Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keys: make AptKeyManager.install_key() more robust #86

Merged
merged 2 commits into from
Jun 29, 2023
Merged

keys: make AptKeyManager.install_key() more robust #86

merged 2 commits into from
Jun 29, 2023

Conversation

tigarmo
Copy link
Collaborator

@tigarmo tigarmo commented Jun 27, 2023

This commit relaxes the restriction of the provided key contents having only a single (primary) key, and makes AptKeyManager better handle the fact that "gpg import" might print out useful diagnostics messages even if the key contents are imported "successfully".

To do this, we capture gpg's output and add a new optional parameter for the desired "target" key fingerprint (the key that we desire to import even if other keys exist in the contents). This fingerprint is used when naming the imported file, and then:

  1. If we don't have a desired fingerprint, proceed as before. 2) If we have a desired fingerprint, check for it in the imported file,
    failing if it's not there.

The motivation for this change is that there are keys "in the wild" that generate gpg error messages but still contain a valid, non-expired desired key. This was supported before but regressed when we moved away from apt-key.

This commit is the second one on the road to fixing the "multiple keys in the same file" regression.

  • Have you followed the guidelines for contributing?
  • Have you signed the CLA?
  • Have you successfully run tox?

@tigarmo
keys: make AptKeyManager.install_key() more robust
c65a965 
This commit relaxes the restriction of the provided key contents having
only a single (primary) key, and makes AptKeyManager better handle the
fact that "gpg import" might print out useful diagnostics messages even
if the key contents are imported "successfully".

To do this, we capture gpg's output and add a new optional parameter
for the desired "target" key fingerprint (the key that we desire to
import even if other keys exist in the contents). This fingerprint is
used when naming the imported file, and then:

1) If we don't have a desired fingerprint, proceed as before.
2) If we have a desired fingerprint, check for it in the imported file,
  failing if it's not there.

The motivation for this change is that there are keys "in the wild" that
generate gpg error messages but still contain a valid, non-expired
desired key. This was supported before but regressed when we moved away
from apt-key.

This commit is the second one on the road to fixing the "multiple keys
in the same file" regression.
@tigarmo tigarmo marked this pull request as ready for review June 27, 2023 19:42
@tigarmo tigarmo requested a review from lengau June 27, 2023 19:42
@codecov
Copy link

codecov bot commented Jun 27, 2023
edited
Loading

Codecov Report

Merging #86 (c65a965) into hotfix/1.1.1 (b1c20e2) will decrease coverage by 0.58%.
The diff coverage is 82.85%.

❗ Current head c65a965 differs from pull request most recent head d7fef04. Consider uploading reports for the commit d7fef04 to get more accurate results

@@               Coverage Diff                @@
##           hotfix/1.1.1      #86      +/-   ##
================================================
- Coverage         90.51%   89.94%   -0.58%     
================================================
  Files                13       13              
  Lines               664      686      +22     
  Branches            133      140       +7     
================================================
+ Hits                601      617      +16     
- Misses               47       51       +4     
- Partials             16       18       +2
Impacted Files Coverage Δ
craft_archives/repo/apt_key_manager.py 94.44% <82.85%> (-3.92%) ⬇️

lengau
lengau reviewed Jun 27, 2023
View reviewed changes
Copy link
Collaborator

@lengau lengau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Could you add a test where install_key succeeds with a string key_id?

@tigarmo tigarmo requested a review from lengau June 28, 2023 18:09
@tigarmo tigarmo merged commit 9a9706b into hotfix/1.1.1 Jun 29, 2023
@tigarmo tigarmo deleted the robust-install-key branch June 29, 2023 12:33
tigarmo pushed a commit that referenced this pull request Jul 11, 2023
@mr-cal
meta: update versioning scheme (#86)
0b9e9cf 
Signed-off-by: Callahan Kovacs <callahankovacs@gmail.com>
@tigarmo tigarmo mentioned this pull request Jul 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lengau lengau lengau approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tigarmo @lengau