diff options
| author | Julian Andres Klode <jak@debian.org> | 2024-11-23 19:59:24 +0100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2024-11-28 19:01:36 +0100 |
| commit | 325b0c89358dae042ebfe0ba6dcbcc43253927a6 (patch) | |
| tree | cb8b829fb624685ed57cf222d2f4f22c7826a2bd | |
| parent | 623bc8a69d0e89c0f18305403741af4fda8d87bf (diff) | |
Directly call gpgv instead of apt-key
| -rw-r--r-- | apt-pkg/contrib/gpgv.cc | 55 | ||||
| -rw-r--r-- | test/integration/framework | 9 | ||||
| -rwxr-xr-x | test/integration/test-method-gpgv | 22 |
3 files changed, 40 insertions, 46 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index fdc292f4f..dd4d5cfb6 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -149,8 +149,12 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, int const &statusfd, int fd[2], std::vector<std::string> const &KeyFiles) { #define EINTERNAL 111 - std::string const aptkey = _config->Find("Dir::Bin::apt-key", CMAKE_INSTALL_FULL_BINDIR "/apt-key"); - + const std::string gpgvVariants[] = { + "/usr/bin/gpgv-sq", + "/usr/bin/gpgv", + "/usr/bin/gpgv2", + "/usr/bin/gpgv", + }; bool const Debug = _config->FindB("Debug::Acquire::gpgv", false); struct exiter { std::vector<std::string> files; @@ -161,13 +165,32 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, } } local_exit; + std::string gpgv = _config->Find("Apt::Key::gpgvcommand"); + if (gpgv.empty() || !FileExists(gpgv)) + { + gpgv = ""; + for (auto gpgvVariant : gpgvVariants) + { + if (FileExists(gpgvVariant)) + { + gpgv = gpgvVariant; + break; + } + } + + if (gpgv.empty()) + { + apt_error(std::cerr, statusfd, fd, "Couldn't find a gpgv binary"); + local_exit(EINTERNAL); + } + } std::vector<std::string> Args; Args.reserve(10); - Args.push_back(aptkey); - Args.push_back("--quiet"); - Args.push_back("--readonly"); + Args.push_back(gpgv); + Args.push_back("--ignore-time-conflict"); + auto dearmorKeyOrCheckFormat = [&](std::string const &k) -> std::string { FileFd keyFd(k, FileFd::ReadOnly); @@ -270,7 +293,6 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, Args.push_back("/dev/null"); } - Args.push_back("verify"); char statusfdstr[10]; if (statusfd != -1) { @@ -294,27 +316,6 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, enum { DETACHED, CLEARSIGNED } releaseSignature = (FileGPG != File) ? DETACHED : CLEARSIGNED; - // Dump the configuration so apt-key picks up the correct Dir values - { - std::string tmpfile; - strprintf(tmpfile, "%s/apt.conf.XXXXXX", GetTempDir().c_str()); - int confFd = mkstemp(tmpfile.data()); - if (confFd == -1) { - apt_error(std::cerr, statusfd, fd, "Couldn't create temporary file %s for passing config to apt-key", tmpfile.c_str()); - local_exit(EINTERNAL); - } - local_exit.files.push_back(tmpfile); - - std::ofstream confStream(tmpfile); - close(confFd); - _config->Dump(confStream); - confStream.close(); - setenv("APT_CONFIG", tmpfile.c_str(), 1); - } - - // Tell apt-key not to emit warnings - setenv("APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE", "1", 1); - if (releaseSignature == DETACHED) { auto detached = make_unique_FILE(FileGPG, "r"); diff --git a/test/integration/framework b/test/integration/framework index ad87d17c7..a64488f0e 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -457,15 +457,8 @@ _setupprojectenvironment() { echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf echo "Binary::apt::APT::Output-Version \"0\";" >> aptconfig.conf echo "Dir::Bin::Methods \"${TMPWORKINGDIRECTORY}/rootdir/usr/lib/apt/methods\";" >> aptconfig.conf - # either store apt-key were we can access it, even if we run it as a different user - #cp "${APTCMDLINEBINDIR}/apt-key" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/" - #chmod o+rx "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key" - #echo "Dir::Bin::apt-key \"${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key\";" >> aptconfig.conf - # destroys coverage reporting though, so we disable changing user for the calling gpgv - echo "Dir::Bin::apt-key \"${APTCMDLINEBINDIR}/apt-key\";" >> aptconfig.conf if [ "$(id -u)" = '0' ]; then - echo 'Binary::gpgv::APT::Sandbox::User "root";' >> aptconfig.conf - # same for the solver executables + # run the solvers as root so we don't lose coverage data echo 'APT::Solver::RunAsUser "root";' >> aptconfig.conf echo 'APT::Planner::RunAsUser "root";' >> aptconfig.conf fi diff --git a/test/integration/test-method-gpgv b/test/integration/test-method-gpgv index ffaa72c8f..5ce685c8b 100755 --- a/test/integration/test-method-gpgv +++ b/test/integration/test-method-gpgv @@ -7,7 +7,7 @@ TESTDIR="$(readlink -f "$(dirname "$0")")" setupenvironment configarchitecture 'i386' -cat > faked-apt-key <<EOF +cat > faked-gpgv <<EOF #!