Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow full length GPG key fingerprints. #404

Merged
merged 1 commit into from
Jan 12, 2015

Conversation

WolverineFan
Copy link

This is a rebased version of rfkrocktk's patch #354 with added tests and several bug fixes found while running said tests. I think this should be good to go.

@@ -2,7 +2,8 @@

describe 'apt::key', :type => :define do
let(:facts) { { :lsbdistid => 'Debian' } }
GPG_KEY_ID = '4BD6EC30'
#GPG_KEY_ID = '4BD6EC30'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comments serve no purpose, just remove them. We've got Git's history powers if we ever wanted to know what this line looked like in the past.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is a major pet peeve. Commented code adds nothing unless its an example. Having Git means there's should be no such thing as "I'll comment this out in case I need it later."

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I almost did, but it was late and I'd spent a couple hours rebasing/reformatting :) I'll remove them.

Also add support for ECC and ECDSA key_types
@WolverineFan WolverineFan force-pushed the support_40char_fingerprints branch from 41b04f3 to 445ad0b Compare January 10, 2015 05:49
@WolverineFan
Copy link
Author

Updated based on feedback and rebased on current master again. Can someone take a look at my #403 pull request too? The apt_has_updates fact doesn't work at all at the moment.

@daenney
Copy link

daenney commented Jan 12, 2015

@WolverineFan Don't do that please, asking to push through another PR through this one unless they're related. We'll get to it, but we can't 24/7 our lives on this.

daenney added a commit that referenced this pull request Jan 12, 2015
@daenney daenney merged commit 1a7d079 into puppetlabs:master Jan 12, 2015
@daenney
Copy link

daenney commented Jan 12, 2015

I've merged this so we don't sit on it any longer and the PR diverges again. It seems good, tests pass, lets see what happens next.

@naftulikay
Copy link

Great job everyone!

:type => line_hash[:key_type] == 'R' ? :rsa : :dsa,
:created => line_hash[:key_created]
:name => line_hash[:key_fingerprint],
:id => line_hash[:key_fingerprint],

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really what we wanted, we are not reporting back the id as a fingerprint, previously this was the short.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, but short is bad (not nearly unique enough). So I figured it had to change to long or fingerprint and chose fingerprint. It's a simple change back to short if it causes some breaking behavior (though I couldn't find anything that uses it).

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might be a candidate for a major version bump.
On Jan 14, 2015 7:31 PM, "WolverineFan" notifications@github.com wrote:

In lib/puppet/provider/apt_key/apt_key.rb
#404 (diff)
:

@@ -41,14 +49,17 @@ def self.instances
end

   new(
  •    :name    => line_hash[:key_id],
    
  •    :id      => line_hash[:key_id],
    
  •    :ensure  => :present,
    
  •    :expired => expired,
    
  •    :expiry  => line_hash[:key_expiry],
    
  •    :size    => line_hash[:key_size],
    
  •    :type    => line_hash[:key_type] == 'R' ? :rsa : :dsa,
    
  •    :created => line_hash[:key_created]
    
  •    :name        => line_hash[:key_fingerprint],
    
  •    :id          => line_hash[:key_fingerprint],
    

True, but short is bad (not nearly unique enough). So I figured it had to
change to long or fingerprint and chose fingerprint. It's a simple change
back to short if it causes some breaking behavior (though I couldn't find
anything that uses it).


Reply to this email directly or view it on GitHub
https://github.com/puppetlabs/puppetlabs-apt/pull/404/files#r22988859.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, the build is broken.
On Jan 14, 2015 7:40 PM, "Naftuli Tzvi Kay" rfkrocktk@gmail.com wrote:

This might be a candidate for a major version bump.
On Jan 14, 2015 7:31 PM, "WolverineFan" notifications@github.com wrote:

In lib/puppet/provider/apt_key/apt_key.rb
#404 (diff)
:

