diff --git a/system/t06_publish/snapshot.py b/system/t06_publish/snapshot.py index 3557ed2d..2b22a883 100644 --- a/system/t06_publish/snapshot.py +++ b/system/t06_publish/snapshot.py @@ -40,9 +40,9 @@ class PublishSnapshot1Test(BaseTest): self.check_file_contents('public/dists/maverick/Release', 'release', match_prepare=strip_processor) # verify signatures - self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), + self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/InRelease')]) - self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), + self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release.gpg'), os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release')]) @@ -402,9 +402,9 @@ class PublishSnapshot16Test(BaseTest): self.check_file_contents('public/dists/maverick/main/source/Sources', 'sources', match_prepare=lambda s: "\n".join(sorted(s.split("\n")))) # verify signatures - self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), + self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/InRelease')]) - self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), + self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release.gpg'), os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release')]) @@ -447,9 +447,9 @@ class PublishSnapshot17Test(BaseTest): self.check_file_contents('public/dists/maverick/main/binary-i386/Packages', 'binary', match_prepare=lambda s: "\n".join(sorted(s.split("\n")))) # verify signatures - self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), + self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/InRelease')]) - self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), + self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release.gpg'), os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release')]) diff --git a/utils/gpg.go b/utils/gpg.go index 989e8fa3..efe152e0 100644 --- a/utils/gpg.go +++ b/utils/gpg.go @@ -54,7 +54,7 @@ func (g *GpgSigner) SetKeyRing(keyring, secretKeyring string) { func (g *GpgSigner) gpgArgs() []string { args := []string{} if g.keyring != "" { - args = append(args, "--no-default-keyring", "--keyring", g.keyring) + args = append(args, "--no-auto-check-trustdb", "--no-default-keyring", "--keyring", g.keyring) } if g.secretKeyring != "" { args = append(args, "--secret-keyring", g.secretKeyring) @@ -69,9 +69,9 @@ func (g *GpgSigner) gpgArgs() []string { // Init verifies availability of gpg & presence of keys func (g *GpgSigner) Init() error { - output, err := exec.Command("gpg", "--list-keys").Output() + output, err := exec.Command("gpg", "--list-keys", "--dry-run", "--no-auto-check-trustdb").CombinedOutput() if err != nil { - return fmt.Errorf("unable to execute gpg: %s (is gpg installed?)", err) + return fmt.Errorf("unable to execute gpg: %s (is gpg installed?): %s", err, string(output)) } if g.keyring == "" && g.secretKeyring == "" && len(output) == 0 { @@ -122,7 +122,7 @@ func (g *GpgVerifier) InitKeyring() error { if len(g.keyRings) == 0 { // using default keyring - output, err := exec.Command("gpg", "--no-default-keyring", "--keyring", "trustedkeys.gpg", "--list-keys").Output() + output, err := exec.Command("gpg", "--no-default-keyring", "--no-auto-check-trustdb", "--keyring", "trustedkeys.gpg", "--list-keys").Output() if err == nil && len(output) == 0 { fmt.Printf("\nLooks like your keyring with trusted keys is empty. You might consider importing some keys.\n") fmt.Printf("If you're running Debian or Ubuntu, it's a good idea to import current archive keys by running:\n\n") @@ -266,7 +266,7 @@ func (g *GpgVerifier) ExtractClearsigned(clearsigned io.Reader) (text *os.File, } defer os.Remove(text.Name()) - args := []string{"--decrypt", "--batch", "--skip-verify", "--output", "-", clearf.Name()} + args := []string{"--no-auto-check-trustdb", "--decrypt", "--batch", "--skip-verify", "--output", "-", clearf.Name()} cmd := exec.Command("gpg", args...) stdout, err := cmd.StdoutPipe()