 (20080930.4)\";\n" \ | 30 | "\"Ubuntu 8.10 _Intrepid Ibex_ - Beta amd64 (20080930.4)\";\n" \ |
163 | 31 | "CD::0380987599d9f666b749fbfe29d5b440-2::Label " \ | 31 | "CD::47dd35831a1e27f9a0ca8c8c50014981-2::Label " \ |
164 | 32 | "\"Ubuntu 8.10 _Intrepid Ibex_ - Beta amd64 (20080930.4)\";\n" | 32 | "\"Ubuntu 8.10 _Intrepid Ibex_ - Beta amd64 (20080930.4)\";\n" |
165 | 33 | p = CURDIR + "/test-data-cdrom/" | 33 | p = CURDIR + "/test-data-cdrom/" |
166 | 34 | database = CURDIR + "/test-data-cdrom/cdrom.list" | 34 | database = CURDIR + "/test-data-cdrom/cdrom.list" |
167 | @@ -106,6 +106,7 @@ | |||
168 | 106 | 106 | ||
169 | 107 | def testVerifyRelease(self): | 107 | def testVerifyRelease(self): |
170 | 108 | cdrom = AptCdrom(None, CURDIR + "/test-data-cdrom") | 108 | cdrom = AptCdrom(None, CURDIR + "/test-data-cdrom") |
171 | 109 | apt_pkg.config.set("Dir::Etc::trusted", CURDIR + "/test-data/mvo.gpg") | ||
172 | 109 | (p, s, i18n) = cdrom._scanCD() | 110 | (p, s, i18n) = cdrom._scanCD() |
173 | 110 | res = cdrom._verifyRelease(s) | 111 | res = cdrom._verifyRelease(s) |
174 | 111 | self.assertTrue(res) | 112 | self.assertTrue(res) |
175 | @@ -135,6 +136,7 @@ | |||
176 | 135 | def test_comment_out(self): | 136 | def test_comment_out(self): |
177 | 136 | tmpdir = tempfile.mkdtemp() | 137 | tmpdir = tempfile.mkdtemp() |
178 | 137 | sourceslist = os.path.join(tmpdir, "sources.list") | 138 | sourceslist = os.path.join(tmpdir, "sources.list") |
179 | 139 | open(sourceslist, 'w').close() | ||
180 | 138 | apt_pkg.config.set("dir::etc::sourcelist", sourceslist) | 140 | apt_pkg.config.set("dir::etc::sourcelist", sourceslist) |
181 | 139 | apt_pkg.config.set("dir::state::lists", tmpdir) | 141 | apt_pkg.config.set("dir::state::lists", tmpdir) |
182 | 140 | view = Mock() | 142 | view = Mock() |
183 | 141 | 143 | ||
184 | === modified file 'tests/test_end_of_life.py' | |||
185 | --- tests/test_end_of_life.py 2013-09-17 21:33:23 +0000 | |||
186 | +++ tests/test_end_of_life.py 2016-10-03 09:58:39 +0000 | |||
187 | @@ -1,5 +1,7 @@ | |||
188 | 1 | #!/usr/bin/python | 1 | #!/usr/bin/python |
189 | 2 | 2 | ||
190 | 3 | import gi | ||
191 | 4 | gi.require_version('Gtk', '3.0') | ||
192 | 3 | from gi.repository import Gtk, GLib | 5 | from gi.repository import Gtk, GLib |
193 | 4 | from mock import patch | 6 | from mock import patch |
194 | 5 | 7 | ||
195 | 6 | 8 | ||
196 | === modified file 'tests/test_pep8.py' | |||
197 | --- tests/test_pep8.py 2014-06-26 06:43:50 +0000 | |||
198 | +++ tests/test_pep8.py 2016-10-03 09:58:39 +0000 | |||
199 | @@ -6,7 +6,7 @@ | |||
200 | 6 | import unittest | 6 | import unittest |
201 | 7 | 7 | ||
202 | 8 | # pep8 is overdoing it a bit IMO | 8 | # pep8 is overdoing it a bit IMO |
204 | 9 | IGNORE_PEP8 = "W,E125,E126,E265" | 9 | IGNORE_PEP8 = "W,E125,E126,E265,E402" |
205 | 10 | # FIXME: this list should be empty | 10 | # FIXME: this list should be empty |
206 | 11 | IGNORE_FILES = ( | 11 | IGNORE_FILES = ( |
207 | 12 | "DistUpgradeViewKDE.py", | 12 | "DistUpgradeViewKDE.py", |
208 | 13 | 13 | ||
209 | === modified file 'tests/test_prerequists.py' | |||
210 | --- tests/test_prerequists.py 2016-04-06 17:20:53 +0000 | |||
211 | +++ tests/test_prerequists.py 2016-10-03 09:58:39 +0000 | |||
212 | @@ -35,7 +35,7 @@ | |||
213 | 35 | self.orig_sourceparts = apt_pkg.config.get("Dir::Etc::sourceparts") | 35 | self.orig_sourceparts = apt_pkg.config.get("Dir::Etc::sourceparts") |
214 | 36 | self.orig_state = apt_pkg.config.get("Dir::State") | 36 | self.orig_state = apt_pkg.config.get("Dir::State") |
