diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2014-09-27 00:12:44 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2014-09-27 00:12:44 +0200 |
| commit | c0f3bde3e0cf33b9134fae8289aa651f7f1866b1 (patch) | |
| tree | cab5ce7d8beadca310a2e5e2a2c18f28a0ef55e0 | |
| parent | bf3ad91fdf4967fe107e08a6887f9ed51f4f5eea (diff) | |
| parent | 98f0d7b3d9d7ed0a5cf11d8f9327a021954816b6 (diff) | |
Merge branch 'feature/gnupglimit' into debian/experimental
59 files changed, 652 insertions, 529 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index f24dd9640..9d798cca9 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -32,50 +32,30 @@ static char * GenerateTemporaryFileTemplate(const char *basename) /*{{{*/ /*}}}*/ // ExecGPGV - returns the command needed for verify /*{{{*/ // --------------------------------------------------------------------- -/* Generating the commandline for calling gpgv is somehow complicated as +/* Generating the commandline for calling gpg is somehow complicated as we need to add multiple keyrings and user supplied options. - Also, as gpgv has no options to enforce a certain reduced style of + Also, as gpg has no options to enforce a certain reduced style of clear-signed files (=the complete content of the file is signed and the content isn't encoded) we do a divide and conquer approach here - and split up the clear-signed file in message and signature for gpgv + and split up the clear-signed file in message and signature for gpg. + And as a cherry on the cake, we use our apt-key wrapper to do part + of the lifting in regards to merging keyrings. Fun for the whole family. */ void ExecGPGV(std::string const &File, std::string const &FileGPG, int const &statusfd, int fd[2]) { #define EINTERNAL 111 - std::string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv"); - // FIXME: remove support for deprecated APT::GPGV setting - std::string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted")); - std::string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts"); + std::string const aptkey = _config->FindFile("Dir::Bin::apt-key", "/usr/bin/apt-key"); bool const Debug = _config->FindB("Debug::Acquire::gpgv", false); - if (Debug == true) - { - std::clog << "gpgv path: " << gpgvpath << std::endl; - std::clog << "Keyring file: " << trustedFile << std::endl; - std::clog << "Keyring path: " << trustedPath << std::endl; - } - - std::vector<std::string> keyrings; - if (DirectoryExists(trustedPath)) - keyrings = GetListOfFilesInDir(trustedPath, "gpg", false, true); - if (RealFileExists(trustedFile) == true) - keyrings.push_back(trustedFile); - std::vector<const char *> Args; - Args.reserve(30); - - if (keyrings.empty() == true) - { - // TRANSLATOR: %s is the trusted keyring parts directory - ioprintf(std::cerr, _("No keyring installed in %s."), - _config->FindDir("Dir::Etc::TrustedParts").c_str()); - exit(EINTERNAL); - } + Args.reserve(10); - Args.push_back(gpgvpath.c_str()); - Args.push_back("--ignore-time-conflict"); + Args.push_back(aptkey.c_str()); + Args.push_back("--quiet"); + Args.push_back("--readonly"); + Args.push_back("verify"); char statusfdstr[10]; if (statusfd != -1) @@ -85,13 +65,6 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, Args.push_back(statusfdstr); } - for (std::vector<std::string>::const_iterator K = keyrings.begin(); - K != keyrings.end(); ++K) - { - Args.push_back("--keyring"); - Args.push_back(K->c_str()); - } - Configuration::Item const *Opts; Opts = _config->Tree("Acquire::gpgv::Options"); if (Opts != 0) @@ -160,7 +133,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, if (Debug == true) { - std::clog << "Preparing to exec: " << gpgvpath; + std::clog << "Preparing to exec: "; for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a) std::clog << " " << *a; std::clog << std::endl; @@ -168,7 +141,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, if (statusfd != -1) { - int const nullfd = open("/dev/null", O_RDONLY); + int const nullfd = open("/dev/null", O_WRONLY); close(fd[0]); // Redirect output to /dev/null; we read from the status fd if (statusfd != STDOUT_FILENO) @@ -185,7 +158,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, if (releaseSignature == DETACHED) { - execvp(gpgvpath.c_str(), (char **) &Args[0]); + execvp(Args[0], (char **) &Args[0]); ioprintf(std::cerr, "Couldn't execute %s to check %s", Args[0], File.c_str()); exit(EINTERNAL); } @@ -205,7 +178,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, { if (statusfd != -1) dup2(fd[1], statusfd); - execvp(gpgvpath.c_str(), (char **) &Args[0]); + execvp(Args[0], (char **) &Args[0]); ioprintf(std::cerr, "Couldn't execute %s to check %s", Args[0], File.c_str()); UNLINK_EXIT(EINTERNAL); } @@ -216,7 +189,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, { if (errno == EINTR) continue; - ioprintf(std::cerr, _("Waited for %s but it wasn't there"), "gpgv"); + ioprintf(std::cerr, _("Waited for %s but it wasn't there"), "apt-key"); UNLINK_EXIT(EINTERNAL); } #undef UNLINK_EXIT @@ -229,14 +202,14 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, // check if it exit'ed normally … if (WIFEXITED(Status) == false) { - ioprintf(std::cerr, _("Sub-process %s exited unexpectedly"), "gpgv"); + ioprintf(std::cerr, _("Sub-process %s exited unexpectedly"), "apt-key"); exit(EINTERNAL); } // … and with a good exit code if (WEXITSTATUS(Status) != 0) { - ioprintf(std::cerr, _("Sub-process %s returned an error code (%u)"), "gpgv", WEXITSTATUS(Status)); + ioprintf(std::cerr, _("Sub-process %s returned an error code (%u)"), "apt-key", WEXITSTATUS(Status)); exit(WEXITSTATUS(Status)); } diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 0774cf4b7..83a7a31b9 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -3,29 +3,6 @@ set -e unset GREP_OPTIONS -GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" - -# gpg needs (in different versions more or less) files to function correctly, -# so we give it its own homedir and generate some valid content for it -GPGHOMEDIR="$(mktemp -d)" -CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';" -trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM -chmod 700 "$GPGHOMEDIR" -# We don't use a secret keyring, of course, but gpg panics and -# implodes if there isn't one available - and writeable for imports -SECRETKEYRING="${GPGHOMEDIR}/secring.gpg" -touch $SECRETKEYRING -GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR" -# create the trustdb with an (empty) dummy keyring -# older gpgs required it, newer gpgs even warn that it isn't needed, -# but require it nonetheless for some commands, so we just play safe -# here for the foreseeable future and create a dummy one -$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1 -# tell gpg that it shouldn't try to maintain a trustdb file -GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" - -GPG="$GPG_CMD" - APT_DIR="/" eval $(apt-config shell APT_DIR Dir) @@ -37,22 +14,26 @@ REMOVED_KEYS='&keyring-removed-filename;' eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys) ARCHIVE_KEYRING_URI='&keyring-uri;' eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI) -TMP_KEYRING=${APT_DIR}/var/lib/apt/keyrings/maybe-import-keyring.gpg + +aptkey_echo() { echo "$@"; } requires_root() { if [ "$(id -u)" -ne 0 ]; then - echo >&1 "ERROR: This command can only be used by root." + echo >&2 "ERROR: This command can only be used by root." exit 1 fi } -# gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. -init_keyring() { - for path; do - if ! [ -e "$path" ]; then - touch -- "$path" - chmod 0644 -- "$path" - fi +get_fingerprints_of_keyring() { + $GPG_CMD --keyring "$1" --with-colons --fingerprint | while read publine; do + # search for a public key + if [ "${publine%%:*}" != 'pub' ]; then continue; fi + # search for the associated fingerprint (should be the very next line) + while read fprline; do + if [ "${fprline%%:*}" = 'sub' ]; then break; # should never happen + elif [ "${fprline%%:*}" != 'fpr' ]; then continue; fi + echo "$fprline" | cut -d':' -f 10 + done done } @@ -61,11 +42,11 @@ add_keys_with_verify_against_master_keyring() { MASTER=$2 if [ ! -f "$ADD_KEYRING" ]; then - echo "ERROR: '$ADD_KEYRING' not found" + echo >&2 "ERROR: '$ADD_KEYRING' not found" return - fi + fi if [ ! -f "$MASTER" ]; then - echo "ERROR: '$MASTER' not found" + echo >&2 "ERROR: '$MASTER' not found" return fi @@ -73,7 +54,7 @@ add_keys_with_verify_against_master_keyring() { # is honored. so: # all keys that are exported must have a valid signature # from a key in the $distro-master-keyring - add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` + add_keys="$(get_fingerprints_of_keyring "$ADD_KEYRING")" all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5` master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` @@ -86,24 +67,28 @@ add_keys_with_verify_against_master_keyring() { fi done done - + for add_key in $add_keys; do # export the add keyring one-by-one - rm -f $TMP_KEYRING - $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key - # check if signed with the master key and only add in this case - ADDED=0 + local TMP_KEYRING="${GPGHOMEDIR}/tmp-keyring.gpg" + $GPG_CMD --batch --yes --keyring "$ADD_KEYRING" --output "$TMP_KEYRING" --export "$add_key" + if ! $GPG_CMD --batch --yes --keyring "$TMP_KEYRING" --import "$MASTER" > "${GPGHOMEDIR}/gpgoutput.log" 2>&1; then + cat "${GPGHOMEDIR}/gpgoutput.log" + false + fi + # check if signed with the master key and only add in this case + ADDED=0 for master_key in $master_keys; do - if $GPG_CMD --keyring $MASTER --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then - $GPG --import $TMP_KEYRING + if $GPG_CMD --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then + $GPG_CMD --batch --yes --keyring "$ADD_KEYRING" --export "$add_key" | $GPG --batch --yes --import ADDED=1 fi done if [ $ADDED = 0 ]; then echo >&2 "Key '$add_key' not added. It is not signed with a master key" fi + rm -f "${TMP_KEYRING}" done - rm -f $TMP_KEYRING } # update the current archive signing keyring from a network URI @@ -121,7 +106,6 @@ net_update() { echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set" exit 1 fi - requires_root # in theory we would need to depend on wget for this, but this feature # isn't useable in debian anyway as we have no keyring uri nor a master key if ! which wget >/dev/null 2>&1; then @@ -142,7 +126,7 @@ net_update() { fi new_mtime=$(stat -c %Y $keyring) if [ $new_mtime -ne $old_mtime ]; then - echo "Checking for new archive signing keys now" + aptkey_echo "Checking for new archive signing keys now" add_keys_with_verify_against_master_keyring $keyring $MASTER_KEYRING fi } @@ -153,7 +137,6 @@ update() { echo >&2 "Is the &keyring-package; package installed?" exit 1 fi - requires_root # add new keys from the package; @@ -166,71 +149,159 @@ update() { if [ -r "$REMOVED_KEYS" ]; then # remove no-longer supported/used keys - keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5` - for key in $keys; do - if $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5 | grep -q $key; then - $GPG --quiet --batch --delete-key --yes ${key} - fi + get_fingerprints_of_keyring "$REMOVED_KEYS" | while read key; do + foreach_keyring_do 'remove_key_from_keyring' "$key" done else - echo "Warning: removed keys keyring $REMOVED_KEYS missing or not readable" >&2 + echo >&2 "Warning: removed keys keyring $REMOVED_KEYS missing or not readable" fi } remove_key_from_keyring() { - local GPG="$GPG_CMD --keyring $1" - # check if the key is in this keyring: the key id is in the 5 column at the end - if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+$2:"; then - return - fi - if [ ! -w "$1" ]; then - echo >&2 "Key ${2} is in keyring ${1}, but can't be removed as it is read only." - return + local KEYRINGFILE="$1" + shift + # non-existent keyrings have by definition no keys + if [ ! -e "$KEYRINGFILE" ]; then + return fi - # check if it is the only key in the keyring and if so remove the keyring altogether - if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then - mv -f "$1" "${1}~" # behave like gpg - return - fi - # we can't just modify pointed to files as these might be in /usr or something - local REALTARGET - if [ -L "$1" ]; then - REALTARGET="$(readlink -f "$1")" - mv -f "$1" "${1}.dpkg-tmp" - cp -a "$REALTARGET" "$1" - ls "$(dirname $1)" - fi - # delete the key from the keyring - $GPG --batch --delete-key --yes "$2" - if [ -n "$REALTARGET" ]; then - # the real backup is the old link, not the copy we made - mv -f "${1}.dpkg-tmp" "${1}~" - fi -} -remove_key() { - requires_root + local GPG="$GPG_CMD --keyring $KEYRINGFILE" + for KEY in "$@"; do + # check if the key is in this keyring: the key id is in the 5 column at the end + if ! get_fingerprints_of_keyring "$KEYRINGFILE" | grep -q "^[0-9A-F]*${KEY}$"; then + continue + fi + if [ ! -w "$KEYRINGFILE" ]; then + echo >&2 "Key ${KEY} is in keyring ${KEYRINGFILE}, but can't be removed as it is read only." + continue + fi + # check if it is the only key in the keyring and if so remove the keyring altogether + if [ '1' = "$(get_fingerprints_of_keyring "$KEYRINGFILE" | wc -l)" ]; then + mv -f "$KEYRINGFILE" "${KEYRINGFILE}~" # behave like gpg + return + fi + # we can't just modify pointed to files as these might be in /usr or something + local REALTARGET + if [ -L "$KEYRINGFILE" ]; then + REALTARGET="$(readlink -f "$KEYRINGFILE")" + mv -f "$KEYRINGFILE" "${KEYRINGFILE}.dpkg-tmp" + cp -a "$REALTARGET" "$KEYRINGFILE" + fi + # delete the key from the keyring + $GPG --batch --delete-key --yes "$KEY" + if [ -n "$REALTARGET" ]; then + # the real backup is the old link, not the copy we made + mv -f "${KEYRINGFILE}.dpkg-tmp" "${KEYRINGFILE}~" + fi + done +} - # if a --keyring was given, just remove from there - if [ -n "$FORCED_KEYRING" ]; then - remove_key_from_keyring "$FORCED_KEYRING" "$1" - else +foreach_keyring_do() { + local ACTION="$1" + shift + # if a --keyring was given, just remove from there + if [ -n "$FORCED_KEYRING" ]; then + $ACTION "$FORCED_KEYRING" "$@" + else # otherwise all known keyrings are up for inspection - local TRUSTEDFILE="/etc/apt/trusted.gpg" - eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) - eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) - remove_key_from_keyring "$TRUSTEDFILE" "$1" - TRUSTEDPARTS="/etc/apt/trusted.gpg.d" + if [ -s "$TRUSTEDFILE" ]; then + $ACTION "$TRUSTEDFILE" "$@" + fi + local TRUSTEDPARTS="/etc/apt/trusted.gpg.d" eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) if [ -d "$TRUSTEDPARTS" ]; then + # strip / suffix as gpg will double-slash in that case (#665411) + local STRIPPED_TRUSTEDPARTS="${TRUSTEDPARTS%/}" + if [ "${STRIPPED_TRUSTEDPARTS}/" = "$TRUSTEDPARTS" ]; then + TRUSTEDPARTS="$STRIPPED_TRUSTEDPARTS" + fi for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do - remove_key_from_keyring "$trusted" "$1" + if [ -s "$trusted" ]; then + $ACTION "$trusted" "$@" + fi done fi + fi +} + +run_cmd_on_keyring() { + local KEYRINGFILE="$1" + shift + # fingerprint and co will fail if key isn't in this keyring + $GPG_CMD --keyring "$KEYRINGFILE" --batch "$@" 2>/dev/null || true +} + +import_keys_from_keyring() { + local IMPORT="$1" + local KEYRINGFILE="$2" + if ! $GPG_CMD --keyring "$KEYRINGFILE" --batch --import "$IMPORT" > "${GPGHOMEDIR}/gpgoutput.log" 2>&1; then + cat "${GPGHOMEDIR}/gpgoutput.log" + false fi - echo "OK" } +merge_keys_into_keyrings() { + local KEYRINGFILE="$1" + local IMPORT="$2" + if ! $GPG_CMD --keyring "$KEYRINGFILE" --batch --import --import-options 'merge-only' "$IMPORT" > "${GPGHOMEDIR}/gpgoutput.log" 2>&1; then + cat "${GPGHOMEDIR}/gpgoutput.log" + false + fi +} + +merge_back_changes() { + if [ -n "$FORCED_KEYRING" ]; then + # if the keyring was forced merge is already done + return + fi + if [ -s "${GPGHOMEDIR}/pubring.gpg" ]; then + # merge all updated keys + foreach_keyring_do 'merge_keys_into_keyrings' "${GPGHOMEDIR}/pubring.gpg" + fi + # look for keys which were added or removed + get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.orig.gpg" > "${GPGHOMEDIR}/pubring.orig.keylst" + get_fingerprints_of_keyring "${GPGHOMEDIR}/pubring.gpg" > "${GPGHOMEDIR}/pubring.keylst" + sort "${GPGHOMEDIR}/pubring.keylst" "${GPGHOMEDIR}/pubring.orig.keylst" | uniq --unique | while read key; do + if grep -q "^${key}$" "${GPGHOMEDIR}/pubring.orig.keylst"; then + # key isn't part of new keyring, so remove + foreach_keyring_do 'remove_key_from_keyring' "$key" + elif grep -q "^${key}$" "${GPGHOMEDIR}/pubring.keylst"; then + # key is part of new keyring, so we need to import it + create_new_keyring "$TRUSTEDFILE" + if ! $GPG --batch --yes --export "$key" | $GPG_CMD --keyring "$TRUSTEDFILE" --batch --yes --import > "${GPGHOMEDIR}/gpgoutput.log" 2>&1; then + cat "${GPGHOMEDIR}/gpgoutput.log" + false + fi + else + echo >&2 "Errror: Key ${key} (dis)appeared out of nowhere" + fi + done +} + +setup_merged_keyring() { + if [ -z "$FORCED_KEYRING" ]; then + foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg" + if [ -r "${GPGHOMEDIR}/pubring.gpg" ]; then + cp -a "${GPGHOMEDIR}/pubring.gpg" "${GPGHOMEDIR}/pubring.orig.gpg" + else + touch "${GPGHOMEDIR}/pubring.gpg" "${GPGHOMEDIR}/pubring.orig.gpg" + fi + GPG="$GPG --keyring ${GPGHOMEDIR}/pubring.gpg" + else + GPG="$GPG --keyring $TRUSTEDFILE" + create_new_keyring "$TRUSTEDFILE" + fi +} + +create_new_keyring() { + # gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. + if ! [ -e "$TRUSTEDFILE" ]; then + if [ -w "$(dirname "$TRUSTEDFILE")" ]; then + touch -- "$TRUSTEDFILE" + chmod 0644 -- "$TRUSTEDFILE" + fi + fi +} usage() { echo "Usage: apt-key [--keyring file] [command] [arguments]" @@ -256,17 +327,19 @@ while [ -n "$1" ]; do shift TRUSTEDFILE="$1" FORCED_KEYRING="$1" - if [ -r "$TRUSTEDFILE" ] || [ "$2" = 'add' ] || [ "$2" = 'adv' ]; then - GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE" - else - echo >&2 "Error: The specified keyring »$TRUSTEDFILE« is missing or not readable" - exit 1 - fi + ;; + --secret-keyring) shift + FORCED_SECRET_KEYRING="$1" + ;; + --readonly) + merge_back_changes() { true; } ;; --fakeroot) requires_root() { true; } - shift + ;; + --quiet) + aptkey_echo() { true; } ;; --*) echo >&2 "Unknown option: $1" @@ -275,28 +348,13 @@ while [ -n "$1" ]; do *) break;; esac + shift done if [ -z "$TRUSTEDFILE" ]; then TRUSTEDFILE="/etc/apt/trusted.gpg" eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) - if [ -r "$TRUSTEDFILE" ]; then - GPG="$GPG --keyring $TRUSTEDFILE" - fi - GPG="$GPG --primary-keyring $TRUSTEDFILE" - TRUSTEDPARTS="/etc/apt/trusted.gpg.d" - eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) - if [ -d "$TRUSTEDPARTS" ]; then - # strip / suffix as gpg will double-slash in that case (#665411) - STRIPPED_TRUSTEDPARTS="${TRUSTEDPARTS%/}" - if [ "${STRIPPED_TRUSTEDPARTS}/" = "$TRUSTEDPARTS" ]; then - TRUSTEDPARTS="$STRIPPED_TRUSTEDPARTS" - fi - for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do - GPG="$GPG --keyring $trusted" - done - fi fi command="$1" @@ -306,52 +364,100 @@ if [ -z "$command" ]; then fi shift -if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then - echo >&2 "Warning: gnupg does not seem to be installed." - echo >&2 "Warning: apt-key requires gnupg for most operations." - echo >&2 +if [ "$command" != "help" ]; then + eval $(apt-config shell GPG_EXE Apt::Key::gpgcommand) + + if [ -n "$GPG_EXE" ] && which "$GPG_EXE" >/dev/null 2>&1; then + true + elif which gpg >/dev/null 2>&1; then + GPG_EXE="gpg" + elif which gpg2 >/dev/null 2>&1; then + GPG_EXE="gpg2" + else + echo >&2 "Error: gnupg or gnupg2 do not seem to be installed," + echo >&2 "Error: but apt-key requires gnupg or gnupg2 for operation." + echo >&2 + exit 255 + fi + + GPG_CMD="$GPG_EXE --ignore-time-conflict --no-options --no-default-keyring" + + # gpg needs (in different versions more or less) files to function correctly, + # so we give it its own homedir and generate some valid content for it + GPGHOMEDIR="$(mktemp -d)" + CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';" + trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM + chmod 700 "$GPGHOMEDIR" + # We don't use a secret keyring, of course, but gpg panics and + # implodes if there isn't one available - and writeable for imports + SECRETKEYRING="${GPGHOMEDIR}/secring.gpg" + touch $SECRETKEYRING + GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR" + # create the trustdb with an (empty) dummy keyring + # older gpgs required it, newer gpgs even warn that it isn't needed, + # but require it nonetheless for some commands, so we just play safe + # here for the foreseeable future and create a dummy one + $GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1 + # tell gpg that it shouldn't try to maintain a trustdb file + GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" + GPG="$GPG_CMD" + + # for advanced operations, we might really need a secret keyring after all + if [ -n "$FORCED_SECRET_KEYRING" ] && [ -r "$FORCED_SECRET_KEYRING" ]; then + rm -f "$SECRETKEYRING" + cp -a "$FORCED_SECRET_KEYRING" "$SECRETKEYRING" + fi fi case "$command" in add) - requires_root - init_keyring "$TRUSTEDFILE" - $GPG --quiet --batch --import "$1" - echo "OK" + requires_root + setup_merged_keyring + $GPG --quiet --batch --import "$@" + merge_back_changes + aptkey_echo "OK" ;; del|rm|remove) - init_keyring "$TRUSTEDFILE" - remove_key "$1" + requires_root + foreach_keyring_do 'remove_key_from_keyring' "$@" + aptkey_echo "OK" ;; update) - init_keyring "$TRUSTEDFILE" + requires_root + setup_merged_keyring update + merge_back_changes ;; net-update) - init_keyring "$TRUSTEDFILE" + requires_root + setup_merged_keyring net_update + merge_back_changes ;; list) - init_keyring "$TRUSTEDFILE" - $GPG --batch --list-keys - ;; + foreach_keyring_do 'run_cmd_on_keyring' --list-keys "$@" + ;; finger*) - init_keyring "$TRUSTEDFILE" - $GPG --batch --fingerprint - ;; - export) - init_keyring "$TRUSTEDFILE" - $GPG --armor --export "$1" - ;; - exportall) - init_keyring "$TRUSTEDFILE" - $GPG --armor --export - ;; + foreach_keyring_do 'run_cmd_on_keyring' --fingerprint "$@" + ;; + export|exportall) + foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg" + $GPG_CMD --keyring "${GPGHOMEDIR}/pubring.gpg" --armor --export "$@" + ;; adv*) - init_keyring "$TRUSTEDFILE" - echo "Executing: $GPG $*" - $GPG $* - ;; + setup_merged_keyring + aptkey_echo "Executing: $GPG $*" + $GPG "$@" + merge_back_changes + ;; + verify) + setup_merged_keyring + if which gpgv >/dev/null 2>&1; then + gpgv --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@" + else + $GPG --verify "$@" + fi + ;; help) usage ;; diff --git a/debian/apt.postinst b/debian/apt.postinst index a538abde9..01f78a1dd 100644..100755 --- a/debian/apt.postinst +++ b/debian/apt.postinst @@ -15,6 +15,15 @@ set -e case "$1" in configure) + if dpkg --compare-versions "$2" lt 1.0.7; then + # apt-key before 0.9.10 could leave empty keyrings around + find /etc/apt/trusted.gpg.d/ -name '*.gpg' | while read keyring; do + if ! test -s "$keyring"; then + rm -f "$keyring" + fi + done + fi + if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then # we are using tmpfiles for both rm -f /etc/apt/trustdb.gpg diff --git a/debian/postrm b/debian/apt.postrm index ae1e18d33..ae1e18d33 100755 --- a/debian/postrm +++ b/debian/apt.postrm diff --git a/debian/control b/debian/control index 51bb85d30..6d29b0250 100644 --- a/debian/control +++ b/debian/control @@ -18,7 +18,7 @@ XS-Testsuite: autopkgtest Package: apt Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gnupg +Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gnupg | gnupg2 Replaces: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~) Breaks: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~) Conflicts: python-apt (<< 0.7.93.2~) @@ -43,7 +43,7 @@ Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} -Breaks: apt (<< 0.9.4~), libapt-inst1.5 (<< 0.9.9~) +Breaks: apt (<< 1.0.2~), libapt-inst1.5 (<< 0.9.9~) Section: libs Description: package management runtime library This library provides the common functionality for searching and diff --git a/debian/postinst b/debian/postinst deleted file mode 100755 index 1588f5241..000000000 --- a/debian/postinst +++ /dev/null @@ -1,39 +0,0 @@ -#! /bin/sh - -# apt postinst, based liberally on James Troup's gpm postinst -# Copyright (C) 1998, Ben Gertzfield <che@debian.org> - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. - -set -e - -create_apt_conf () -{ - EXAMPLE_SOURCE=/usr/share/doc/apt/examples/sources.list - if [ -f $EXAMPLE_SOURCE ]; then - cp $EXAMPLE_SOURCE /etc/apt/sources.list - fi -} - -check_apt_conf () -{ - true - # this is for future expansion -} - -#DEBHELPER# - -case "$1" in - configure) - # - # If there is no /etc/apt/sources.list then create a default - # - if [ ! -f /etc/apt/sources.list ]; then - create_apt_conf - else - check_apt_conf - fi -esac diff --git a/debian/tests/control b/debian/tests/control index f7e47c5f3..0e774d4ca 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,3 +1,3 @@ Tests: run-tests -Restrictions: allow-stderr -Depends: @, @builddeps@, fakeroot, wget, stunnel4, db-util +Restrictions: allow-stderr +Depends: @, @builddeps@, fakeroot, wget, stunnel4, db-util, gnupg, gnupg2 diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 4071cbac6..02fb8c356 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -75,7 +75,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, FILE *pipein = fdopen(fd[0], "r"); - // Loop over the output of gpgv, and check the signatures. + // Loop over the output of apt-key (which really is gnupg), and check the signatures. size_t buffersize = 64; char *buffer = (char *) malloc(buffersize); size_t bufferoff = 0; @@ -160,7 +160,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, waitpid(pid, &status, 0); if (Debug == true) { - std::clog << "gpgv exited\n"; + std::clog << "apt-key exited\n"; } if (WEXITSTATUS(status) == 0) @@ -172,7 +172,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, else if (WEXITSTATUS(status) == 1) return _("At least one invalid signature was encountered."); else if (WEXITSTATUS(status) == 111) - return _("Could not execute 'gpgv' to verify signature (is gpgv installed?)"); + return _("Could not execute 'apt-key' to verify signature (is gnupg installed?)"); else if (WEXITSTATUS(status) == 112) { // acquire system checks for "NODATA" to generate GPG errors (the others are only warnings) @@ -182,7 +182,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, return errmsg; } else - return _("Unknown error executing gpgv"); + return _("Unknown error executing apt-key"); } bool GPGVMethod::Fetch(FetchItem *Itm) @@ -200,7 +200,7 @@ bool GPGVMethod::Fetch(FetchItem *Itm) Res.Filename = Itm->DestFile; URIStart(Res); - // Run gpgv on file, extract contents and get the key ID of the signer + // Run apt-key on file, extract contents and get the key ID of the signer string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), GoodSigners, BadSigners, WorthlessSigners, NoPubKeySigners); @@ -252,7 +252,7 @@ bool GPGVMethod::Fetch(FetchItem *Itm) if (_config->FindB("Debug::Acquire::gpgv", false)) { - std::clog << "gpgv succeeded\n"; + std::clog << "apt-key succeeded\n"; } return true; diff --git a/po/apt-all.pot b/po/apt-all.pot index d2229a936..664965900 100644 --- a/po/apt-all.pot +++ b/po/apt-all.pot @@ -901,7 +901,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -913,7 +913,7 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:217 methods/gpgv.cc:224 @@ -914,7 +914,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -926,7 +926,7 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:217 methods/gpgv.cc:224 @@ -1021,8 +1021,8 @@ msgid "At least one invalid signature was encountered." msgstr "Atopóse polo menos una robla mala." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Nun pudo executase 'gpgv' pa verificar la robla (¿ta instaláu gpgv?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Nun pudo executase 'apt-key' pa verificar la robla (¿ta instaláu gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1033,8 +1033,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Fallu desconocíu al executar gpgv" +msgid "Unknown error executing apt-key" +msgstr "Fallu desconocíu al executar apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1051,10 +1051,10 @@ msgid "At least one invalid signature was encountered." msgstr "Намерен е поне един невалиден подпис." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Неуспех при изпълнение на „gpgv“ за проверка на подписа (инсталиран ли е " -"gpgv?)" +"Неуспех при изпълнение на „apt-key“ за проверка на подписа (инсталиран ли е " +"gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1065,8 +1065,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Неизвестна грешка при изпълнението на gpgv" +msgid "Unknown error executing apt-key" +msgstr "Неизвестна грешка при изпълнението на apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -920,7 +920,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -932,7 +932,7 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:217 methods/gpgv.cc:224 @@ -1034,10 +1034,10 @@ msgid "At least one invalid signature was encountered." msgstr "S'ha trobat almenys una signatura invàlida." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"No s'ha pogut executar el «gpgv» per a verificar la signatura (està " -"instaŀlat el gpgv?)" +"No s'ha pogut executar el «apt-key» per a verificar la signatura (està " +"instaŀlat el gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1048,8 +1048,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "S'ha produït un error desconegut en executar el gpgv" +msgid "Unknown error executing apt-key" +msgstr "S'ha produït un error desconegut en executar el apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1062,8 +1062,8 @@ msgid "At least one invalid signature was encountered." msgstr "Byl zaznamenán nejméně jeden neplatný podpis. " #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Nelze spustit „gpgv“ pro ověření podpisu (je gpgv nainstalováno?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Nelze spustit „apt-key“ pro ověření podpisu (je gnupg nainstalováno?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1076,8 +1076,8 @@ msgstr "" "ověření?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Neznámá chyba při spouštění gpgv" +msgid "Unknown error executing apt-key" +msgstr "Neznámá chyba při spouštění apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1042,7 +1042,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1054,7 +1054,7 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:217 methods/gpgv.cc:224 @@ -1075,9 +1075,9 @@ msgid "At least one invalid signature was encountered." msgstr "Stødte på mindst én ugyldig signatur." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Kunne ikke køre »gpgv« for at verificere signaturen (er gpgv installeret?)" +"Kunne ikke køre »apt-key« for at verificere signaturen (er gnupg installeret?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1090,8 +1090,8 @@ msgstr "" "autentificering?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Ukendt fejl ved kørsel af gpgv" +msgid "Unknown error executing apt-key" +msgstr "Ukendt fejl ved kørsel af apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1113,9 +1113,9 @@ msgid "At least one invalid signature was encountered." msgstr "Mindestens eine ungültige Signatur wurde entdeckt." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"»gpgv« konnte zur Überprüfung der Signatur nicht ausgeführt werden (ist gpgv " +"»apt-key« konnte zur Überprüfung der Signatur nicht ausgeführt werden (ist gnupg " "installiert?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1129,8 +1129,8 @@ msgstr "" "das Netzwerk eine Authentifizierung?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Unbekannter Fehler beim Ausführen von gpgv" +msgid "Unknown error executing apt-key" +msgstr "Unbekannter Fehler beim Ausführen von apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1016,7 +1016,7 @@ msgstr "ཉུང་མཐའ་རང་ནུས་མེད་ཀྱི་མ #: methods/gpgv.cc:174 #, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" "མིང་རྟགས་བདེན་སྦྱོར་འབད་ནི་ལུ་'%s'འདི་ལག་ལེན་འཐབ་མ་ཚུགས། (gpgv་དེ་ཁཞི་བཙུགས་འབད་ཡོདཔ་ཨིན་ན།?)" @@ -1029,8 +1029,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "gpgv་ལག་ལེན་འཐབ་ནི་ལུ་མ་ཤེས་པའི་འཛོལ་བ་།" +msgid "Unknown error executing apt-key" +msgstr "apt-key་ལག་ལེན་འཐབ་ནི་ལུ་མ་ཤེས་པའི་འཛོལ་བ་།" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1028,10 +1028,10 @@ msgstr "Βρέθηκε τουλάχιστον μια μη έγκυρη υπογ #: methods/gpgv.cc:174 #, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" "Αδυναμία εκτέλεσης του '%s' για την επαλήθευση της υπογραφής (είναι " -"εγκατεστημένο το gpgv;)" +"εγκατεστημένο το gnupg;)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1042,8 +1042,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Άγνωστο σφάλμα κατά την εκτέλεση του gpgv" +msgid "Unknown error executing apt-key" +msgstr "Άγνωστο σφάλμα κατά την εκτέλεση του apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1086,9 +1086,9 @@ msgid "At least one invalid signature was encountered." msgstr "Se encontró al menos una firma inválida." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"No se pudo ejecutar «gpgv» para verificar la firma (¿está instalado gpgv?)" +"No se pudo ejecutar «apt-key» para verificar la firma (¿está instalado gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1099,8 +1099,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Error desconocido ejecutando gpgv" +msgid "Unknown error executing apt-key" +msgstr "Error desconocido ejecutando apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1016,9 +1016,8 @@ msgid "At least one invalid signature was encountered." msgstr "Beintza sinadura baliogabe bat aurkitu da." #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Ezin da %s abiarazi sinadura egiaztatzeko (gpgv instalaturik al dago?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Ezin da apt-key abiarazi sinadura egiaztatzeko (gnupg instalaturik al dago?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1029,8 +1028,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Errore ezezaguna gpgv exekutatzean" +msgid "Unknown error executing apt-key" +msgstr "Errore ezezaguna apt-key exekutatzean" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1007,10 +1007,9 @@ msgid "At least one invalid signature was encountered." msgstr "LÖytyi ainakin yksi kelvoton allekirjoitus." #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Ei käynnistynyt \"%s\" allekirjoitusta tarkistamaan (onko gpgv asennettu?)" +"Ei käynnistynyt \"apt-key\" allekirjoitusta tarkistamaan (onko gnupg asennettu?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1021,8 +1020,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Tapahtui tuntematon virhe suoritettaessa gpgv" +msgid "Unknown error executing apt-key" +msgstr "Tapahtui tuntematon virhe suoritettaessa apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1077,10 +1077,10 @@ msgid "At least one invalid signature was encountered." msgstr "Au moins une signature non valable a été rencontrée." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Impossible d'exécuter « gpgv » pour contrôler la signature (veuillez " -"vérifier si gpgv est installé)." +"Impossible d'exécuter « apt-key » pour contrôler la signature (veuillez " +"vérifier si gnupg est installé)." #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1093,8 +1093,8 @@ msgstr "" "Peut-être le réseau nécessite-t-il une authentification." #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Erreur inconnue à l'exécution de gpgv" +msgid "Unknown error executing apt-key" +msgstr "Erreur inconnue à l'exécution de apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1032,10 +1032,10 @@ msgid "At least one invalid signature was encountered." msgstr "Atopouse polo menos unha sinatura incorrecta." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Non é posíbel executar «gpgv» para verificar a sinatura (Está instalado " -"gpgv?)" +"Non é posíbel executar «apt-key» para verificar a sinatura (Está instalado " +"gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1046,8 +1046,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Produciuse un erro descoñecido ao executar gpgv" +msgid "Unknown error executing apt-key" +msgstr "Produciuse un erro descoñecido ao executar apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1810,11 +1810,11 @@ msgstr "" #: methods/gpgv.cc:232 #, c-format -msgid "Could not execute '%s' to verify signature (is gpgv installed?)" +msgid "Could not execute '%s' to verify signature (is gnupg installed?)" msgstr "" #: methods/gpgv.cc:237 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:271 methods/gpgv.cc:278 @@ -1050,9 +1050,9 @@ msgid "At least one invalid signature was encountered." msgstr "Legalább egy aláírás érvénytelen." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Nem indítható el a „gpgv” az aláírás ellenőrzéséhez (telepítve van a gpgv?)" +"Nem indítható el a „apt-key” az aláírás ellenőrzéséhez (telepítve van a gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1063,8 +1063,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Ismeretlen gpgv futtatási hiba" +msgid "Unknown error executing apt-key" +msgstr "Ismeretlen apt-key futtatási hiba" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1093,9 +1093,9 @@ msgid "At least one invalid signature was encountered." msgstr "È stata trovata almeno una firma non valida." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Impossibile eseguire \"gpgv\" per verificare la firma (forse gpgv non è " +"Impossibile eseguire \"apt-key\" per verificare la firma (forse gnupg non è " "installato)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1109,8 +1109,8 @@ msgstr "" "richiede autenticazione?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Errore sconosciuto durante l'esecuzione di gpgv" +msgid "Unknown error executing apt-key" +msgstr "Errore sconosciuto durante l'esecuzione di apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1084,9 +1084,9 @@ msgid "At least one invalid signature was encountered." msgstr "少なくとも 1 つの不正な署名が発見されました。" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"署名を検証するための 'gpgv' の実行ができませんでした (gpgv はインストールされ" +"署名を検証するための 'apt-key' の実行ができませんでした (gnupg はインストールされ" "ていますか?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1005,8 +1005,8 @@ msgstr "បានជួបប្រទះហត្ថលេខ #: methods/gpgv.cc:174 #, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "មិនអាចប្រតិបត្តិ '%s' ដើម្បីផ្ទៀងផ្ទាត់ហត្ថលេខា (តើ gpgv ត្រូវបានដំឡើងឬនៅ ?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "មិនអាចប្រតិបត្តិ 'apt-key' ដើម្បីផ្ទៀងផ្ទាត់ហត្ថលេខា (តើ gnupg ត្រូវបានដំឡើងឬនៅ ?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1017,8 +1017,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "មិនស្គាល់កំហុស ក្នុងការប្រតិបត្តិ gpgv" +msgid "Unknown error executing apt-key" +msgstr "មិនស្គាល់កំហុស ក្នុងការប្រតិបត្តិ apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1011,9 +1011,9 @@ msgid "At least one invalid signature was encountered." msgstr "최소한 하나 이상의 서명이 잘못되었습니다." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"서명을 확인하는 'gpgv' 프로그램을 실행할 수 없습니다. (gpgv를 설치했습니까?)" +"서명을 확인하는 'apt-key' 프로그램을 실행할 수 없습니다. (gnupg를 설치했습니까?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1024,8 +1024,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "gpgv 실행 도중 알 수 없는 오류 발생" +msgid "Unknown error executing apt-key" +msgstr "apt-key 실행 도중 알 수 없는 오류 발생" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -923,7 +923,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -935,8 +935,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Di xebitandina gpgv de çewtiya nenas" +msgid "Unknown error executing apt-key" +msgstr "Di xebitandina apt-key de çewtiya nenas" #: methods/gpgv.cc:217 methods/gpgv.cc:224 #, fuzzy @@ -928,7 +928,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -940,8 +940,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Nežinoma klaida kviečiant gpgv" +msgid "Unknown error executing apt-key" +msgstr "Nežinoma klaida kviečiant apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1002,9 +1002,9 @@ msgstr "किमान एक अवैध सही सापडली." #: methods/gpgv.cc:174 #, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"सहीची खात्री करण्यासाठी '%s' कार्यान्वित करू शकत नाही (gpgv संस्थापित केले आहे का?)" +"सहीची खात्री करण्यासाठी 'apt-key' कार्यान्वित करू शकत नाही (gnupg संस्थापित केले आहे का?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1015,8 +1015,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "gpgv कार्यान्वित होत असताना अपरिचित त्रुटी" +msgid "Unknown error executing apt-key" +msgstr "apt-key कार्यान्वित होत असताना अपरिचित त्रुटी" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1017,9 +1017,9 @@ msgid "At least one invalid signature was encountered." msgstr "Minst en ugyldig signatur ble funnet." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Klarte ikke kjøre «gpgv» for å verifisere signaturen (er gpgv installert?)" +"Klarte ikke kjøre «apt-key» for å verifisere signaturen (er gnupg installert?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1030,8 +1030,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Ukjent feil ved kjøring av gpgv" +msgid "Unknown error executing apt-key" +msgstr "Ukjent feil ved kjøring av apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1002,9 +1002,8 @@ msgid "At least one invalid signature was encountered." msgstr "कम्तिमा एउटा अवैध हस्ताक्षर विरोध भयो ।" #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "हस्ताक्षर रूजू गर्न '%s' कार्यन्वयन गर्न सकिएन (के gpgv स्थापना भयो?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "हस्ताक्षर रूजू गर्न 'apt-key' कार्यन्वयन गर्न सकिएन (के gnupg स्थापना भयो?