summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2024-11-23 19:59:24 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2024-11-28 19:01:36 +0100
commit325b0c89358dae042ebfe0ba6dcbcc43253927a6 (patch)
treecb8b829fb624685ed57cf222d2f4f22c7826a2bd
parent623bc8a69d0e89c0f18305403741af4fda8d87bf (diff)
Directly call gpgv instead of apt-key
-rw-r--r--apt-pkg/contrib/gpgv.cc55
-rw-r--r--test/integration/framework9
-rwxr-xr-xtest/integration/test-method-gpgv22
3 files changed, 40 insertions, 46 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index fdc292f4f..dd4d5cfb6 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -149,8 +149,12 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
int const &statusfd, int fd[2], std::vector<std::string> const &KeyFiles)
{
#define EINTERNAL 111
- std::string const aptkey = _config->Find("Dir::Bin::apt-key", CMAKE_INSTALL_FULL_BINDIR "/apt-key");
-
+ const std::string gpgvVariants[] = {
+ "/usr/bin/gpgv-sq",
+ "/usr/bin/gpgv",
+ "/usr/bin/gpgv2",
+ "/usr/bin/gpgv",
+ };
bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
struct exiter {
std::vector<std::string> files;
@@ -161,13 +165,32 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
}
} local_exit;
+ std::string gpgv = _config->Find("Apt::Key::gpgvcommand");
+ if (gpgv.empty() || !FileExists(gpgv))
+ {
+ gpgv = "";
+ for (auto gpgvVariant : gpgvVariants)
+ {
+ if (FileExists(gpgvVariant))
+ {
+ gpgv = gpgvVariant;
+ break;
+ }
+ }
+
+ if (gpgv.empty())
+ {
+ apt_error(std::cerr, statusfd, fd, "Couldn't find a gpgv binary");
+ local_exit(EINTERNAL);
+ }
+ }
std::vector<std::string> Args;
Args.reserve(10);
- Args.push_back(aptkey);
- Args.push_back("--quiet");
- Args.push_back("--readonly");
+ Args.push_back(gpgv);
+ Args.push_back("--ignore-time-conflict");
+
auto dearmorKeyOrCheckFormat = [&](std::string const &k) -> std::string
{
FileFd keyFd(k, FileFd::ReadOnly);
@@ -270,7 +293,6 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
Args.push_back("/dev/null");
}
- Args.push_back("verify");
char statusfdstr[10];
if (statusfd != -1)
{
@@ -294,27 +316,6 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
enum { DETACHED, CLEARSIGNED } releaseSignature = (FileGPG != File) ? DETACHED : CLEARSIGNED;
- // Dump the configuration so apt-key picks up the correct Dir values
- {
- std::string tmpfile;
- strprintf(tmpfile, "%s/apt.conf.XXXXXX", GetTempDir().c_str());
- int confFd = mkstemp(tmpfile.data());
- if (confFd == -1) {
- apt_error(std::cerr, statusfd, fd, "Couldn't create temporary file %s for passing config to apt-key", tmpfile.c_str());
- local_exit(EINTERNAL);
- }
- local_exit.files.push_back(tmpfile);
-
- std::ofstream confStream(tmpfile);
- close(confFd);
- _config->Dump(confStream);
- confStream.close();
- setenv("APT_CONFIG", tmpfile.c_str(), 1);
- }
-
- // Tell apt-key not to emit warnings
- setenv("APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE", "1", 1);
-
if (releaseSignature == DETACHED)
{
auto detached = make_unique_FILE(FileGPG, "r");
diff --git a/test/integration/framework b/test/integration/framework
index ad87d17c7..a64488f0e 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -457,15 +457,8 @@ _setupprojectenvironment() {
echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf
echo "Binary::apt::APT::Output-Version \"0\";" >> aptconfig.conf
echo "Dir::Bin::Methods \"${TMPWORKINGDIRECTORY}/rootdir/usr/lib/apt/methods\";" >> aptconfig.conf
- # either store apt-key were we can access it, even if we run it as a different user
- #cp "${APTCMDLINEBINDIR}/apt-key" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/"
- #chmod o+rx "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key"
- #echo "Dir::Bin::apt-key \"${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key\";" >> aptconfig.conf
- # destroys coverage reporting though, so we disable changing user for the calling gpgv
- echo "Dir::Bin::apt-key \"${APTCMDLINEBINDIR}/apt-key\";" >> aptconfig.conf
if [ "$(id -u)" = '0' ]; then
- echo 'Binary::gpgv::APT::Sandbox::User "root";' >> aptconfig.conf
- # same for the solver executables
+ # run the solvers as root so we don't lose coverage data
