Control: tags -1 + patch
> The test suite failures reported in this bug still exist with gpgv 2.1.14-3
> from experimental.
The root of the problem is that the new gpgv spits out a lot more information
on status-fd than it used to and the test suite is strict in not wanting to
see extra fields (to make sure one of them is not something like BADSIG).
For reference, with gpgv 2.1.14-3 from experimental:
$ gpgv --status-fd 1 --keyring /usr/share/keyrings/debian-keyring.gpg
../python-debian_0.1.28_source.changes
[GNUPG:] PROGRESS need_entropy X 30 120
[GNUPG:] PROGRESS need_entropy X 120 120
[ ... 8< ... snipped a further 108 lines of the PROGRESS ... 8< ... ]
[GNUPG:] NEWSIG
gpgv: Signature made Tue Jun 14 14:54:20 2016 UTC using RSA key ID
[GNUPG:] KEY_CONSIDERED 90E2D2C1AD146A1B7EBB891DBBC17EBB1396F2F7 0
[GNUPG:] SIG_ID 9GygF08Hh2I/7oKF/hsxVULBUhU 2016-06-14 1465916060
[GNUPG:] KEY_CONSIDERED 90E2D2C1AD146A1B7EBB891DBBC17EBB1396F2F7 0
[GNUPG:] GOODSIG BBC17EBB1396F2F7 Stuart Prescott <stu...@nanonanonano.net>
gpgv: Good signature from "Stuart Prescott <stu...@nanonanonano.net>"
gpgv: aka "Stuart Prescott <stu...@debian.org>"
gpgv: aka "Stuart Prescott <stuart+deb...@nanonanonano.net>"
[GNUPG:] VALIDSIG 90E2D2C1AD146A1B7EBB891DBBC17EBB1396F2F7 2016-06-14
1465916060 0 4 0 1 8 01 90E2D2C1AD146A1B7EBB891DBBC17EBB1396F2F7
So gpgv now includes PROGRESS, NEWSIG and KEY_CONSIDERED output. None of these
keys conveys any additional information with the GOODSIG and VALIDSIG keys
remaining unchanged.
The attached patch just filters these three headers out from the gpgv output
and calm is restored.
python-debian and gnupg maintainers -- any comments here?
--
Stuart Prescott http://www.nanonanonano.net/ stu...@nanonanonano.net
Debian Developer http://www.debian.org/ stu...@debian.org
GPG fingerprint 90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7
>From 36a1bc85438ac8638b91155a79b5fedc5898320f Mon Sep 17 00:00:00 2001
From: Stuart Prescott <stu...@debian.org>
Date: Sat, 6 Aug 2016 16:30:07 +1000
Subject: [PATCH 1/2] Filter unwanted gpgv headers in signature check
gnupg 2 includes extra informational headers on status-fd when checking
the signature using gpgv, which causes the test suite to fail. The new
headers aren't actually interesting for the final result so they can be
filtered from the results exposed to the caller.
(Closes: #782904)
---
lib/debian/deb822.py | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lib/debian/deb822.py b/lib/debian/deb822.py
index c1dcb17..cfb76c1 100644
--- a/lib/debian/deb822.py
+++ b/lib/debian/deb822.py
@@ -806,6 +806,13 @@ class GpgInfo(dict):
else:
value = l[s+1:].split(' ')
+ # Skip headers in the gpgv output that are not interesting
+ # note NEWSI is actually NEWSIG but the above parsing loses the 'G'
+ # if no keyid is included in the message. See
+ # /usr/share/doc/gnupg/DETAILS.gz
+ if key in ('NEWSI', 'NEWSIG', 'KEY_CONSIDERED', 'PROGRESS'):
+ continue
+
n[key] = value
return n
--
2.1.4
