diff options
| -rw-r--r-- | cmdline/apt-key.in | 9 | ||||
| -rw-r--r-- | debian/control | 4 | ||||
| -rw-r--r-- | debian/tests/control | 3 | ||||
| -rwxr-xr-x | prepare-release | 5 | ||||
| -rw-r--r-- | test/integration/framework | 45 | ||||
| -rwxr-xr-x | test/integration/test-apt-key | 34 | ||||
| -rwxr-xr-x | test/integration/test-apt-key-net-update | 9 | ||||
| -rwxr-xr-x | test/integration/test-releasefile-verification | 5 |
8 files changed, 52 insertions, 62 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 0f9118492..aff75c300 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -530,9 +530,11 @@ EOF GPG_EXE="gpg" elif command_available 'gpg2'; then GPG_EXE="gpg2" + elif command_available 'gpg1'; then + GPG_EXE="gpg1" else - echo >&2 "Error: gnupg or gnupg2 do not seem to be installed," - echo >&2 "Error: but apt-key requires gnupg or gnupg2 for this operation." + echo >&2 "Error: gnupg, gnupg2 and gnupg1 do not seem to be installed," + echo >&2 "Error: but apt-key requires gnupg, gnupg2 or gnupg1 for this operation." echo >&2 exit 255 fi @@ -639,8 +641,9 @@ case "$command" in if [ -n "$GPGV" ] && command_available "$GPGV"; then true; elif command_available 'gpgv'; then GPGV='gpgv'; elif command_available 'gpgv2'; then GPGV='gpgv2'; + elif command_available 'gpgv1'; then GPGV='gpgv1'; else - echo >&2 'ERROR: gpgv or gpgv2 required for verification' + echo >&2 'ERROR: gpgv, gpgv2 or gpgv1 required for verification' exit 29 fi # for a forced keyid we need gpg --export, so full wrapping required diff --git a/debian/control b/debian/control index c84e53927..c383e2fc1 100644 --- a/debian/control +++ b/debian/control @@ -19,10 +19,10 @@ Testsuite: autopkgtest Package: apt Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gpgv | gpgv2, adduser +Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gpgv | gpgv2 | gpgv1, adduser Replaces: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~), bash-completion (<< 1:2.1-4.2+fakesync1), apt-utils (<< 1.3~exp2~) Breaks: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~), apt-utils (<< 1.3~exp2~) -Recommends: gnupg | gnupg2 +Recommends: gnupg | gnupg2 | gnupg1 Suggests: aptitude | synaptic | wajig, dpkg-dev (>= 1.17.2), apt-doc, python-apt, powermgmt-base Description: commandline package manager This package provides commandline tools for searching and diff --git a/debian/tests/control b/debian/tests/control index 406679d37..b7555dc2e 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,4 +1,5 @@ Tests: run-tests Restrictions: allow-stderr -Depends: @, @builddeps@, fakeroot, wget, stunnel4, lsof, db-util, gnupg, gnupg2, +Depends: @, @builddeps@, fakeroot, wget, stunnel4, lsof, db-util, + gnupg, gnupg1, gpgv, gpgv1, libfile-fcntllock-perl, python3-apt diff --git a/prepare-release b/prepare-release index df1b0a2cf..1e434a305 100755 --- a/prepare-release +++ b/prepare-release @@ -158,8 +158,9 @@ elif [ "$1" = 'buildlog' ]; then shift done elif [ "$1" = 'travis-ci' ]; then - apt-get install -qy --no-install-recommends $(sed -n -e '/^Build-Depends: /,/^Build-Depends-Indep: / {p}' debian/control | sed -e 's#([^)]*)##g' -e 's#^Build-Depends\(-Indep\)\?: ##' -e 's#<.*>##g' | tr -d ',') - apt-get install -qy --no-install-recommends $(sed -n 's#^Depends: .*@, \(.*\)$#\1#p' debian/tests/control | tr -d ',') + apt-get install -qy --no-install-recommends dctrl-tools + apt-get install -qy --no-install-recommends $(grep-dctrl -S -s Build-Depends,Build-Depends-Indep,Build-Depends-Arch apt ./debian/control | sed -e 's#([^)]*)##g' -e 's#^Build-Depends\(-Indep\|-Arch\)\?: ##' -e 's#<.