echo 'APT::Solver::RunAsUser "root";' >> aptconfig.conf
echo 'APT::Planner::RunAsUser "root";' >> aptconfig.conf
fi
diff --git a/test/integration/test-method-gpgv b/test/integration/test-method-gpgv
index ffaa72c8f..5ce685c8b 100755
--- a/test/integration/test-method-gpgv
+++ b/test/integration/test-method-gpgv
@@ -7,7 +7,7 @@ TESTDIR="$(readlink -f "$(dirname "$0")")"
setupenvironment
configarchitecture 'i386'
-cat > faked-apt-key <<EOF
+cat > faked-gpgv <<EOF
#!/bin/sh
set -e
find_gpgv_status_fd() {
@@ -24,7 +24,7 @@ GPGSTATUSFD="\$(find_gpgv_status_fd "\$@")"
cat >&\${GPGSTATUSFD} gpgv.output
cat gpgv.output
EOF
-chmod +x faked-apt-key
+chmod +x faked-gpgv
testgpgv() {
echo "$4" > gpgv.output
@@ -114,7 +114,7 @@ EOF
gpgvmethod() {
echo "601 Configuration
Config-Item: Debug::Acquire::gpgv=1
-Config-Item: Dir::Bin::apt-key=./faked-apt-key
+Config-Item: APT::Key::GPGVCommand=$PWD/faked-gpgv
Config-Item: APT::Hashes::SHA1::Weak=true
Config-Item: APT::Key::Assert-Pubkey-Algo=>=rsa2048,nistp256,brainpoolP256r1
Config-Item: APT::Key::Assert-Pubkey-Algo::Next=>=rsa2048,nistp256
@@ -130,7 +130,7 @@ testrun
gpgvmethod() {
echo "601 Configuration
Config-Item: Debug::Acquire::gpgv=1
-Config-Item: Dir::Bin::apt-key=./faked-apt-key
+Config-Item: APT::Key::GPGVCommand=$PWD/faked-gpgv
Config-Item: APT::Hashes::SHA1::Weak=true
Config-Item: APT::Key::Assert-Pubkey-Algo=>=rsa2048,nistp256,brainpoolP256r1
Config-Item: APT::Key::Assert-Pubkey-Algo::Next=>=rsa2048,nistp256
@@ -147,7 +147,7 @@ testrun
gpgvmethod() {
echo "601 Configuration
Config-Item: Debug::Acquire::gpgv=1
-Config-Item: Dir::Bin::apt-key=./faked-apt-key
+Config-Item: APT::Key::GPGVCommand=$PWD/faked-gpgv
Config-Item: APT::Hashes::SHA1::Weak=true
Config-Item: APT::Key::Assert-Pubkey-Algo=>=rsa2048,nistp256,brainpoolP256r1
Config-Item: APT::Key::Assert-Pubkey-Algo::Next=>=rsa2048,nistp256
@@ -173,7 +173,7 @@ testsuccess grep 'verified because the public key is not available: GOODSIG' met
gpgvmethod() {
echo "601 Configuration
Config-Item: Debug::Acquire::gpgv=1
-Config-Item: Dir::Bin::apt-key=./faked-apt-key
+Config-Item: APT::Key::GPGVCommand=$PWD/faked-gpgv
Config-Item: APT::Hashes::SHA1::Weak=true
Config-Item: APT::Key::Assert-Pubkey-Algo=>=rsa2048,nistp256,brainpoolP256r1
Config-Item: APT::Key::Assert-Pubkey-Algo::Next=>=rsa2048,nistp256
@@ -204,26 +204,26 @@ setupaptarchive --no-update
echo '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Sebastian Subkey <subkey@example.org>
[GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' > gpgv.output
-testsuccess apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
+testsuccess apt update -o APT::Key::GPGVCommand="$PWD/faked-gpgv" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
rm -rf rootdir/var/lib/apt/lists
echo '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Sebastian Subkey <subkey@example.org>' > gpgv.output
-testfailure apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
+testfailure apt update -o APT::Key::GPGVCommand="$PWD/faked-gpgv" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
rm -rf rootdir/var/lib/apt/lists
echo '[GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' > gpgv.output
-testfailure apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
+testfailure apt update -o APT::Key::GPGVCommand="$PWD/faked-gpgv" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
rm -rf rootdir/var/lib/apt/lists
echo '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Sebastian Subkey <subkey@example.org>
[GNUPG:] VALIDSIG 0000000000000000000000000000000000000000 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' > gpgv.output
-testfailure apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
+testfailure apt update -o APT::Key::GPGVCommand="$PWD/faked-gpgv" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
rm -rf rootdir/var/lib/apt/lists
gpgvmethod() {
echo "601 Configuration
Config-Item: Debug::Acquire::gpgv=1
-Config-Item: Dir::Bin::apt-key=./faked-apt-key
+Config-Item: APT::Key::GPGVCommand=$PWD/faked-gpgv
Config-Item: APT::Hashes::SHA1::Weak=true
Config-Item: APT::Key::Assert-Pubkey-Algo::Next=>=invalid