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1015,8 +1014,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "gpgv कार्यन्वयन गर्दा अज्ञात त्रुटि" +msgid "Unknown error executing apt-key" +msgstr "apt-key कार्यन्वयन गर्दा अज्ञात त्रुटि" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1032,9 +1032,9 @@ msgid "At least one invalid signature was encountered." msgstr "Er is tenminste één ongeldige ondertekening gevonden." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Kon 'gpgv' niet uitvoeren om ondertekening te verifiëren (is gpgv " +"Kon 'apt-key' niet uitvoeren om ondertekening te verifiëren (is gnupg " "geïnstalleerd?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1046,8 +1046,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Onbekende fout bij het uitvoeren van gpgv" +msgid "Unknown error executing apt-key" +msgstr "Onbekende fout bij het uitvoeren van apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1012,7 +1012,7 @@ msgid "At least one invalid signature was encountered." msgstr "" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1024,7 +1024,7 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" +msgid "Unknown error executing apt-key" msgstr "" #: methods/gpgv.cc:217 methods/gpgv.cc:224 @@ -1060,9 +1060,9 @@ msgid "At least one invalid signature was encountered." msgstr "Napotkano przynajmniej jeden nieprawidłowy podpis." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Nie udało się uruchomić gpgv by zweryfikować podpis (czy gpgv jest " +"Nie udało się uruchomić apt-key by zweryfikować podpis (czy gnupg jest " "zainstalowane?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1074,8 +1074,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Nieznany błąd podczas uruchamiania gpgv" +msgid "Unknown error executing apt-key" +msgstr "Nieznany błąd podczas uruchamiania apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1050,9 +1050,9 @@ msgid "At least one invalid signature was encountered." msgstr "Pelo menos uma assinatura inválida foi encontrada." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Não foi possível executar 'gpgv' para verificar a assinatura (o gpgv está " +"Não foi possível executar 'apt-key' para verificar a assinatura (o gnupg está " "instalado?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1064,8 +1064,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Erro desconhecido ao executar gpgv" +msgid "Unknown error executing apt-key" +msgstr "Erro desconhecido ao executar apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/pt_BR.po b/po/pt_BR.po index 87575301a..0be44e8af 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -1022,10 +1022,9 @@ msgid "At least one invalid signature was encountered." msgstr "Ao menos uma assinatura inválida foi encontrada." #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Não foi possível executar '%s' para verificar a assinatura (o gpgv está " +"Não foi possível executar 'apt-key' para verificar a assinatura (o gnupg está " "instalado?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' @@ -1037,8 +1036,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Erro desconhecido executando gpgv" +msgid "Unknown error executing apt-key" +msgstr "Erro desconhecido executando apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1023,10 +1023,9 @@ msgid "At least one invalid signature was encountered." msgstr "Cel puțin o semnătură nevalidă a fost întâlnită." #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Nu s-a putut executa „%s” pentru verificarea semnăturii (gpgv este instalat?)" +"Nu s-a putut executa „apt-key” pentru verificarea semnăturii (gnupg este instalat?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1037,8 +1036,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Eroare necunoscută în timp ce se execută gpgv" +msgid "Unknown error executing apt-key" +msgstr "Eroare necunoscută în timp ce se execută apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1059,8 +1059,8 @@ msgid "At least one invalid signature was encountered." msgstr "Найдена как минимум одна неправильная подпись." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Не удалось выполнить «gpgv» для проверки подписи (gpgv установлена?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Не удалось выполнить «apt-key» для проверки подписи (gnupg установлена?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1071,8 +1071,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Неизвестная ошибка при выполнении gpgv" +msgid "Unknown error executing apt-key" +msgstr "Неизвестная ошибка при выполнении apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1039,8 +1039,8 @@ msgid "At least one invalid signature was encountered." msgstr "Bola zistená aspoň jedna nesprávna signatúra." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Nedá sa spustiť „gpgv“ kvôli overeniu podpisu (je nainštalované gpgv?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Nedá sa spustiť „apt-key“ kvôli overeniu podpisu (je nainštalované gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1051,8 +1051,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Neznáma chyba pri spustení gpgv" +msgid "Unknown error executing apt-key" +msgstr "Neznáma chyba pri spustení apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1036,8 +1036,8 @@ msgid "At least one invalid signature was encountered." msgstr "Najden je bil vsaj en neveljaven podpis." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Ni mogoče izvesti 'gpgv' za preverjanje podpisa (je gpgv nameščen?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Ni mogoče izvesti 'apt-key' za preverjanje podpisa (je gnupg nameščen?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1048,8 +1048,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Neznana napaka med izvajanjem gpgv" +msgid "Unknown error executing apt-key" +msgstr "Neznana napaka med izvajanjem apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1025,9 +1025,9 @@ msgid "At least one invalid signature was encountered." msgstr "Minst en ogiltig signatur träffades på." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Kunde inte köra \"gpgv\" för att verifiera signatur (är gpgv installerad?)" +"Kunde inte köra \"apt-key\" för att verifiera signatur (är gnupg installerad?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1038,8 +1038,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Okänt fel vid körning av gpgv" +msgid "Unknown error executing apt-key" +msgstr "Okänt fel vid körning av apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1052,8 +1052,8 @@ msgid "At least one invalid signature was encountered." msgstr "พบลายเซ็นที่ใช้การไม่ได้อย่างน้อยหนึ่งรายการ" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "ไม่สามารถเรียก 'gpgv' เพื่อตรวจสอบลายเซ็น (ได้ติดตั้ง gpgv ไว้หรือไม่?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "ไม่สามารถเรียก 'apt-key' เพื่อตรวจสอบลายเซ็น (ได้ติดตั้ง gnupg ไว้หรือไม่?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1066,8 +1066,8 @@ msgstr "" "'%s' (เครือข่ายต้องยืนยันตัวบุคคลหรือไม่?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "เกิดข้อผิดพลาดไม่ทราบสาเหตุขณะเรียก gpgv" +msgid "Unknown error executing apt-key" +msgstr "เกิดข้อผิดพลาดไม่ทราบสาเหตุขณะเรียก apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1017,10 +1017,9 @@ msgid "At least one invalid signature was encountered." msgstr "Hindi kukulang sa isang hindi tanggap na lagda ang na-enkwentro." #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Hindi maitakbo ang '%s' upang maberipika ang lagda (nakaluklok ba ang gpgv?)" +"Hindi maitakbo ang 'apt-key' upang maberipika ang lagda (nakaluklok ba ang gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1031,8 +1030,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Hindi kilalang error sa pag-execute ng gpgv" +msgid "Unknown error executing apt-key" +msgstr "Hindi kilalang error sa pag-execute ng apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1077,8 +1077,8 @@ msgid "At least one invalid signature was encountered." msgstr "En az bir geçersiz imza ile karşılaşıldı." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "İmza doğrulama için 'gpgv' çalıştırılamadı (gpgv kurulu mu?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "İmza doğrulama için 'apt-key' çalıştırılamadı (gnupg kurulu mu?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1091,8 +1091,8 @@ msgstr "" "gerektiriyor mu?