From 19fdf93d7363261227811a62157063081b9f1a5d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 16 Aug 2016 15:46:19 +0200 Subject: add the gpg-classic variant to the gpgv/gnupg or-group We need to support partial upgrades anyhow, so we have to deal with the different versions and your tests try to ensure that we do, so we shouldn't make any explicit higher requirements. --- cmdline/apt-key.in | 9 ++++-- debian/control | 4 +-- debian/tests/control | 3 +- prepare-release | 5 +-- test/integration/framework | 45 ++++++-------------------- test/integration/test-apt-key | 34 ++++++++++++++----- test/integration/test-apt-key-net-update | 9 +----- test/integration/test-releasefile-verification | 5 ++- 8 files changed, 52 insertions(+), 62 deletions(-) diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 0f9118492..aff75c300 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -530,9 +530,11 @@ EOF GPG_EXE="gpg" elif command_available 'gpg2'; then GPG_EXE="gpg2" + elif command_available 'gpg1'; then + GPG_EXE="gpg1" else - echo >&2 "Error: gnupg or gnupg2 do not seem to be installed," - echo >&2 "Error: but apt-key requires gnupg or gnupg2 for this operation." + echo >&2 "Error: gnupg, gnupg2 and gnupg1 do not seem to be installed," + echo >&2 "Error: but apt-key requires gnupg, gnupg2 or gnupg1 for this operation." echo >&2 exit 255 fi @@ -639,8 +641,9 @@ case "$command" in if [ -n "$GPGV" ] && command_available "$GPGV"; then true; elif command_available 'gpgv'; then GPGV='gpgv'; elif command_available 'gpgv2'; then GPGV='gpgv2'; + elif command_available 'gpgv1'; then GPGV='gpgv1'; else - echo >&2 'ERROR: gpgv or gpgv2 required for verification' + echo >&2 'ERROR: gpgv, gpgv2 or gpgv1 required for verification' exit 29 fi # for a forced keyid we need gpg --export, so full wrapping required diff --git a/debian/control b/debian/control index c84e53927..c383e2fc1 100644 --- a/debian/control +++ b/debian/control @@ -19,10 +19,10 @@ Testsuite: autopkgtest Package: apt Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gpgv | gpgv2, adduser +Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gpgv | gpgv2 | gpgv1, adduser Replaces: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~), bash-completion (<< 1:2.1-4.2+fakesync1), apt-utils (<< 1.3~exp2~) Breaks: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~), apt-utils (<< 1.3~exp2~) -Recommends: gnupg | gnupg2 +Recommends: gnupg | gnupg2 | gnupg1 Suggests: aptitude | synaptic | wajig, dpkg-dev (>= 1.17.2), apt-doc, python-apt, powermgmt-base Description: commandline package manager This package provides commandline tools for searching and diff --git a/debian/tests/control b/debian/tests/control index 406679d37..b7555dc2e 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,4 +1,5 @@ Tests: run-tests Restrictions: allow-stderr -Depends: @, @builddeps@, fakeroot, wget, stunnel4, lsof, db-util, gnupg, gnupg2, +Depends: @, @builddeps@, fakeroot, wget, stunnel4, lsof, db-util, + gnupg, gnupg1, gpgv, gpgv1, libfile-fcntllock-perl, python3-apt diff --git a/prepare-release b/prepare-release index df1b0a2cf..1e434a305 100755 --- a/prepare-release +++ b/prepare-release @@ -158,8 +158,9 @@ elif [ "$1" = 'buildlog' ]; then shift done elif [ "$1" = 'travis-ci' ]; then - apt-get install -qy --no-install-recommends $(sed -n -e '/^Build-Depends: /,/^Build-Depends-Indep: / {p}' debian/control | sed -e 's#([^)]*)##g' -e 's#^Build-Depends\(-Indep\)\?: ##' -e 's#<.*>##g' | tr -d ',') - apt-get install -qy --no-install-recommends $(sed -n 's#^Depends: .*@, \(.*\)$#\1#p' debian/tests/control | tr -d ',') + apt-get install -qy --no-install-recommends dctrl-tools + apt-get install -qy --no-install-recommends $(grep-dctrl -S -s Build-Depends,Build-Depends-Indep,Build-Depends-Arch apt ./debian/control | sed -e 's#([^)]*)##g' -e 's#^Build-Depends\(-Indep\|-Arch\)\?: ##' -e 's#<.