apt-key does the keyring merge as we need it, so we just call it instead
of reimplementing it to do the merging before gpgv. This means we don't
use gpgv anymore (we never depended on it explicitly - bad style), but
it also means that the message in apt-cdrom add is a bit less friendly
as it says loudly "untrusted key", but for a one-time command its okay.
/*}}}*/
// ExecGPGV - returns the command needed for verify /*{{{*/
// ---------------------------------------------------------------------
/*}}}*/
// ExecGPGV - returns the command needed for verify /*{{{*/
// ---------------------------------------------------------------------
-/* Generating the commandline for calling gpgv is somehow complicated as
+/* Generating the commandline for calling gpg is somehow complicated as
we need to add multiple keyrings and user supplied options.
we need to add multiple keyrings and user supplied options.
- Also, as gpgv has no options to enforce a certain reduced style of
+ Also, as gpg has no options to enforce a certain reduced style of
clear-signed files (=the complete content of the file is signed and
the content isn't encoded) we do a divide and conquer approach here
clear-signed files (=the complete content of the file is signed and
the content isn't encoded) we do a divide and conquer approach here
- and split up the clear-signed file in message and signature for gpgv
+ and split up the clear-signed file in message and signature for gpg.
+ And as a cherry on the cake, we use our apt-key wrapper to do part
+ of the lifting in regards to merging keyrings. Fun for the whole family.
*/
void ExecGPGV(std::string const &File, std::string const &FileGPG,
int const &statusfd, int fd[2])
{
#define EINTERNAL 111
*/
void ExecGPGV(std::string const &File, std::string const &FileGPG,
int const &statusfd, int fd[2])
{
#define EINTERNAL 111
- std::string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
- // FIXME: remove support for deprecated APT::GPGV setting
- std::string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted"));
- std::string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts");
+ std::string const aptkey = _config->FindFile("Dir::Bin::apt-key", "/usr/bin/apt-key");
bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
- if (Debug == true)
- {
- std::clog << "gpgv path: " << gpgvpath << std::endl;
- std::clog << "Keyring file: " << trustedFile << std::endl;
- std::clog << "Keyring path: " << trustedPath << std::endl;
- }
-
- std::vector<std::string> keyrings;
- if (DirectoryExists(trustedPath))
- keyrings = GetListOfFilesInDir(trustedPath, "gpg", false, true);
- if (RealFileExists(trustedFile) == true)
- keyrings.push_back(trustedFile);
-
std::vector<const char *> Args;
std::vector<const char *> Args;
- Args.reserve(30);
-
- if (keyrings.empty() == true)
- {
- // TRANSLATOR: %s is the trusted keyring parts directory
- ioprintf(std::cerr, _("No keyring installed in %s."),
- _config->FindDir("Dir::Etc::TrustedParts").c_str());
- exit(EINTERNAL);
- }
- Args.push_back(gpgvpath.c_str());
- Args.push_back("--ignore-time-conflict");
+ Args.push_back(aptkey.c_str());
+ Args.push_back("--quiet");
+ Args.push_back("adv");
char statusfdstr[10];
if (statusfd != -1)
char statusfdstr[10];
if (statusfd != -1)
Args.push_back(statusfdstr);
}
Args.push_back(statusfdstr);
}
- for (std::vector<std::string>::const_iterator K = keyrings.begin();
- K != keyrings.end(); ++K)
- {
- Args.push_back("--keyring");
- Args.push_back(K->c_str());
- }
-
Configuration::Item const *Opts;
Opts = _config->Tree("Acquire::gpgv::Options");
if (Opts != 0)
Configuration::Item const *Opts;
Opts = _config->Tree("Acquire::gpgv::Options");
if (Opts != 0)
Args.push_back(Opts->Value.c_str());
}
}
Args.push_back(Opts->Value.c_str());
}
}
+ Args.push_back("--verify");
enum { DETACHED, CLEARSIGNED } releaseSignature = (FileGPG != File) ? DETACHED : CLEARSIGNED;
std::vector<std::string> dataHeader;
enum { DETACHED, CLEARSIGNED } releaseSignature = (FileGPG != File) ? DETACHED : CLEARSIGNED;
std::vector<std::string> dataHeader;
- std::clog << "Preparing to exec: " << gpgvpath;
+ std::clog << "Preparing to exec: ";
for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a)
std::clog << " " << *a;
std::clog << std::endl;
for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a)
std::clog << " " << *a;
std::clog << std::endl;
- int const nullfd = open("/dev/null", O_RDONLY);
+ int const nullfd = open("/dev/null", O_WRONLY);
close(fd[0]);
// Redirect output to /dev/null; we read from the status fd
if (statusfd != STDOUT_FILENO)
close(fd[0]);
// Redirect output to /dev/null; we read from the status fd
if (statusfd != STDOUT_FILENO)
if (releaseSignature == DETACHED)
{
if (releaseSignature == DETACHED)
{
