Release Upgrader

Merge lp:~xnox/ubuntu-release-upgrader/gnupg2 into lp:ubuntu-release-upgrader

  1. gnupg2
  2. Merge into trunk
Proposed by Dimitri John Ledkov
Status: Merged
Merged at revision: 3012
Proposed branch: lp:~xnox/ubuntu-release-upgrader/gnupg2
Merge into: lp:ubuntu-release-upgrader
Diff against target: 256 lines (+36/-64)
8 files modified
DistUpgrade/DistUpgradeAptCdrom.py (+8/-7)
DistUpgrade/DistUpgradeFetcherCore.py (+9/-49)
debian/changelog (+6/-0)
debian/control (+1/-0)
tests/test_cdrom.py (+4/-2)
tests/test_end_of_life.py (+2/-0)
tests/test_pep8.py (+1/-1)
tests/test_prerequists.py (+5/-5)
To merge this branch: bzr merge lp:~xnox/ubuntu-release-upgrader/gnupg2
Reviewer Review Type Date Requested Status
Brian Murray Pending
Ubuntu Core Development Team Pending
Review via email: mp+307406@code.launchpad.net

Description of the change

apt-secure key fragment compatibility

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'DistUpgrade/DistUpgradeAptCdrom.py'
--- DistUpgrade/DistUpgradeAptCdrom.py 2016-03-03 16:56:55 +0000
+++ DistUpgrade/DistUpgradeAptCdrom.py 2016-10-03 09:58:39 +0000
@@ -28,6 +28,7 @@
28import shutil28import shutil
29import subprocess29import subprocess
30import sys30import sys
31import tempfile
31from gettext import gettext as _32from gettext import gettext as _
3233
3334
@@ -46,6 +47,7 @@
46 self.packages = set()47 self.packages = set()
47 self.signatures = set()48 self.signatures = set()
48 self.i18n = set()49 self.i18n = set()
50 apt_pkg.init_config()
4951
50 def restore_backup(self, backup_ext):52 def restore_backup(self, backup_ext):
51 """ restore the backup copy of the cdroms.list file 53 """ restore the backup copy of the cdroms.list file
@@ -199,17 +201,16 @@
199201
200 def _verifyRelease(self, signatures):202 def _verifyRelease(self, signatures):
201 " verify the signatues and hashes "203 " verify the signatues and hashes "
202 gpgv = apt_pkg.config.find("Dir::Bin::gpg", "/usr/bin/gpgv")
203 keyring = apt_pkg.config.find("Apt::GPGV::TrustedKeyring",
204 "/etc/apt/trusted.gpg")
205 for sig in signatures:204 for sig in signatures:
206 basepath = os.path.split(sig)[0]205 basepath = os.path.split(sig)[0]
207 # do gpg checking206 # do gpg checking
208 releasef = os.path.splitext(sig)[0]207 releasef = os.path.splitext(sig)[0]
209 cmd = [gpgv, "--keyring", keyring,208 verify_env = os.environ.copy()
210 "--ignore-time-conflict",209 cmd = ["apt-key", "--quiet", "verify", sig, releasef]
211 sig, releasef]210 with tempfile.NamedTemporaryFile() as fp:
212 ret = subprocess.call(cmd)211 fp.write(apt_pkg.config.dump())
212 verify_env["APT_CONFIG"] = fp.name
213 ret = subprocess.call(cmd, env=verify_env)
213 if not (ret == 0):214 if not (ret == 0):
214 return False215 return False
215 # now do the hash sum checks216 # now do the hash sum checks
216217
=== modified file 'DistUpgrade/DistUpgradeFetcherCore.py'
--- DistUpgrade/DistUpgradeFetcherCore.py 2015-11-02 17:46:28 +0000
+++ DistUpgrade/DistUpgradeFetcherCore.py 2016-10-03 09:58:39 +0000
@@ -78,58 +78,18 @@
78 return False78 return False
7979
80 def gpgauthenticate(self, file, signature,80 def gpgauthenticate(self, file, signature,
81 keyring='/etc/apt/trusted.gpg'):81 keyring=None):
82 """ authenticated a file against a given signature, if no keyring82 """ authenticated a file against a given signature, if no keyring