/bin/sh set -e find_gpgv_status_fd() { @@ -24,7 +24,7 @@ GPGSTATUSFD="\$(find_gpgv_status_fd "\$@")" cat >&\${GPGSTATUSFD} gpgv.output cat gpgv.output EOF -chmod +x faked-apt-key +chmod +x faked-gpgv testgpgv() { echo "$4" > gpgv.output @@ -114,7 +114,7 @@ EOF gpgvmethod() { echo "601 Configuration Config-Item: Debug::Acquire::gpgv=1 -Config-Item: Dir::Bin::apt-key=./faked-apt-key +Config-Item: APT::Key::GPGVCommand=$PWD/faked-gpgv Config-Item: APT::Hashes::SHA1::Weak=true Config-Item: APT::Key::Assert-Pubkey-Algo=>=rsa2048,nistp256,brainpoolP256r1 Config-Item: APT::Key::Assert-Pubkey-Algo::Next=>=rsa2048,nistp256 @@ -130,7 +130,7 @@ testrun gpgvmethod() { echo "601 Configuration Config-Item: Debug::Acquire::gpgv=1 -Config-Item: Dir::Bin::apt-key=./faked-apt-key +Config-Item: APT::Key::GPGVCommand=$PWD/faked-gpgv Config-Item: APT::Hashes::SHA1::Weak=true Config-Item: APT::Key::Assert-Pubkey-Algo=>=rsa2048,nistp256,brainpoolP256r1 Config-Item: APT::Key::Assert-Pubkey-Algo::Next=>=rsa2048,nistp256 @@ -147,7 +147,7 @@ testrun gpgvmethod() { echo "601 Configuration Config-Item: Debug::Acquire::gpgv=1 -Config-Item: Dir::Bin::apt-key=./faked-apt-key +Config-Item: APT::Key::GPGVCommand=$PWD/faked-gpgv Config-Item: APT::Hashes::SHA1::Weak=true Config-Item: APT::Key::Assert-Pubkey-Algo=>=rsa2048,nistp256,brainpoolP256r1 Config-Item: APT::Key::Assert-Pubkey-Algo::Next=>=rsa2048,nistp256 @@ -173,7 +173,7 @@ testsuccess grep 'verified because the public key is not available: GOODSIG' met gpgvmethod() { echo "601 Configuration Config-Item: Debug::Acquire::gpgv=1 -Config-Item: Dir::Bin::apt-key=./faked-apt-key +Config-Item: APT::Key::GPGVCommand=$PWD/faked-gpgv Config-Item: APT::Hashes::SHA1::Weak=true Config-Item: APT::Key::Assert-Pubkey-Algo=>=rsa2048,nistp256,brainpoolP256r1 Config-Item: APT::Key::Assert-Pubkey-Algo::Next=>=rsa2048,nistp256 @@ -204,26 +204,26 @@ setupaptarchive --no-update echo '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Sebastian Subkey <subkey@example.org> [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' > gpgv.output -testsuccess apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 +testsuccess apt update -o APT::Key::GPGVCommand="$PWD/faked-gpgv" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 rm -rf rootdir/var/lib/apt/lists echo '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Sebastian Subkey <subkey@example.org>' > gpgv.output -testfailure apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 +testfailure apt update -o APT::Key::GPGVCommand="$PWD/faked-gpgv" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 rm -rf rootdir/var/lib/apt/lists echo '[GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' > gpgv.output -testfailure apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 +testfailure apt update -o APT::Key::GPGVCommand="$PWD/faked-gpgv" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 rm -rf rootdir/var/lib/apt/lists echo '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Sebastian Subkey <subkey@example.org> [GNUPG:] VALIDSIG 0000000000000000000000000000000000000000 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' > gpgv.output -testfailure apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 +testfailure apt update -o APT::Key::GPGVCommand="$PWD/faked-gpgv" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 rm -rf rootdir/var/lib/apt/lists gpgvmethod() { echo "601 Configuration Config-Item: Debug::Acquire::gpgv=1 -Config-Item: Dir::Bin::apt-key=./faked-apt-key +Config-Item: APT::Key::GPGVCommand=$PWD/faked-gpgv Config-Item: APT::Hashes::SHA1::Weak=true Config-Item: APT::Key::Assert-Pubkey-Algo::Next=>=invalid |