*>##g' | tr -s '\n,' ' ') + apt-get install -qy --no-install-recommends $(grep-dctrl -F Tests -s Depends run-tests ./debian/tests/control | tr -s '\n,' ' ' | cut -d'@' -f 4- | sed -e 's#gnupg1#gnupg2#' -e 's#gpgv1#gpgv2#') elif [ "$1" = 'coverage' ]; then DIR="${2:-./coverage}" git clean -dfX # remove ignored build artefacts for a clean start diff --git a/test/integration/framework b/test/integration/framework index 8d124858b..1e356ffaf 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1856,49 +1856,24 @@ testwebserverlaststatuscode() { msggroup } -createlistofkeys() { - local OUTPUT="$1" - shift +mapkeynametokeyid() { while [ -n "$1" ]; do - # gpg 2.1.something starts printing [SC] at some point - if grep -q ' rsa2048/' "$OUTPUT" && grep -qF '[SC]' "$OUTPUT"; then - case "$1" in - *Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18 [SC]';; - *Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [SC] [expired: 2013-07-13]';; - *Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16 [SC]';; - oldarchive) echo 'pub rsa1024/F68C85A3 2013-12-19 [SC]';; - newarchive) echo 'pub rsa2048/DBAC8DAE 2010-08-18 [SC]';; - *) echo 'UNKNOWN KEY';; - esac - # gpg 2.1 has a slightly different output format - elif grep -q ' rsa2048/' "$OUTPUT"; then - case "$1" in - *Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18';; - *Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [expired: 2013-07-13]';; - *Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16';; - oldarchive) echo 'pub rsa1024/F68C85A3 2013-12-19';; - newarchive) echo 'pub rsa2048/DBAC8DAE 2010-08-18';; - *) echo 'UNKNOWN KEY';; - esac - else - case "$1" in - *Joe*|*Sixpack*) echo 'pub 2048R/DBAC8DAE 2010-08-18';; - *Rex*|*Expired*) echo 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]';; - *Marvin*|*Paranoid*) echo 'pub 2048R/528144E2 2011-01-16';; - oldarchive) echo 'pub 1024R/F68C85A3 2013-12-19';; - newarchive) echo 'pub 2048R/DBAC8DAE 2010-08-18';; - *) echo 'UNKNOWN KEY';; - esac - fi + case "$1" in + *Joe*|*Sixpack*|newarchive) echo '5A90D141DBAC8DAE';; + *Rex*|*Expired*) echo '4BC0A39C27CE74F9';; + *Marvin*|*Paranoid*) echo 'E8525D47528144E2';; + oldarchive) echo 'FDD2DB85F68C85A3';; + *) echo 'UNKNOWN KEY';; + esac shift done } testaptkeys() { local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/aptkeylist.output" - if ! aptkey list | grep '^pub' > "$OUTPUT"; then + if ! aptkey list --with-colon | grep '^pub' | cut -d':' -f 5 > "$OUTPUT"; then echo -n > "$OUTPUT" fi - testfileequal "$OUTPUT" "$(createlistofkeys "$OUTPUT" "$@")" + testfileequal "$OUTPUT" "$(mapkeynametokeyid "$@")" } pause() { diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index e777de1a4..eb5f998cf 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -41,7 +41,9 @@ APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub\";" > "${ROOTDIR}/etc/apt/apt.c msgtest 'Check that paths in finger output are not' 'double-slashed' testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output" - testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed + testequalor2 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed +gpg: Total number processed: 1 +gpg: unchanged: 1' 'gpg: key 5A90D141DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed gpg: Total number processed: 1 gpg: unchanged: 1' aptkey --fakeroot update @@ -185,8 +187,9 @@ gpg: unchanged: 1' aptkey --fakeroot update msgtest 'Test verify a file' 'with no sig' testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}" "${SIGNATURE}2" - for GPGV in '' 'gpgv' 'gpgv2'; do + for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" + if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi msgtest 'Test verify a file' 'with all keys' testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" @@ -229,8 +232,9 @@ gpg: unchanged: 1' aptkey --fakeroot update adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}" testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}" - for GPGV in '' 'gpgv' 'gpgv2'; do + for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" + if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi msgtest 'Test verify a doublesigned file' 'with all keys' testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" @@ -265,11 +269,25 @@ gpg: unchanged: 1' aptkey --fakeroot update } setupgpgcommand() { - echo "APT::Key::GPGCommand \"$1\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd" - msgmsg 'Force tests to be run with' "$1" + local GPGEXE; + if command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then + if [ "$1" = '1' ]; then + GPGEXE='gpg1' + else + GPGEXE='gpg' + fi + else + if [ "$1" = '1' ]; then + GPGEXE='gpg' + else + GPGEXE='gpg2' + fi + fi + msgmsg 'Force tests to be run with' "$GPGEXE" + echo "APT::Key::GPGCommand \"$GPGEXE\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd" testsuccess aptkey --readonly adv --version cp "${ROOTDIR}/tmp/testsuccess.output" "${TMPWORKINGDIRECTORY}/aptkey.version" - testsuccess grep "^gpg (GnuPG) $2\." "${TMPWORKINGDIRECTORY}/aptkey.version" + testsuccess grep "^gpg (GnuPG) $1\." "${TMPWORKINGDIRECTORY}/aptkey.version" } # run with default (whatever this is) in current CWD with relative paths @@ -285,7 +303,7 @@ cd inaccessible chmod 600 ../inaccessible testfilestats "${TMPWORKINGDIRECTORY}/inaccessible" '%a' '=' '600' -setupgpgcommand 'gpg' '1' +setupgpgcommand '1' testrun -setupgpgcommand 'gpg2' '2' +setupgpgcommand '2' testrun diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update index 990fb5ad2..b9f716e10 100755 --- a/test/integration/test-apt-key-net-update +++ b/test/integration/test-apt-key-net-update @@ -24,14 +24,7 @@ echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf # test against the "real" webserver testsuccess aptkey --fakeroot net-update -testequalor2 'Checking for new archive signing keys now -gpg: key F68C85A3: public key "Test Automatic Archive Signing Key " imported -gpg: Total number processed: 1 -gpg: imported: 1 (RSA: 1)' 'Checking for new archive signing keys now -gpg: key F68C85A3: public key "Test Automatic Archive Signing Key " imported -gpg: Total number processed: 1 -gpg: imported: 1' cat rootdir/tmp/testsuccess.output - +testfailure grep 'not added' rootdir/tmp/testsuccess.output testaptkeys 'oldarchive' 'newarchive' # now try a different one diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index fec7b1302..20ca613da 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -237,7 +237,7 @@ runtest() { updatewithwarnings '^W: .* NO_PUBKEY' sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* - local MARVIN="$(aptkey --keyring $MARVIN finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + local MARVIN="$(aptkey --keyring $MARVIN finger --with-colons | grep '^fpr' | cut -d':' -f 10)" msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' @@ -261,7 +261,7 @@ runtest() { " aptcache show apt installaptold - local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger --with-colons | grep '^fpr' | cut -d':' -f 10)" msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' @@ -271,7 +271,6 @@ runtest() { " aptcache show apt installaptold - local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${SIXPACK},${MARVIN}\] #\1 [signed-by=${MARVIN},${SIXPACK}] #" rootdir/etc/apt/sources.list.d/* -- cgit v1.2.3