Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu
There are 2 bugs reported to me privately about functionality broken in
apt-offline, in the version shipped in Jessie.
Bug 1: apt-offline only look into /etc/apt/trusted.gpg for key
verification. This results in most apt data not to be installed because
the debian (archive) keyring resides in /usr/share/keyrings
Bug 2: Because of the last minute changes in 1.5.x release, the file
detection plugin had some output changes that led to .gpg data
represented differently by different plugins.
Both bugs were known and are already fixed in the current 1.7.x release
in Unstable/Testing.
This request is to backport those changes for Stable. The patch has been
verified by the user who reported the bug to me. I've also verified the
patch in a Jessie container, and it seems to not break anything.
root@learner:~# apt-offline -v
1.5.2
root@learner:~# apt-offline install /var/tmp/lxc/jessie.zip
gpgv: Signature made Sat Jan 23 18:49:39 2016 IST using RSA key ID 46925553
gpgv: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy)
<ftpmas...@debian.org>"
gpgv: Signature made Sat Jan 23 18:49:39 2016 IST using RSA key ID 2B90D010
gpgv: Good signature from "Debian Archive Automatic Signing Key (8/jessie)
<ftpmas...@debian.org>"
gpgv: Signature made Sat Jan 23 18:55:24 2016 IST using RSA key ID 518E17E1
gpgv: Good signature from "Jessie Stable Release Key
<debian-rele...@lists.debian.org>"
/var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_jessie_Release
synced.
/var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_jessie_Release.gpg
synced.
/var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_jessie_main_binary-amd64_Packages.bz2
synced.
/var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_jessie_main_i18n_Translation-en.bz2
synced.
Please give me an ACK on this email, and then I will go ahead and upload
it for Stable (Jessie) inclusion. The debdiff is attached with this bug
report.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.5+ (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_IN.utf8, LC_CTYPE=en_IN.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru apt-offline-1.5.1/apt_offline_core/AptOfflineCoreLib.py apt-offline-1.5.2/apt_offline_core/AptOfflineCoreLib.py
--- apt-offline-1.5.1/apt_offline_core/AptOfflineCoreLib.py 2015-11-18 19:37:20.000000000 +0530
+++ apt-offline-1.5.2/apt_offline_core/AptOfflineCoreLib.py 2016-02-14 20:53:21.000000000 +0530
@@ -93,7 +93,7 @@
app_name = "apt-offline"
-version = "1.5"
+version = "1.5.2"
myCopyright = "(C) 2005 - 2014 Ritesh Raj Sarraf"
terminal_license = "This program comes with ABSOLUTELY NO WARRANTY.\n\
This is free software, and you are welcome to redistribute it under\n\
@@ -915,15 +915,37 @@
class APTVerifySigs:
def __init__(self, gpgv=None, keyring=None):
+ self.defaultPaths = ['/etc/apt/trusted.gpg.d/', '/usr/share/keyrings/']
+
if gpgv is None:
self.gpgv="/usr/bin/gpgv"
else:
self.gpgv=gpgv
-
+
+ self.opts = []
if keyring is None:
- self.opts="--keyring /etc/apt/trusted.gpg --ignore-time-conflict"
+
+ self.opts.append("--ignore-time-conflict ")
+
+ #INFO: For backwards compatibility
+ if os.path.exists("/etc/apt/trusted.gpg"):
+ self.opts.extend("--keyring /etc/apt/trusted.gpg".split())
+
+ for eachPath in self.defaultPaths:
+ if os.path.exists(eachPath):
+ for eachGPG in os.listdir(eachPath):
+ eachGPG = os.path.join(eachPath, eachGPG)
+ if os.path.exists(eachGPG):
+ log.verbose("Adding %s to the apt-offline keyring\n" % (eachGPG) )
+ eachKeyring = "--keyring %s" % (eachGPG)
+ self.opts.extend(eachKeyring.split())
+ else:
+ log.err("Path for keyring is invalid: %s\n" % (eachGPG) )
+ else:
+ log.err("Path for keyring is invalid: %s\n" % (eachPath) )
else:
- self.opts = "--keyring %s --ignore-time-conflict" % (keyring)
+ finalKeyring = "--keyring %s --ignore-time-conflict" % (keyring)
+ self.opts.extend(finalKeyring.split())
def VerifySig(self, signature_file, signed_file):
@@ -933,8 +955,10 @@
if not os.access(signed_file, os.F_OK):
log.err("%s is bad. Can't proceed.\n" % (signed_file) )
return False
-
- x = os.system("%s %s %s %s" % (self.gpgv, self.opts, signature_file, signed_file) )
+ gpgOpts = ""
+ for eachOpt in self.opts:
+ gpgOpts += ' ' + eachOpt
+ x = os.system("%s %s %s %s" % (self.gpgv, gpgOpts, signature_file, signed_file) )
#TODO: Find a way to redirect std[out|err]
# look at subprocess module
@@ -1155,7 +1179,7 @@
os.rename(temp_filename, filename)
else:
os.unlink(temp_filename)
- elif magicMIME.file( archive_file ) == "application/x-gnupg-keyring":
+ elif magicMIME.file( archive_file ) == "application/x-gnupg-keyring" or magicMIME.file( archive_file ) == "application/pgp-signature":
filename = os.path.join(apt_update_target_path, filename)
shutil.copy2(archive_file, filename)
# PGP armored data should be bypassed
diff -Nru apt-offline-1.5.1/debian/changelog apt-offline-1.5.2/debian/changelog
--- apt-offline-1.5.1/debian/changelog 2015-11-18 19:40:36.000000000 +0530
+++ apt-offline-1.5.2/debian/changelog 2016-02-14 20:54:54.000000000 +0530
@@ -1,3 +1,11 @@
+apt-offline (1.5.2) jessie; urgency=medium
+
+ * [64dd250] Fix detection of filetype .gpg and extend keyring database.
+ Thanks to Daniel Freedman
+ * [1ea439e] Mark as stable release 1.5.2
+
+ -- Ritesh Raj Sarraf <r...@debian.org> Sun, 14 Feb 2016 20:54:15 +0530
+
apt-offline (1.5.1) jessie; urgency=medium
* [67c2ba5] Add python-apt to Depends. Thanks Paul Wise