*>##g' | tr -s '\n,' ' ') + apt-get install -qy --no-install-recommends $(grep-dctrl -F Tests -s Depends run-tests ./debian/tests/control | tr -s '\n,' ' ' | cut -d'@' -f 4- | sed -e 's#gnupg1#gnupg2#' -e 's#gpgv1#gpgv2#') elif [ "$1" = 'coverage' ]; then DIR="${2:-./coverage}" git clean -dfX # remove ignored build artefacts for a clean start diff --git a/test/integration/framework b/test/integration/framework index 8d124858b..1e356ffaf 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1856,49 +1856,24 @@ testwebserverlaststatuscode() { msggroup } -createlistofkeys() { - local OUTPUT="$1" - shift +mapkeynametokeyid() { while [ -n "$1" ]; do - # gpg 2.1.something starts printing [SC] at some point - if grep -q ' rsa2048/' "$OUTPUT" && grep -qF '[SC]' "$OUTPUT"; then - case "$1" in - *Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18 [SC]';; - *Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [SC] [expired: 2013-07-13]';; - *Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16 [SC]';; - oldarchive) echo 'pub rsa1024/F68C85A3 2013-12-19 [SC]';; - newarchive) echo 'pub rsa2048/DBAC8DAE 2010-08-18 [SC]';; - *) echo 'UNKNOWN KEY';; - esac - # gpg 2.1 has a slightly different output format - elif grep -q ' rsa2048/' "$OUTPUT"; then - case "$1" in - *Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18';; - *Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [expired: 2013-07-13]';; - *Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16';; - oldarchive) echo 'pub rsa1024/F68C85A3 2013-12-19';; - newarchive) echo 'pub rsa2048/DBAC8DAE 2010-08-18';; - *) echo 'UNKNOWN KEY';; - esac - else - case "$1" in - *Joe*|*Sixpack*) echo 'pub 2048R/DBAC8DAE 2010-08-18';; - *Rex*|*Expired*) echo 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]';; - *Marvin*|*Paranoid*) echo 'pub 2048R/528144E2 2011-01-16';; - oldarchive) echo 'pub 1024R/F68C85A3 2013-12-19';; - newarchive) echo 'pub 2048R/DBAC8DAE 2010-08-18';; - *) echo 'UNKNOWN KEY';; - esac - fi + case "$1" in + *Joe*|*Sixpack*|newarchive) echo '5A90D141DBAC8DAE';; + *Rex*|*Expired*) echo '4BC0A39C27CE74F9';; + *Marvin*|*Paranoid*) echo 'E8525D47528144E2';; + oldarchive) echo 'FDD2DB85F68C85A3';; + *) echo 'UNKNOWN KEY';; + esac shift done } testaptkeys() { local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/aptkeylist.output" - if ! aptkey list | grep '^pub' > "$OUTPUT"; then + if ! aptkey list --with-colon | grep '^pub' | cut -d':' -f 5 > "$OUTPUT"; then echo -n > "$OUTPUT" fi - testfileequal "$OUTPUT" "$(createlistofkeys "$OUTPUT" "$@")" + testfileequal "$OUTPUT" "$(mapkeynametokeyid "$@")" } pause() { diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index e777de1a4..eb5f998cf 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -41,7 +41,9 @@ APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub\";" > "${ROOTDIR}/etc/apt/apt.c msgtest 'Check that paths in finger output are not' 'double-slashed' testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output" - testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed + testequalor2 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed +gpg: Total number processed: 1 +gpg: unchanged: 1' 'gpg: key 5A90D141DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1' aptkey --fakeroot update @@ -185,8 +187,9 @@ gpg: unchanged: 1' aptkey --fakeroot update msgtest 'Test verify a file' 'with no sig' testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}" "${SIGNATURE}2" - for GPGV in '' 'gpgv' 'gpgv2'; do + for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" + if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi msgtest 'Test verify a file' 