vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-05-05 22:08:27 +00:00
Code Issues Projects Releases Wiki Activity

GPG may suddenly decide to re-validate its trustdb, resulting in any

Browse Source 
call to `gpg` resulting in exit code 2.

Don't allow GPG to validate trustdb when invoked in automated fashion.
This commit is contained in:
Andrey Smirnov
2014-03-25 18:42:03 +04:00
parent 1a60ac6aa0
commit 1a88876e63
2 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
system/t06_publish/snapshot.py
View File

@@ -40,9 +40,9 @@ class PublishSnapshot1Test(BaseTest):
self.check_file_contents('public/dists/maverick/Release', 'release', match_prepare=strip_processor) self.check_file_contents('public/dists/maverick/Release', 'release', match_prepare=strip_processor)
# verify signatures # verify signatures
self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"),
"--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/InRelease')]) "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/InRelease')])
self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"),
"--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release.gpg'), "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release.gpg'),
os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release')]) os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release')])
@@ -402,9 +402,9 @@ class PublishSnapshot16Test(BaseTest):
self.check_file_contents('public/dists/maverick/main/source/Sources', 'sources', match_prepare=lambda s: "\n".join(sorted(s.split("\n")))) self.check_file_contents('public/dists/maverick/main/source/Sources', 'sources', match_prepare=lambda s: "\n".join(sorted(s.split("\n"))))
# verify signatures # verify signatures
self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"),
"--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/InRelease')]) "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/InRelease')])
self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"),
"--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release.gpg'), "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release.gpg'),
os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release')]) os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release')])
@@ -447,9 +447,9 @@ class PublishSnapshot17Test(BaseTest):
self.check_file_contents('public/dists/maverick/main/binary-i386/Packages', 'binary', match_prepare=lambda s: "\n".join(sorted(s.split("\n")))) self.check_file_contents('public/dists/maverick/main/binary-i386/Packages', 'binary', match_prepare=lambda s: "\n".join(sorted(s.split("\n"))))
# verify signatures # verify signatures
self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"),
"--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/InRelease')]) "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/InRelease')])
self.run_cmd(["gpg", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"), self.run_cmd(["gpg", "--no-auto-check-trustdb", "--keyring", os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "aptly.pub"),
"--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release.gpg'), "--verify", os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release.gpg'),
os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release')]) os.path.join(os.environ["HOME"], ".aptly", 'public/dists/maverick/Release')])

10
utils/gpg.go
View File

@@ -54,7 +54,7 @@ func (g *GpgSigner) SetKeyRing(keyring, secretKeyring string) {
func (g *GpgSigner) gpgArgs() []string { func (g *GpgSigner) gpgArgs() []string {
args := []string{} args := []string{}
if g.keyring != "" { if g.keyring != "" {
args = append(args, "--no-default-keyring", "--keyring", g.keyring) args = append(args, "--no-auto-check-trustdb", "--no-default-keyring", "--keyring", g.keyring)
} }
if g.secretKeyring != "" { if g.secretKeyring != "" {
args = append(args, "--secret-keyring", g.secretKeyring) args = append(args, "--secret-keyring", g.secretKeyring)
@@ -69,9 +69,9 @@ func (g *GpgSigner) gpgArgs() []string {
// Init verifies availability of gpg & presence of keys // Init verifies availability of gpg & presence of keys
func (g *GpgSigner) Init() error { func (g *GpgSigner) Init() error {
output, err := exec.Command("gpg", "--list-keys").Output() output, err := exec.Command("gpg", "--list-keys", "--dry-run", "--no-auto-check-trustdb").CombinedOutput()
if err != nil { if err != nil {
return fmt.Errorf("unable to execute gpg: %s (is gpg installed?)", err) return fmt.Errorf("unable to execute gpg: %s (is gpg installed?): %s", err, string(output))
} }
if g.keyring == "" && g.secretKeyring == "" && len(output) == 0 { if g.keyring == "" && g.secretKeyring == "" && len(output) == 0 {
@@ -122,7 +122,7 @@ func (g *GpgVerifier) InitKeyring() error {
if len(g.keyRings) == 0 { if len(g.keyRings) == 0 {
// using default keyring // using default keyring
output, err := exec.Command("gpg", "--no-default-keyring", "--keyring", "trustedkeys.gpg", "--list-keys").Output() output, err := exec.Command("gpg", "--no-default-keyring", "--no-auto-check-trustdb", "--keyring", "trustedkeys.gpg", "--list-keys").Output()
if err == nil && len(output) == 0 { if err == nil && len(output) == 0 {
fmt.Printf("\nLooks like your keyring with trusted keys is empty. You might consider importing some keys.\n") fmt.Printf("\nLooks like your keyring with trusted keys is empty. You might consider importing some keys.\n")
fmt.Printf("If you're running Debian or Ubuntu, it's a good idea to import current archive keys by running:\n\n") fmt.Printf("If you're running Debian or Ubuntu, it's a good idea to import current archive keys by running:\n\n")
@@ -266,7 +266,7 @@ func (g *GpgVerifier) ExtractClearsigned(clearsigned io.Reader) (text *os.File,
} }
defer os.Remove(text.Name()) defer os.Remove(text.Name())
args := []string{"--decrypt", "--batch", "--skip-verify", "--output", "-", clearf.Name()} args := []string{"--no-auto-check-trustdb", "--decrypt", "--batch", "--skip-verify", "--output", "-", clearf.Name()}
cmd := exec.Command("gpg", args...) cmd := exec.Command("gpg", args...)
stdout, err := cmd.StdoutPipe() stdout, err := cmd.StdoutPipe()