- execvp(gpgvpath.c_str(), (char **) &Args[0]);
+ execvp(Args[0], (char **) &Args[0]);
ioprintf(std::cerr, "Couldn't execute %s to check %s", Args[0], File.c_str());
exit(EINTERNAL);
}
ioprintf(std::cerr, "Couldn't execute %s to check %s", Args[0], File.c_str());
exit(EINTERNAL);
}
{
if (statusfd != -1)
dup2(fd[1], statusfd);
{
if (statusfd != -1)
dup2(fd[1], statusfd);
- execvp(gpgvpath.c_str(), (char **) &Args[0]);
+ execvp(Args[0], (char **) &Args[0]);
ioprintf(std::cerr, "Couldn't execute %s to check %s", Args[0], File.c_str());
UNLINK_EXIT(EINTERNAL);
}
ioprintf(std::cerr, "Couldn't execute %s to check %s", Args[0], File.c_str());
UNLINK_EXIT(EINTERNAL);
}
{
if (errno == EINTR)
continue;
{
if (errno == EINTR)
continue;
- ioprintf(std::cerr, _("Waited for %s but it wasn't there"), "gpgv");
+ ioprintf(std::cerr, _("Waited for %s but it wasn't there"), "apt-key");
UNLINK_EXIT(EINTERNAL);
}
#undef UNLINK_EXIT
UNLINK_EXIT(EINTERNAL);
}
#undef UNLINK_EXIT
// check if it exit'ed normally …
if (WIFEXITED(Status) == false)
{
// check if it exit'ed normally …
if (WIFEXITED(Status) == false)
{
- ioprintf(std::cerr, _("Sub-process %s exited unexpectedly"), "gpgv");
+ ioprintf(std::cerr, _("Sub-process %s exited unexpectedly"), "apt-key");
exit(EINTERNAL);
}
// … and with a good exit code
if (WEXITSTATUS(Status) != 0)
{
exit(EINTERNAL);
}
// … and with a good exit code
if (WEXITSTATUS(Status) != 0)
{
- ioprintf(std::cerr, _("Sub-process %s returned an error code (%u)"), "gpgv", WEXITSTATUS(Status));
+ ioprintf(std::cerr, _("Sub-process %s returned an error code (%u)"), "apt-key", WEXITSTATUS(Status));
exit(WEXITSTATUS(Status));
}
exit(WEXITSTATUS(Status));
}
echo "Debug::NoLocking \"true\";" >> aptconfig.conf
echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf
echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf
echo "Debug::NoLocking \"true\";" >> aptconfig.conf
echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf
echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf
+ echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf
echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf
echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf
echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf
echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf
echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf
echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf
test ! -e rootdir/media/cdrom || echo "CD-ROM is mounted, but shouldn't be!"
test -e rootdir/media/cdrom-unmounted || echo "Unmounted CD-ROM doesn't exist, but it should!"
aptcdrom "$@" -o quiet=1 >rootdir/tmp/apt-cdrom.log 2>&1 </dev/null
test ! -e rootdir/media/cdrom || echo "CD-ROM is mounted, but shouldn't be!"
test -e rootdir/media/cdrom-unmounted || echo "Unmounted CD-ROM doesn't exist, but it should!"
aptcdrom "$@" -o quiet=1 >rootdir/tmp/apt-cdrom.log 2>&1 </dev/null
- sed -e '/gpgv/ d' -e '/^Identifying/ d' -e '/Reading / d' rootdir/tmp/apt-cdrom.log
+ sed -e '/gpgv\?: Signature made/ d' -e '/gpgv\?: Good signature/ d' -e '/^Identifying/ d' -e '/Reading / d' rootdir/tmp/apt-cdrom.log
test ! -e rootdir/media/cdrom || echo "CD-ROM is mounted, but shouldn't be!"
test -e rootdir/media/cdrom-unmounted || echo "Unmounted CD-ROM doesn't exist, but it should!"
}
test ! -e rootdir/media/cdrom || echo "CD-ROM is mounted, but shouldn't be!"
test -e rootdir/media/cdrom-unmounted || echo "Unmounted CD-ROM doesn't exist, but it should!"
}
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)' aptkey --fakeroot net-update
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)' aptkey --fakeroot net-update
+aptkey list | grep '^pub' > aptkey.list
+testfileequal ./aptkey.list 'pub 1024R/F68C85A3 2013-12-19
+pub 2048R/DBAC8DAE 2010-08-18'
# now try a different one
# setup archive-keyring
# now try a different one
# setup archive-keyring
testequal "Checking for new archive signing keys now
Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update
testequal "Checking for new archive signing keys now
Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update
+aptkey list | grep '^pub' > aptkey.list
+testfileequal ./aptkey.list 'pub 1024R/F68C85A3 2013-12-19
+pub 2048R/DBAC8DAE 2010-08-18'
--- /dev/null
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'i386'
+
+insertpackage 'unstable' 'foobar' 'all' '1'
+
+setupaptarchive --no-update
+
+for i in $(seq 1 50); do
+ touch rootdir/etc/apt/trusted.gpg.d/emptykey-${i}.gpg
+done
+
+aptkey list | grep '^pub' > aptkey.list
+testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18'
+
+msgtest 'Test for no gpg errors/warnings in' 'apt-get update'
+aptget update > update.log 2>&1
+if grep -iq 'GPG' update.log; then
+ msgfail
+ cat update.log
+else
+ msgpass
+fi
projects / apt.git / commitdiff