'with all keys' testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" @@ -229,8 +232,9 @@ gpg: unchanged: 1' aptkey --fakeroot update adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}" testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}" - for GPGV in '' 'gpgv' 'gpgv2'; do + for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" + if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi msgtest 'Test verify a doublesigned file' 'with all keys' testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" @@ -265,11 +269,25 @@ gpg: unchanged: 1' aptkey --fakeroot update } setupgpgcommand() { - echo "APT::Key::GPGCommand \"$1\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd" - msgmsg 'Force tests to be run with' "$1" + local GPGEXE; + if command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then + if [ "$1" = '1' ]; then + GPGEXE='gpg1' + else + GPGEXE='gpg' + fi + else + if [ "$1" = '1' ]; then + GPGEXE='gpg' + else + GPGEXE='gpg2' + fi + fi + msgmsg 'Force tests to be run with' "$GPGEXE" + echo "APT::Key::GPGCommand \"$GPGEXE\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd" testsuccess aptkey --readonly adv --version cp "${ROOTDIR}/tmp/testsuccess.output" "${TMPWORKINGDIRECTORY}/aptkey.version" - testsuccess grep "^gpg (GnuPG) $2\." "${TMPWORKINGDIRECTORY}/aptkey.version" + testsuccess grep "^gpg (GnuPG) $1\." "${TMPWORKINGDIRECTORY}/aptkey.version" } # run with default (whatever this is) in current CWD with relative paths @@ -285,7 +303,7 @@ cd inaccessible chmod 600 ../inaccessible testfilestats "${TMPWORKINGDIRECTORY}/inaccessible" '%a' '=' '600' -setupgpgcommand 'gpg' '1' +setupgpgcommand '1' testrun -setupgpgcommand 'gpg2' '2' +setupgpgcommand '2' testrun diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update index 990fb5ad2..b9f716e10 100755 --- a/test/integration/test-apt-key-net-update +++ b/test/integration/test-apt-key-net-update @@ -24,14 +24,7 @@ echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf # test against the "real" webserver testsuccess aptkey --fakeroot net-update -testequalor2 'Checking for new archive signing keys now -gpg: key F68C85A3: public key "Test Automatic Archive Signing Key <ftpmaster@example.com>" imported -gpg: Total number processed: 1 -gpg: imported: 1 (RSA: 1)' 'Checking for new archive signing keys now -gpg: key F68C85A3: public key "Test Automatic Archive Signing Key <ftpmaster@example.com>" imported -gpg: Total number processed: 1 -gpg: imported: 1' cat rootdir/tmp/testsuccess.output - +testfailure grep 'not added' rootdir/tmp/testsuccess.output testaptkeys 'oldarchive' 'newarchive' # now try a different one diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index fec7b1302..20ca613da 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -237,7 +237,7 @@ runtest() { updatewithwarnings '^W: .* NO_PUBKEY' sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* - local MARVIN="$(aptkey --keyring $MARVIN finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + local MARVIN="$(aptkey --keyring $MARVIN finger --with-colons | grep '^fpr' | cut -d':' -f 10)" msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' @@ -261,7 +261,7 @@ runtest() { " aptcache show apt installaptold - local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger --with-colons | grep '^fpr' | cut -d':' -f 10)" msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' @@ -271,7 +271,6 @@ runtest() { " aptcache show apt installaptold - local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${SIXPACK},${MARVIN}\] #\1 [signed-by=${MARVIN},${SIXPACK}] #" rootdir/etc/apt/sources.list.d/* |