215 | 37 | self.orig_status = apt_pkg.config.get("Dir::State::status") | 37 | self.orig_status = apt_pkg.config.get("Dir::State::status") |
217 | 38 | self.orig_trusted = apt_pkg.config.get("APT::GPGV::TrustedKeyring") | 38 | self.orig_trusted = apt_pkg.config.get("Dir::Etc::trusted") |
218 | 39 | 39 | ||
219 | 40 | apt_pkg.config.set("Dir::Etc", self.testdir) | 40 | apt_pkg.config.set("Dir::Etc", self.testdir) |
220 | 41 | apt_pkg.config.set("Dir::Etc::sourceparts", | 41 | apt_pkg.config.set("Dir::Etc::sourceparts", |
221 | @@ -48,7 +48,7 @@ | |||
222 | 48 | apt_pkg.config.set("Dir::Etc::sourceparts", self.orig_sourceparts) | 48 | apt_pkg.config.set("Dir::Etc::sourceparts", self.orig_sourceparts) |
223 | 49 | apt_pkg.config.set("Dir::State", self.orig_state) | 49 | apt_pkg.config.set("Dir::State", self.orig_state) |
224 | 50 | apt_pkg.config.set("Dir::State::status", self.orig_status) | 50 | apt_pkg.config.set("Dir::State::status", self.orig_status) |
226 | 51 | apt_pkg.config.set("APT::GPGV::TrustedKeyring", self.orig_trusted) | 51 | apt_pkg.config.set("Dir::Etc::trusted", self.orig_trusted) |
227 | 52 | 52 | ||
228 | 53 | def testPreReqSourcesListAddingSimple(self): | 53 | def testPreReqSourcesListAddingSimple(self): |
229 | 54 | " test adding the prerequists when a mirror is known " | 54 | " test adding the prerequists when a mirror is known " |
230 | @@ -112,7 +112,7 @@ | |||
231 | 112 | tmpdir = tempfile.mkdtemp() | 112 | tmpdir = tempfile.mkdtemp() |
232 | 113 | #apt_pkg.config.set("Debug::pkgAcquire::Auth","true") | 113 | #apt_pkg.config.set("Debug::pkgAcquire::Auth","true") |
233 | 114 | #apt_pkg.config.set("Debug::Acquire::gpgv","true") | 114 | #apt_pkg.config.set("Debug::Acquire::gpgv","true") |
235 | 115 | apt_pkg.config.set("APT::GPGV::TrustedKeyring", | 115 | apt_pkg.config.set("Dir::Etc::trusted", |
236 | 116 | self.testdir + "/trusted.gpg") | 116 | self.testdir + "/trusted.gpg") |
237 | 117 | # set sourceparts | 117 | # set sourceparts |
238 | 118 | apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir) | 118 | apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir) |
239 | @@ -137,7 +137,7 @@ | |||
240 | 137 | tmpdir = tempfile.mkdtemp() | 137 | tmpdir = tempfile.mkdtemp() |
241 | 138 | #apt_pkg.config.set("Debug::pkgAcquire::Auth","true") | 138 | #apt_pkg.config.set("Debug::pkgAcquire::Auth","true") |
242 | 139 | #apt_pkg.config.set("Debug::Acquire::gpgv","true") | 139 | #apt_pkg.config.set("Debug::Acquire::gpgv","true") |
244 | 140 | apt_pkg.config.set("APT::GPGV::TrustedKeyring", | 140 | apt_pkg.config.set("Dir::Etc::trusted", |
245 | 141 | self.testdir + "/trusted.gpg") | 141 | self.testdir + "/trusted.gpg") |
246 | 142 | # set sourceparts | 142 | # set sourceparts |
247 | 143 | apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir) | 143 | apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir) |
248 | @@ -164,7 +164,7 @@ | |||
249 | 164 | tmpdir = tempfile.mkdtemp() | 164 | tmpdir = tempfile.mkdtemp() |
250 | 165 | #apt_pkg.config.set("Debug::pkgAcquire::Auth","true") | 165 | #apt_pkg.config.set("Debug::pkgAcquire::Auth","true") |
251 | 166 | #apt_pkg.config.set("Debug::Acquire::gpgv","true") | 166 | #apt_pkg.config.set("Debug::Acquire::gpgv","true") |
253 | 167 | apt_pkg.config.set("APT::GPGV::TrustedKeyring", | 167 | apt_pkg.config.set("Dir::Etc::trusted", |
254 | 168 | self.testdir + "/trusted.gpg") | 168 | self.testdir + "/trusted.gpg") |
255 | 169 | # set sourceparts | 169 | # set sourceparts |
256 | 170 | apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir) | 170 | apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir) |