@@ -41,14 +49,17 @@ def self.instances
end

   new(
  •    :name    => line_hash[:key_id],
    
  •    :id      => line_hash[:key_id],
    
  •    :ensure  => :present,
    
  •    :expired => expired,
    
  •    :expiry  => line_hash[:key_expiry],
    
  •    :size    => line_hash[:key_size],
    
  •    :type    => line_hash[:key_type] == 'R' ? :rsa : :dsa,
    
  •    :created => line_hash[:key_created]
    
  •    :name        => line_hash[:key_fingerprint],
    
  •    :id          => line_hash[:key_fingerprint],
    

True, but short is bad (not nearly unique enough). So I figured it had to
change to long or fingerprint and chose fingerprint. It's a simple change
back to short if it causes some breaking behavior (though I couldn't find
anything that uses it).


Reply to this email directly or view it on GitHub
https://github.com/puppetlabs/puppetlabs-apt/pull/404/files#r22988859.

@WolverineFan
Copy link
Author

I'm pretty the failures aren't because of this patch. My guess is the failure is in the test framework because it is consistently reporting getting nil for things (ironically the failures are in the code I fixed in my other patch, but my version doesn't work either). Also, running the all tests on my box against current master works fine.

@cyberious
Copy link

No the failures were directly part of how we were deleting the keys. Previously the failures were only b/c there were duplicate keys and we would not delete the expired key but just the first one apt-key found. Now it wasn't deleting them at all.

@WolverineFan
Copy link
Author

That's odd. The tests have several checks for key deletion, so I'm very surprised if that broke as part of this patch. Plus the tests that are listed as failing are all apt_has_updates checks that refer to unexpected results.

@WolverineFan
Copy link
Author

Just realized I can pretty much guarantee this patch didn't break the tests: Nothing was committed to master between my last rebase and when it was merged. My last rebase passed all tests. So the exact same commit SHA passed once and failed the second time. That points to a testing environment issue.

(By the way, I'm not implying there aren't problems with the patch, just that the test failures aren't because of it)

@naftulikay
Copy link

The builds were passing until it was merged. I'm not saying it was the
patch, but it's quite an interesting coincidence.

On Wed, Jan 14, 2015 at 9:41 PM, WolverineFan notifications@github.com
wrote:

Just realized I can pretty much guarantee this patch didn't break the
tests: Nothing was committed to master between my last rebase and when it
was merged. My last rebase passed all tests. So the exact same commit SHA
passed once and failed the second time. That points to a testing
environment issue.

(By the way, I'm not implying there aren't problems with the patch, just
that the test failures aren't because of it)


Reply to this email directly or view it on GitHub
#404 (comment)
.

@cyberious
Copy link

It isn't just the travis tests that I am referencing but also the acceptance tests we run internally. But nevertheless they are working now. Also given the community feedback I have created a PR #410 which changes the delete to use fingerprints as well.

@naftulikay
Copy link

Now that this is involving changes to other places in the codebase, I'm even more in favor of a major version bump.

@cyberious
Copy link

@rfkrocktk the changes that have occurred do not warrant a major version bump. I will look at what has occurred outside of this scope of these PR's

@naftulikay
Copy link

Aren't they backwards-breaking changes?
On Jan 15, 2015 9:08 AM, "Travis Fields" notifications@github.com wrote:

@rfkrocktk https://github.com/rfkrocktk the changes that have occurred
do not warrant a major version bump. I will look at what has occurred
outside of this scope of these PR's


Reply to this email directly or view it on GitHub
#404 (comment)
.

@cyberious
Copy link

How so? The API now takes 8, 16 or 40, we have added. I don't see it as a breaking change, we have exactly the same behavior just different mechanism of doing it. My only concern was that the puppet resource apt_key now does not report the namevar as short key.

@naftulikay
Copy link

My apologies, I thought that there were breaking changes, nevermind.
On Jan 15, 2015 10:10 AM, "Travis Fields" notifications@github.com wrote:

How so? The API now takes 8, 16 or 40, we have added. I don't see it as a
breaking change, we have exactly the same behavior just different mechanism
of doing it. My only concern was that the puppet resource apt_key now does
not report the namevar as short key.


Reply to this email directly or view it on GitHub
#404 (comment)
.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants