<feed xmlns='http://www.w3.org/2005/Atom'>
<title>apt/test/integration/test-apt-key, branch main</title>
<subtitle>Debians commandline package manager</subtitle>
<id>https://git.kalnischkies.de/apt/atom?h=main</id>
<link rel='self' href='https://git.kalnischkies.de/apt/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/'/>
<updated>2024-12-19T18:35:52Z</updated>
<entry>
<title>Remove legacy apt-key tests</title>
<updated>2024-12-19T18:35:52Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>julian.klode@canonical.com</email>
</author>
<published>2024-12-19T18:35:52Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=d5961016ffa5e22f1997d94d797800796ddb613b'/>
<id>urn:sha1:d5961016ffa5e22f1997d94d797800796ddb613b</id>
<content type='text'>
</content>
</entry>
<entry>
<title>test: Ensure we test both gpgv-g10code and gpgv-sq</title>
<updated>2024-11-22T15:44:02Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>julian.klode@canonical.com</email>
</author>
<published>2024-11-22T15:20:05Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=e983d98c4fcd952ffcbc010b185455913c8af650'/>
<id>urn:sha1:e983d98c4fcd952ffcbc010b185455913c8af650</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Support multiple keyrings in sources.list Signed-By</title>
<updated>2018-09-11T11:16:11Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2018-08-17T14:33:41Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=8375d5b58038fc026098dcccc3de87cd9d740334'/>
<id>urn:sha1:8375d5b58038fc026098dcccc3de87cd9d740334</id>
<content type='text'>
A user can specify multiple fingerprints for a while now, so its seems
counter-intuitive to support only one keyring, especially if this isn't
really checked or enforced and while unlikely mixtures of both should
work properly, too, instead of a kinda random behaviour.
</content>
</entry>
<entry>
<title>Don't use gpg directly in apt-key test</title>
<updated>2018-09-10T19:57:51Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2018-09-09T19:36:07Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=8ca3544bcb5506bb5e07e4c750503e64271c1ff1'/>
<id>urn:sha1:8ca3544bcb5506bb5e07e4c750503e64271c1ff1</id>
<content type='text'>
Reported-By: Guillem Jover &lt;guillem@debian.org&gt;
Gbp-Dch: Ignore
</content>
</entry>
<entry>
<title>ignore unsupported key formats in apt-key</title>
<updated>2017-10-05T15:30:25Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2017-08-01T13:22:09Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=012932793ba0ea9398a9acd80593bed8e77cfbfc'/>
<id>urn:sha1:012932793ba0ea9398a9acd80593bed8e77cfbfc</id>
<content type='text'>
gpg2 generates keyboxes by default and users end up putting either those
or armored files into the trusted.gpg.d directory which apt tools
neither expect nor can really work with without fortifying backward
compatibility (at least under the ".gpg" extension).

A (short) discussion about how to deal with keyboxes happened in
https://lists.debian.org/deity/2017/07/msg00083.html
As the last message in that thread is this changeset lets go ahead
with it and see how it turns out.

The idea is here simply that we check the first octal of a gpg file to
have one of three accepted values. Testing on my machines has always
produced just one of these, but running into those values on invalid
files is reasonabily unlikely to not worry too much.

Closes: #876508
</content>
</entry>
<entry>
<title>Call update from apt-key test for a strange path test</title>
<updated>2017-06-26T21:31:15Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2017-03-19T13:27:49Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=a8b19aeeb885596912fd8b03e082866b897688fd'/>
<id>urn:sha1:a8b19aeeb885596912fd8b03e082866b897688fd</id>
<content type='text'>
We setup a "horrible" environment in the apt-key testcase to check all
kinds of things, but we really should be making also at least a simple
apt update call, as that in turn will call apt-key which is how apt-key
is used in the non-testcase world, so that calling should be able to
deal with such environments as well.

Gbp-Dch: Ignore
</content>
</entry>
<entry>
<title>add apt-key support for armored GPG key files (*.asc)</title>
<updated>2016-11-24T23:15:12Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-11-13T19:52:18Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=2906182db398419a9c59a928b7ae73cf7c7aa307'/>
<id>urn:sha1:2906182db398419a9c59a928b7ae73cf7c7aa307</id>
<content type='text'>
Having binary files in /etc is kinda annoying – not that the armored
files are much better – but it is hard to keep tabs on which format the
file has ("simple" or "keybox") and different gnupg versions have
different default binary formats which can be confusing for users to
work with (beside that it is binary).

Adding support for this now will enable us in some distant future to
move to armored later on, much like we added trusted.gpg.d years before
the world picked it up.
</content>
</entry>
<entry>
<title>apt-key: warn instead of fail on unreadable keyrings</title>
<updated>2016-08-25T10:42:36Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-08-25T10:42:36Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=105503b4b470c124bc0c271bd8a50e25ecbe9133'/>
<id>urn:sha1:105503b4b470c124bc0c271bd8a50e25ecbe9133</id>
<content type='text'>
apt-key has inconsistent behaviour if it can't read a keyring file:
Commands like 'list' skipped silently over such keyrings while 'verify'
failed hard resulting in apt to report cconfusing gpg errors (#834973).

As a first step we teach apt-key to be more consistent here skipping in
all commands over unreadable keyrings, but issuing a warning in the
process, which is as usual for apt commands displayed at the end of the
run.
</content>
</entry>
<entry>
<title>allow spaces in fingerprints for 'apt-key del'</title>
<updated>2016-08-17T12:12:24Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-08-17T06:10:29Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=e289907f5e7241034cb0d37055dc2cba4e3a19af'/>
<id>urn:sha1:e289907f5e7241034cb0d37055dc2cba4e3a19af</id>
<content type='text'>
Fingerprints tend to be displayed in space-separated octet pairs so be
nice and allow delete to remove a key based on such a string rather than
requiring that the user is deleting all the spaces manually.
</content>
</entry>
<entry>
<title>add the gpg-classic variant to the gpgv/gnupg or-group</title>
<updated>2016-08-17T07:52:32Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-08-16T13:46:19Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=19fdf93d7363261227811a62157063081b9f1a5d'/>
<id>urn:sha1:19fdf93d7363261227811a62157063081b9f1a5d</id>
<content type='text'>
We need to support partial upgrades anyhow, so we have to deal with the
different versions and your tests try to ensure that we do, so we
shouldn't make any explicit higher requirements.
</content>
</entry>
</feed>