83 is given use the apt default keyring83 is given use the apt default keyring
84 """84 """
85 status_pipe = os.pipe()85 gpg = ["apt-key"]
86 logger_pipe = os.pipe()86
87 if sys.version_info >= (3, 4):87 if keyring:
88 os.set_inheritable(status_pipe[1], 1)88 gpg += ["--keyring", keyring]
89 os.set_inheritable(logger_pipe[1], 1)89
90 gpg = [90 gpg += ["verify", signature, file]
91 "gpg",91 ret = subprocess.call(gpg, stderr=subprocess.PIPE)
92 "--status-fd", "%d" % status_pipe[1],92 return ret == 0
93 "--logger-fd", "%d" % logger_pipe[1],
94 "--no-options",
95 "--homedir", self.tmpdir,
96 "--no-default-keyring",
97 "--ignore-time-conflict",
98 "--keyring", keyring,
99 "--verify", signature, file,
100 ]
101
102 def gpg_preexec():
103 os.close(status_pipe[0])
104 os.close(logger_pipe[0])
105
106 proc = subprocess.Popen(
107 gpg, stderr=subprocess.PIPE, preexec_fn=gpg_preexec,
108 close_fds=False, universal_newlines=True)
109 os.close(status_pipe[1])
110 os.close(logger_pipe[1])
111 status_handle = os.fdopen(status_pipe[0])
112 logger_handle = os.fdopen(logger_pipe[0])
113 try:
114 gpgres = status_handle.read()
115 ret = proc.wait()
116 if ret != 0:
117 # gnupg returned a problem (non-zero exit)
118 print("gpg exited %d" % ret)
119 print("Debug information: ")
120 print(status_handle.read())
121 print(proc.stderr.read())
122 print(logger_handle.read())
123 return False
124 if "VALIDSIG" in gpgres:
125 return True
126 print("invalid result from gpg:")
127 print(gpgres)
128 return False
129 finally:
130 status_handle.close()
131 proc.stderr.close()
132 logger_handle.close()
13393
134 def extractDistUpgrader(self):94 def extractDistUpgrader(self):
135 # extract the tarball95 # extract the tarball
13696
=== modified file 'debian/changelog'
--- debian/changelog 2016-09-27 22:17:44 +0000
+++ debian/changelog 2016-10-03 09:58:39 +0000
@@ -1,10 +1,16 @@
1ubuntu-release-upgrader (1:16.10.4) UNRELEASED; urgency=medium1ubuntu-release-upgrader (1:16.10.4) UNRELEASED; urgency=medium
22
3 [ Brian Murray ]
3 * DistUpgradeController.py: fix UnboundLocalError - thanks to Launchpad user4 * DistUpgradeController.py: fix UnboundLocalError - thanks to Launchpad user
4 MissionSix for the patch. (LP: #1611470)5 MissionSix for the patch. (LP: #1611470)
5 * po/POTFILES.in: use check_new_release_gtk.py to allow for fuzzy6 * po/POTFILES.in: use check_new_release_gtk.py to allow for fuzzy
6 translations.7 translations.
78
9 [ Dimitri John Ledkov ]
10 * Mirgrate to using apt-key, instead of gpg/gpgv directly to gain
11 support for apt-secure trustedparts (key fragments in
12 /etc/apt/trusted.gpg.d).
13
8 -- Brian Murray <brian@ubuntu.com> Mon, 15 Aug 2016 14:10:55 -070014 -- Brian Murray <brian@ubuntu.com> Mon, 15 Aug 2016 14:10:55 -0700
915
10ubuntu-release-upgrader (1:16.10.3) yakkety; urgency=medium16ubuntu-release-upgrader (1:16.10.3) yakkety; urgency=medium
1117
=== modified file 'debian/control'
--- debian/control 2016-02-23 17:08:53 +0000
+++ debian/control 2016-10-03 09:58:39 +0000
@@ -40,6 +40,7 @@
40 ${misc:Depends},40 ${misc:Depends},
41 python3-update-manager (>= 1:0.196.2~),41 python3-update-manager (>= 1:0.196.2~),
42 python3-apt (>= 0.8.5~),42 python3-apt (>= 0.8.5~),
43 gpgv,
43 lsb-release44 lsb-release
44Replaces: python3-update-manager (<< 1:0.165)45Replaces: python3-update-manager (<< 1:0.165)
45Breaks: python3-update-manager (<< 1:0.165)46Breaks: python3-update-manager (<< 1:0.165)
4647
=== added file 'tests/test-data/mvo.gpg'
47Binary files tests/test-data/mvo.gpg 1970-01-01 00:00:00 +0000 and tests/test-data/mvo.gpg 2016-10-03 09:58:39 +0000 differ48Binary files tests/test-data/mvo.gpg 1970-01-01 00:00:00 +0000 and tests/test-data/mvo.gpg 2016-10-03 09:58:39 +0000 differ
=== modified file 'tests/test_cdrom.py'
--- tests/test_cdrom.py 2015-01-20 22:30:06 +0000
+++ tests/test_cdrom.py 2016-10-03 09:58:39 +0000
@@ -26,9 +26,9 @@
2626
27 def testWriteDatabase(self):27 def testWriteDatabase(self):
28 expect = \28 expect = \
29 "CD::0380987599d9f666b749fbfe29d5b440-2 " \29 "CD::47dd35831a1e27f9a0ca8c8c50014981-2 " \
30 "\"Ubuntu 8.10 _Intrepid Ibex_ - Beta amd64 (20080930.4)\";\n" \30 "\"Ubuntu 8.10 _Intrepid Ibex_ - Beta amd64 (20080930.4)\";\n" \
31 "CD::0380987599d9f666b749fbfe29d5b440-2::Label " \31 "CD::47dd35831a1e27f9a0ca8c8c50014981-2::Label " \
32 "\"Ubuntu 8.10 _Intrepid Ibex_ - Beta amd64 (20080930.4)\";\n"32 "\"Ubuntu 8.10 _Intrepid Ibex_ - Beta amd64 (20080930.4)\";\n"
33 p = CURDIR + "/test-data-cdrom/"33 p = CURDIR + "/test-data-cdrom/"
34 database = CURDIR + "/test-data-cdrom/cdrom.list"34 database = CURDIR + "/test-data-cdrom/cdrom.list"
@@ -106,6 +106,7 @@
106106
107 def testVerifyRelease(self):107 def testVerifyRelease(self):
108 cdrom = AptCdrom(None, CURDIR + "/test-data-cdrom")108 cdrom = AptCdrom(None, CURDIR + "/test-data-cdrom")
109 apt_pkg.config.set("Dir::Etc::trusted", CURDIR + "/test-data/mvo.gpg")
109 (p, s, i18n) = cdrom._scanCD()110 (p, s, i18n) = cdrom._scanCD()
110 res = cdrom._verifyRelease(s)111 res = cdrom._verifyRelease(s)
111 self.assertTrue(res)112 self.assertTrue(res)
@@ -135,6 +136,7 @@
135 def test_comment_out(self):136 def test_comment_out(self):
136 tmpdir = tempfile.mkdtemp()137 tmpdir = tempfile.mkdtemp()
137 sourceslist = os.path.join(tmpdir, "sources.list")138 sourceslist = os.path.join(tmpdir, "sources.list")
139 open(sourceslist, 'w').close()
138 apt_pkg.config.set("dir::etc::sourcelist", sourceslist)140 apt_pkg.config.set("dir::etc::sourcelist", sourceslist)
139 apt_pkg.config.set("dir::state::lists", tmpdir)141 apt_pkg.config.set("dir::state::lists", tmpdir)
140 view = Mock()142 view = Mock()
141143
=== modified file 'tests/test_end_of_life.py'
--- tests/test_end_of_life.py 2013-09-17 21:33:23 +0000
+++ tests/test_end_of_life.py 2016-10-03 09:58:39 +0000
@@ -1,5 +1,7 @@
1#!/usr/bin/python1#!/usr/bin/python
22
3import gi
4gi.require_version('Gtk', '3.0')
3from gi.repository import Gtk, GLib5from gi.repository import Gtk, GLib
4from mock import patch6from mock import patch
57
68
=== modified file 'tests/test_pep8.py'
--- tests/test_pep8.py 2014-06-26 06:43:50 +0000
+++ tests/test_pep8.py 2016-10-03 09:58:39 +0000
@@ -6,7 +6,7 @@
6import unittest6import unittest
77
8# pep8 is overdoing it a bit IMO8# pep8 is overdoing it a bit IMO
9IGNORE_PEP8 = "W,E125,E126,E265"9IGNORE_PEP8 = "W,E125,E126,E265,E402"
10# FIXME: this list should be empty10# FIXME: this list should be empty
11IGNORE_FILES = (11IGNORE_FILES = (
12 "DistUpgradeViewKDE.py",12 "DistUpgradeViewKDE.py",
1313
=== modified file 'tests/test_prerequists.py'
--- tests/test_prerequists.py 2016-04-06 17:20:53 +0000
+++ tests/test_prerequists.py 2016-10-03 09:58:39 +0000
@@ -35,7 +35,7 @@
35 self.orig_sourceparts = apt_pkg.config.get("Dir::Etc::sourceparts")35 self.orig_sourceparts = apt_pkg.config.get("Dir::Etc::sourceparts")
36 self.orig_state = apt_pkg.config.get("Dir::State")36 self.orig_state = apt_pkg.config.get("Dir::State")
37 self.orig_status = apt_pkg.config.get("Dir::State::status")37 self.orig_status = apt_pkg.config.get("Dir::State::status")
38 self.orig_trusted = apt_pkg.config.get("APT::GPGV::TrustedKeyring")38 self.orig_trusted = apt_pkg.config.get("Dir::Etc::trusted")
3939
40 apt_pkg.config.set("Dir::Etc", self.testdir)40 apt_pkg.config.set("Dir::Etc", self.testdir)
41 apt_pkg.config.set("Dir::Etc::sourceparts",41 apt_pkg.config.set("Dir::Etc::sourceparts",
@@ -48,7 +48,7 @@
48 apt_pkg.config.set("Dir::Etc::sourceparts", self.orig_sourceparts)48 apt_pkg.config.set("Dir::Etc::sourceparts", self.orig_sourceparts)
49 apt_pkg.config.set("Dir::State", self.orig_state)49 apt_pkg.config.set("Dir::State", self.orig_state)
50 apt_pkg.config.set("Dir::State::status", self.orig_status)50 apt_pkg.config.set("Dir::State::status", self.orig_status)
51 apt_pkg.config.set("APT::GPGV::TrustedKeyring", self.orig_trusted)51 apt_pkg.config.set("Dir::Etc::trusted", self.orig_trusted)
5252
53 def testPreReqSourcesListAddingSimple(self):53 def testPreReqSourcesListAddingSimple(self):
54 " test adding the prerequists when a mirror is known "54 " test adding the prerequists when a mirror is known "
@@ -112,7 +112,7 @@
112 tmpdir = tempfile.mkdtemp()112 tmpdir = tempfile.mkdtemp()
113 #apt_pkg.config.set("Debug::pkgAcquire::Auth","true")113 #apt_pkg.config.set("Debug::pkgAcquire::Auth","true")
114 #apt_pkg.config.set("Debug::Acquire::gpgv","true")114 #apt_pkg.config.set("Debug::Acquire::gpgv","true")
115 apt_pkg.config.set("APT::GPGV::TrustedKeyring",115 apt_pkg.config.set("Dir::Etc::trusted",
116 self.testdir + "/trusted.gpg")116 self.testdir + "/trusted.gpg")
117 # set sourceparts117 # set sourceparts
118 apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir)118 apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir)
@@ -137,7 +137,7 @@
137 tmpdir = tempfile.mkdtemp()137 tmpdir = tempfile.mkdtemp()
138 #apt_pkg.config.set("Debug::pkgAcquire::Auth","true")138 #apt_pkg.config.set("Debug::pkgAcquire::Auth","true")
139 #apt_pkg.config.set("Debug::Acquire::gpgv","true")139 #apt_pkg.config.set("Debug::Acquire::gpgv","true")
140 apt_pkg.config.set("APT::GPGV::TrustedKeyring",140 apt_pkg.config.set("Dir::Etc::trusted",
141 self.testdir + "/trusted.gpg")141 self.testdir + "/trusted.gpg")
142 # set sourceparts142 # set sourceparts
143 apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir)143 apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir)
@@ -164,7 +164,7 @@
164 tmpdir = tempfile.mkdtemp()164 tmpdir = tempfile.mkdtemp()
165 #apt_pkg.config.set("Debug::pkgAcquire::Auth","true")165 #apt_pkg.config.set("Debug::pkgAcquire::Auth","true")
166 #apt_pkg.config.set("Debug::Acquire::gpgv","true")166 #apt_pkg.config.set("Debug::Acquire::gpgv","true")
167 apt_pkg.config.set("APT::GPGV::TrustedKeyring",167 apt_pkg.config.set("Dir::Etc::trusted",
168 self.testdir + "/trusted.gpg")168 self.testdir + "/trusted.gpg")
169 # set sourceparts169 # set sourceparts
170 apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir)170 apt_pkg.config.set("Dir::Etc::sourceparts", tmpdir)

Subscribers

People subscribed via source and target branches