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "gpgv çalıştırılırken bilinmeyen hata" +msgid "Unknown error executing apt-key" +msgstr "apt-key çalıştırılırken bilinmeyen hata" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1057,8 +1057,8 @@ msgid "At least one invalid signature was encountered." msgstr "Знайдено як мінімум один невірний підпис." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "Неможливо виконати 'gpgv' для перевірки підпису (чи встановлено gpgv?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "Неможливо виконати 'apt-key' для перевірки підпису (чи встановлено gnupg?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1069,8 +1069,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Невідома помилка виконання gpgv" +msgid "Unknown error executing apt-key" +msgstr "Невідома помилка виконання apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" @@ -1092,9 +1092,9 @@ msgid "At least one invalid signature was encountered." msgstr "Gặp ít nhất một chữ ký không hợp lệ." #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" msgstr "" -"Không thể thực hiện “gpgv” để thẩm tra chữ ký (gpgv đã được cài đặt chưa?)" +"Không thể thực hiện “apt-key” để thẩm tra chữ ký (gnupg đã được cài đặt chưa?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1107,8 +1107,8 @@ msgstr "" "không?)" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "Gặp lỗi không rõ khi thực hiện gpgv" +msgid "Unknown error executing apt-key" +msgstr "Gặp lỗi không rõ khi thực hiện apt-key" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/zh_CN.po b/po/zh_CN.po index c06970a01..79e433f3d 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -1006,8 +1006,8 @@ msgid "At least one invalid signature was encountered." msgstr "至少发现一个无效的签名。" #: methods/gpgv.cc:174 -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "无法运行 gpgv 以验证签名(您安装了 gpgv 吗?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "无法运行 apt-key 以验证签名(您安装了 gnupg 吗?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1018,8 +1018,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "运行 gpgv 时发生未知错误" +msgid "Unknown error executing apt-key" +msgstr "运行 apt-key 时发生未知错误" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/po/zh_TW.po b/po/zh_TW.po index 9d6b7d2ea..c39e039af 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -998,9 +998,8 @@ msgid "At least one invalid signature was encountered." msgstr "至少發現一個無效的簽章。" #: methods/gpgv.cc:174 -#, fuzzy -msgid "Could not execute 'gpgv' to verify signature (is gpgv installed?)" -msgstr "無法執行 '%s' 來驗證簽章(gpgv 是否安裝了?)" +msgid "Could not execute 'apt-key' to verify signature (is gnupg installed?)" +msgstr "無法執行 'apt-key' 來驗證簽章(gnupg 是否安裝了?)" #. TRANSLATORS: %s is a single techy word like 'NODATA' #: methods/gpgv.cc:180 @@ -1011,8 +1010,8 @@ msgid "" msgstr "" #: methods/gpgv.cc:184 -msgid "Unknown error executing gpgv" -msgstr "在執行 gpgv 時發生未知的錯誤" +msgid "Unknown error executing apt-key" +msgstr "在執行 apt-key 時發生未知的錯誤" #: methods/gpgv.cc:217 methods/gpgv.cc:224 msgid "The following signatures were invalid:\n" diff --git a/test/integration/framework b/test/integration/framework index 7cf4d8a6d..fcdca34ce 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -133,13 +133,6 @@ gdb() { shift runapt command gdb --quiet -ex run "${BUILDDIRECTORY}/$CMD" --args "${BUILDDIRECTORY}/$CMD" "$@" } -gpg() { - # see apt-key for the whole trickery. Setup is done in setupenvironment - command gpg --ignore-time-conflict --no-options --no-default-keyring \ - --homedir "${TMPWORKINGDIRECTORY}/gnupghome" \ - --no-auto-check-trustdb --trust-model always \ - "$@" -} exitwithstatus() { # error if we about to overflow, but ... @@ -223,6 +216,7 @@ setupenvironment() { echo "Debug::NoLocking \"true\";" >> aptconfig.conf echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf + echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf @@ -238,19 +232,6 @@ setupenvironment() { echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary configcompression '.' 'gz' #'bz2' 'lzma' 'xz' - # gpg needs a trustdb to function, but it can't be invalid (not even empty) - # see also apt-key where this trickery comes from: - local TRUSTDBDIR="${TMPWORKINGDIRECTORY}/gnupghome" - mkdir "$TRUSTDBDIR" - chmod 700 "$TRUSTDBDIR" - # We also don't use a secret keyring, of course, but gpg panics and - # implodes if there isn't one available - and writeable for imports - local SECRETKEYRING="${TRUSTDBDIR}/secring.gpg" - touch $SECRETKEYRING - # now create the trustdb with an (empty) dummy keyring - # newer gpg versions are fine without it, but play it safe for now - gpg --quiet --check-trustdb --secret-keyring $SECRETKEYRING --keyring $SECRETKEYRING >/dev/null 2>&1 - # cleanup the environment a bit # prefer our apt binaries over the system apt binaries export PATH="${BUILDDIRECTORY}:${PATH}:/usr/local/sbin:/usr/sbin:/sbin" @@ -448,8 +429,8 @@ Package: $NAME" >> ${BUILDDIR}/debian/control | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist # if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then -# gpg --yes --secret-keyring ./keys/joesixpack.sec \ -# --keyring ./keys/joesixpack.pub --default-key 'Joe Sixpack' \ +# aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet --readonly \ +# adv --yes --default-key 'Joe Sixpack' \ # --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # fi @@ -834,8 +815,9 @@ setupaptarchive() { signreleasefiles() { local SIGNER="${1:-Joe Sixpack}" - local GPG="gpg --batch --yes" - msgninfo "\tSign archive with $SIGNER key… " + local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" + local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes" + msgninfo "\tSign archive with $SIGNER key $KEY… " local REXKEY='keys/rexexpired' local SECEXPIREBAK="${REXKEY}.sec.bak" local PUBEXPIREBAK="${REXKEY}.pub.bak" @@ -851,17 +833,14 @@ signreleasefiles() { cp $SECUNEXPIRED ${REXKEY}.sec cp $PUBUNEXPIRED ${REXKEY}.pub else - printf "expire\n1w\nsave\n" | $GPG --keyring ${REXKEY}.pub --secret-keyring ${REXKEY}.sec --command-fd 0 --edit-key "${SIGNER}" >/dev/null 2>&1 || true + if ! printf "expire\n1w\nsave\n" | $GPG --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then + cat setexpire.gpg + exit 1 + fi cp ${REXKEY}.sec $SECUNEXPIRED cp ${REXKEY}.pub $PUBUNEXPIRED fi fi - for KEY in $(find keys/ -name '*.sec'); do - GPG="$GPG --secret-keyring $KEY" - done - for KEY in $(find keys/ -name '*.pub'); do - GPG="$GPG --keyring $KEY" - done for RELEASE in $(find aptarchive/ -name Release); do $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output ${RELEASE}.gpg ${RELEASE} local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')" diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom index 8d8fdf167..9fbc4288d 100755 --- a/test/integration/test-apt-cdrom +++ b/test/integration/test-apt-cdrom @@ -29,7 +29,7 @@ aptcdromlog() { test ! -e rootdir/media/cdrom || echo "CD-ROM is mounted, but shouldn't be!" test -e rootdir/media/cdrom-unmounted || echo "Unmounted CD-ROM doesn't exist, but it should!" aptcdrom "$@" -o quiet=1 >rootdir/tmp/apt-cdrom.log 2>&1 </dev/null - sed -e '/gpgv/ d' -e '/^Identifying/ d' -e '/Reading / d' rootdir/tmp/apt-cdrom.log + sed -e '/gpgv\?: Signature made/ d' -e '/gpgv\?: Good signature/ d' -e '/^Identifying/ d' -e '/Reading / d' rootdir/tmp/apt-cdrom.log test ! -e rootdir/media/cdrom || echo "CD-ROM is mounted, but shouldn't be!" test -e rootdir/media/cdrom-unmounted || echo "Unmounted CD-ROM doesn't exist, but it should!" } diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 68b3f9710..d5adec5bd 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -7,101 +7,170 @@ TESTDIR=$(readlink -f $(dirname $0)) setupenvironment configarchitecture 'amd64' -msgtest 'Check that paths in list output are not' 'double-slashed' -aptkey list 2>&1 | grep -q '//' && msgfail || msgpass +# start from a clean plate again +cleanplate() { + rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg + mkdir rootdir/etc/apt/trusted.gpg.d/ +} -msgtest 'Check that paths in finger output are not' 'double-slashed' -aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass +testaptkeys() { + if ! aptkey list | grep '^pub' > aptkey.list; then + echo -n > aptkey.list + fi + testequal "$1" cat ./aptkey.list +} echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub"; APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' +testrun() { + cleanplate + ln -sf ${TMPWORKINGDIRECTORY}/keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed + msgtest 'Check that paths in list output are not' 'double-slashed' + aptkey list 2>&1 | grep -q '//' && msgfail || msgpass + + msgtest 'Check that paths in finger output are not' 'double-slashed' + aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass + + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' + + testequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1' aptkey --fakeroot update -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' -testsuccess aptkey --fakeroot add ./keys/rexexpired.pub + testsuccess aptkey --fakeroot add ./keys/rexexpired.pub -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] + testaptkeys 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] pub 2048R/DBAC8DAE 2010-08-18' -msgtest 'Execute update again to trigger removal of' 'Rex Expired key' -testsuccess --nomsg aptkey --fakeroot update - -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' - -msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring' -testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE + msgtest 'Check that Sixpack key can be' 'exported' + aptkey export 'Sixpack' > aptkey.export + aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall + testsuccess --nomsg cmp aptkey.export aptkey.exportall + testsuccess test -s aptkey.export + testsuccess test -s aptkey.exportall + + msgtest 'Execute update again to trigger removal of' 'Rex Expired key' + testsuccess --nomsg aptkey --fakeroot update + + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' + + msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring' + testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE + + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' + + testsuccess aptkey --fakeroot del DBAC8DAE + testempty aptkey list + + msgtest 'Test key removal with' 'single key in real file' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + + msgtest 'Test key removal with' 'long key ID' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + + msgtest 'Test key removal with' 'fingerprint' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + + msgtest 'Test key removal with' 'single key in softlink' + cleanplate + ln -s $(readlink -f ./keys/joesixpack.pub) rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + + cleanplate + testsuccess aptkey --fakeroot add ./keys/joesixpack.pub + testsuccess aptkey --fakeroot add ./keys/marvinparanoid.pub + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' + cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse + + msgtest 'Test key removal with' 'multi key in real file' + cleanplate + cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + testaptkeys 'pub 2048R/528144E2 2011-01-16' + testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + + msgtest 'Test key removal with' 'multi key in softlink' + cleanplate + ln -s $(readlink -f ./keys/testcase-multikey.pub) rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + testaptkeys 'pub 2048R/528144E2 2011-01-16' + testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + testsuccess test ! -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + + msgtest 'Test key removal with' 'multiple files including key' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + testaptkeys 'pub 2048R/528144E2 2011-01-16' + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' + msgtest 'Test merge-back of' 'added keys' + testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub + testaptkeys 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + msgtest 'Test merge-back of' 'removed keys' + testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9 + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' -testsuccess aptkey --fakeroot del DBAC8DAE -testempty aptkey list + msgtest 'Test merge-back of' 'removed duplicate keys' + testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE + testaptkeys 'pub 2048R/528144E2 2011-01-16' +} -# start from a clean plate again -cleanplate() { - rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg - mkdir rootdir/etc/apt/trusted.gpg.d/ +setupgpgcommand() { + echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd + msgtest 'Test that apt-key uses for the following tests command' "$1" + aptkey adv --version >aptkey.version 2>&1 + if grep -q "^Executing: $1 --" aptkey.version; then + msgpass + else + cat aptkey.version + msgfail + fi } -msgtest 'Test key removal with' 'single key in real file' -cleanplate -cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -testempty aptkey list -testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ - -msgtest 'Test key removal with' 'single key in softlink' -cleanplate -ln -s $(readlink -f ./keys/joesixpack.pub) rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -testempty aptkey list -testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ - -cleanplate -testsuccess aptkey --fakeroot add ./keys/joesixpack.pub -testsuccess aptkey --fakeroot add ./keys/marvinparanoid.pub -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18 -pub 2048R/528144E2 2011-01-16' -cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse - -msgtest 'Test key removal with' 'multi key in real file' -cleanplate -cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' -testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ - -msgtest 'Test key removal with' 'multi key in softlink' -cleanplate -ln -s $(readlink -f ./keys/testcase-multikey.pub) rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' -testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ -testsuccess test ! -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ - -msgtest 'Test key removal with' 'multiple files including key' -cleanplate -cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' -testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ -testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ +# run with default (whatever this is) +testrun +# run with … +setupgpgcommand 'gpg' +testrun +setupgpgcommand 'gpg2' +testrun diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update index 4b38cd9b5..b3c118555 100755 --- a/test/integration/test-apt-key-net-update +++ b/test/integration/test-apt-key-net-update @@ -28,6 +28,9 @@ gpg: key F68C85A3: public key "Test Automatic Archive Signing Key <ftpmaster@exa gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)' aptkey --fakeroot net-update +aptkey list | grep '^pub' > aptkey.list +testfileequal ./aptkey.list 'pub 1024R/F68C85A3 2013-12-19 +pub 2048R/DBAC8DAE 2010-08-18' # now try a different one # setup archive-keyring @@ -38,6 +41,8 @@ echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf # test against the "real" webserver testequal "Checking for new archive signing keys now -Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update - +Key 'DE66AECA9151AFA1877EC31DE8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update +aptkey list | grep '^pub' > aptkey.list +testfileequal ./aptkey.list 'pub 1024R/F68C85A3 2013-12-19 +pub 2048R/DBAC8DAE 2010-08-18' diff --git a/test/integration/test-bug-733028-gpg-resource-limit b/test/integration/test-bug-733028-gpg-resource-limit new file mode 100755 index 000000000..f9c804963 --- /dev/null +++ b/test/integration/test-bug-733028-gpg-resource-limit @@ -0,0 +1,27 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'i386' + +insertpackage 'unstable' 'foobar' 'all' '1' + +setupaptarchive --no-update + +for i in $(seq 1 50); do + touch rootdir/etc/apt/trusted.gpg.d/emptykey-${i}.gpg +done + +aptkey list | grep '^pub' > aptkey.list +testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + +msgtest 'Test for no gpg errors/warnings in' 'apt-get update' +aptget update > update.log 2>&1 +if grep -iq 'GPG' update.log; then + msgfail + cat update.log +else + msgpass +fi diff --git a/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages b/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages index 202716636..409d1212c 100755 --- a/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages +++ b/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages @@ -45,6 +45,7 @@ Conf libreoffice-core (4 sid [amd64]) Conf libreoffice-style-galaxy (4 sid [amd64]) Conf libreoffice (4 sid [amd64])' 'Reading package lists... Building dependency tree... +Calculating upgrade... The following NEW packages will be installed: ure The following packages will be upgraded: |