vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-01-12 03:21:33 +00:00
Code Issues Projects Releases Wiki Activity

Compatibility with GnuPG 1.x and 2.x, auto-detect GnuPG version

Browse Source 
* aptly can sign and verify without issues with GnuPG 1.x and 2.x
* aptly auto-detects GnuPG version and adapts accordingly
* aptly automatically finds suitable GnuPG version

Majority of the work was to get unit-tests which can work with GnuPG 1.x & 2.x.
Locally I've verified that aptly supports GnuPG 1.4.x & 2.2.x. Travis CI
environment is based on trusty, so it runs gpg2 tests with GnuPG 2.0.x.

Configuration parameter gpgProvider now supports three values for GnuPG:

* gpg (same as before, default): use GnuPG 1.x if available (checks gpg, gpg1),
otherwise uses GnuPG 2.x; for aptly users who already have GnuPG 1.x
environment (as it was the only supported version) nothing should change; new
users might start with GnuPG 2.x if that's their installed version

* gpg1 looks for GnuPG 1.x only, fails otherwise

* gpg2 looks for GnuPG 2.x only, fails otherwise
This commit is contained in:
Andrey Smirnov
2018-07-14 00:00:43 +03:00
parent 702c1ff217
commit 1b2fccb615
25 changed files with 559 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
system/gpg-gen-key
View File

@@ -10,4 +10,4 @@ Expire-Date: 0
%secring aptly.sec
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
%echo done

11
system/lib.py
View File

@@ -142,7 +142,16 @@ class BaseTest(object):
self.fixtureWebServer))
if self.fixtureGpg:
self.run_cmd(["gpg", "--no-default-keyring", "--trust-model", "always", "--batch", "--keyring", "aptlytest.gpg", "--import"] +
# try to find gpg1 as that's what aptly prefers by default to build trusted keys in DB
# in lowest supported format
gpg = "gpg1"
try:
subprocess.check_output(["gpg1", "--version"])
except Exception:
gpg = "gpg"
# TODO: fixme
self.run_cmd([gpg, "--no-default-keyring", "--trust-model", "always", "--batch", "--keyring", "aptlytest.gpg", "--import"] +
[os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", key) for key in self.fixtureGpgKeys])
if hasattr(self, "fixtureCmds"):

2
system/t03_help/MainHelpTest_gold
View File

@@ -19,5 +19,5 @@ Options:
-dep-follow-source: when processing dependencies, follow from binary to Source packages
-dep-follow-suggests: when processing dependencies, follow Suggests
-dep-verbose-resolve: when processing dependencies, print detailed logs
-gpg-provider="": PGP implementation ("gpg" for external gpg or "internal" for Go internal implementation)
-gpg-provider="": PGP implementation ("gpg", "gpg1", "gpg2" for external gpg or "internal" for Go internal implementation)

2
system/t03_help/MainTest_gold
View File

@@ -27,5 +27,5 @@ Options:
-dep-follow-source: when processing dependencies, follow from binary to Source packages
-dep-follow-suggests: when processing dependencies, follow Suggests
-dep-verbose-resolve: when processing dependencies, print detailed logs
-gpg-provider="": PGP implementation ("gpg" for external gpg or "internal" for Go internal implementation)
-gpg-provider="": PGP implementation ("gpg", "gpg1", "gpg2" for external gpg or "internal" for Go internal implementation)
ERROR: unable to parse command

2
system/t03_help/MirrorCreateHelpTest_gold
View File

@@ -25,7 +25,7 @@ Options:
-filter-with-deps: when filtering, include dependencies of matching packages as well
-force-architectures: (only with architecture list) skip check that requested architectures are listed in Release file
-force-components: (only with component list) skip check that requested components are listed in Release file
-gpg-provider="": PGP implementation ("gpg" for external gpg or "internal" for Go internal implementation)
-gpg-provider="": PGP implementation ("gpg", "gpg1", "gpg2" for external gpg or "internal" for Go internal implementation)
-ignore-signatures: disable verification of Release file signatures
-keyring=: gpg keyring to use when verifying Release file (could be specified multiple times)
-with-installer: download additional not packaged installer files

2
system/t03_help/MirrorCreateTest_gold
View File

@@ -16,7 +16,7 @@ Options:
-filter-with-deps: when filtering, include dependencies of matching packages as well
-force-architectures: (only with architecture list) skip check that requested architectures are listed in Release file
-force-components: (only with component list) skip check that requested components are listed in Release file
-gpg-provider="": PGP implementation ("gpg" for external gpg or "internal" for Go internal implementation)
-gpg-provider="": PGP implementation ("gpg", "gpg1", "gpg2" for external gpg or "internal" for Go internal implementation)
-ignore-signatures: disable verification of Release file signatures
-keyring=: gpg keyring to use when verifying Release file (could be specified multiple times)
-with-installer: download additional not packaged installer files

2
system/t03_help/MirrorHelpTest_gold
View File

@@ -23,4 +23,4 @@ Options:
-dep-follow-source: when processing dependencies, follow from binary to Source packages
-dep-follow-suggests: when processing dependencies, follow Suggests
-dep-verbose-resolve: when processing dependencies, print detailed logs
-gpg-provider="": PGP implementation ("gpg" for external gpg or "internal" for Go internal implementation)
-gpg-provider="": PGP implementation ("gpg", "gpg1", "gpg2" for external gpg or "internal" for Go internal implementation)

2
system/t03_help/MirrorTest_gold
View File

@@ -23,5 +23,5 @@ Options:
-dep-follow-source: when processing dependencies, follow from binary to Source packages
-dep-follow-suggests: when processing dependencies, follow Suggests
-dep-verbose-resolve: when processing dependencies, print detailed logs
-gpg-provider="": PGP implementation ("gpg" for external gpg or "internal" for Go internal implementation)
-gpg-provider="": PGP implementation ("gpg", "gpg1", "gpg2" for external gpg or "internal" for Go internal implementation)
ERROR: unable to parse command

2
system/t03_help/WrongFlagTest_gold
View File

@@ -17,7 +17,7 @@ Options:
-filter-with-deps: when filtering, include dependencies of matching packages as well
-force-architectures: (only with architecture list) skip check that requested architectures are listed in Release file
-force-components: (only with component list) skip check that requested components are listed in Release file
-gpg-provider="": PGP implementation ("gpg" for external gpg or "internal" for Go internal implementation)
-gpg-provider="": PGP implementation ("gpg", "gpg1", "gpg2" for external gpg or "internal" for Go internal implementation)
-ignore-signatures: disable verification of Release file signatures
-keyring=: gpg keyring to use when verifying Release file (could be specified multiple times)
-with-installer: download additional not packaged installer files