[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#775717: marked as done (unblock: weboob/1.0-3)

Your message dated Thu, 22 Jan 2015 13:13:46 +0000
with message-id <20150122131346.GA29173@lupin.home.powdarrmonkey.net>
and subject line Re: Bug#775717: unblock: weboob/1.0-3
has caused the Debian Bug report #775717,
regarding unblock: weboob/1.0-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
775717: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775717
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear release team,

The package weboob has been marked for autoremoval because of a RC which
reports that weboob applications don't ask user before accepting a new
modules repository's keyring:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774838

To fix it, I've applied a patch from upstream to let user accept or not
the keyring of a new repository after displaying him the fingerprint of the
keyring.

Please unblock package weboob to allow it to re-enter jessie.

diff -Nru weboob-1.0/debian/changelog weboob-1.0/debian/changelog
--- weboob-1.0/debian/changelog	2014-12-10 10:05:31.000000000 +0100
+++ weboob-1.0/debian/changelog	2015-01-18 19:56:20.000000000 +0100
@@ -1,3 +1,11 @@
+weboob (1.0-3) unstable; urgency=medium
+
+  *debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch:
+   prompt user to accept an untrusted keyring when updating repositories
+   (Closes: #774838).
+
+ -- Romain Bignon <romain@symlink.me>  Sun, 18 Jan 2015 16:07:58 +0100
+
 weboob (1.0-2) unstable; urgency=low

   * debian/patches/0003-fix-compatibility-with-a-patch-introduced-by-768611.patch:
diff -Nru weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch
--- weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch	1970-01-01 01:00:00.000000000 +0100
+++ weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch	2015-01-18 19:56:20.000000000 +0100
@@ -0,0 +1,183 @@
+From: Romain Bignon <romain@budget-insight.com>
+Date: Fri, 16 Jan 2015 12:21:51 +0100
+Subject: prompt user to accept an untrusted keyring
+
+---
+ weboob/applications/weboobcfg/weboobcfg.py |  3 ++-
+ weboob/core/repositories.py                | 25 ++++++++++++++++---------
+ weboob/tools/application/console.py        | 20 +++++++++++++++++---
+ weboob/tools/application/qt/backendcfg.py  |  5 +++++
+ 4 files changed, 40 insertions(+), 13 deletions(-)
+
+diff --git a/weboob/applications/weboobcfg/weboobcfg.py b/weboob/applications/weboobcfg/weboobcfg.py
+index 822325c..3c4e96b 100644
+--- a/weboob/applications/weboobcfg/weboobcfg.py
++++ b/weboob/applications/weboobcfg/weboobcfg.py
+@@ -25,6 +25,7 @@ import re
+ from weboob.capabilities.account import CapAccount
+ from weboob.core.modules import ModuleLoadError
+ from weboob.tools.application.repl import ReplApplication
++from weboob.tools.application.console import ConsoleProgress
+ from weboob.tools.ordereddict import OrderedDict
+
+
+@@ -261,4 +262,4 @@ class WeboobCfg(ReplApplication):
+
+         Update weboob.
+         """
+-        self.weboob.update()
++        self.weboob.update(ConsoleProgress(self))
+diff --git a/weboob/core/repositories.py b/weboob/core/repositories.py
+index dbf7448..89ff23f 100644
+--- a/weboob/core/repositories.py
++++ b/weboob/core/repositories.py
+@@ -26,6 +26,7 @@ import re
+ import sys
+ import os
+ import subprocess
++import hashlib
+ from datetime import datetime
+ from contextlib import closing
+ from compileall import compile_dir
+@@ -180,7 +181,7 @@ class Repository(object):
+         # Save the repository index in ~/.weboob/repositories/
+         self.save(repo_path, private=True)
+
+-    def retrieve_keyring(self, browser, keyring_path):
++    def retrieve_keyring(self, browser, keyring_path, progress):
+         # ignore local
+         if self.local:
+             return
+@@ -202,11 +203,11 @@ class Repository(object):
+             if keyring.exists():
+                 if not keyring.is_valid(keyring_data, sig_data):
+                     raise InvalidSignature('the keyring itself')
+-                print('The keyring was updated (and validated by the previous one).')
+-            else:
+-                print('First time saving the keyring, blindly accepted.')
++                progress.progress(0.0, 'The keyring was updated (and validated by the previous one).')
++            elif not progress.prompt('The repository %s isn\'t trusted yet.\nFingerprint of keyring is %s\nAre you sure you want to continue?' % (self.url, hashlib.sha1(keyring_data).hexdigest())):
++                raise RepositoryUnavailable('Repository not trusted')
+             keyring.save(keyring_data, self.key_update)
+-            print(keyring)
++            progress.progress(0.0, str(keyring))
+
+     def parse_index(self, fp):
+         """
+@@ -378,6 +379,9 @@ class IProgress(object):
+     def error(self, message):
+         raise NotImplementedError()
+
++    def prompt(self, message):
++        raise NotImplementedError()
++
+     def __repr__(self):
+         return '<%s>' % self.__class__.__name__
+
+@@ -389,6 +393,10 @@ class PrintProgress(IProgress):
+     def error(self, message):
+         print('ERROR: %s' % message, file=sys.stderr)
+
++    def prompt(self, message):
++        print('%s (Y/n): *** ASSUMING YES ***' % message)
++        return True
++
+
+ class ModuleInstallError(Exception):
+     pass
+@@ -579,7 +587,7 @@ class Repositories(object):
+             try:
+                 repository.retrieve_index(self.browser, repo_path)
+                 if gpgv:
+-                    repository.retrieve_keyring(self.browser, keyring_path)
++                    repository.retrieve_keyring(self.browser, keyring_path, progress)
+                 else:
+                     progress.error('Cannot find gpgv to check for repository authenticity.\n'
+                                     'You should install GPG for better security.')
+@@ -610,7 +618,7 @@ class Repositories(object):
+         :param progress: observer object.
+         :type progress: :class:`IProgress`
+         """
+-        self.update_repositories()
++        self.update_repositories(progress)
+
+         to_update = []
+         for name, info in self.get_all_modules_info().iteritems():
+@@ -792,8 +800,7 @@ class Keyring(object):
+
+     def __str__(self):
+         if self.exists():
+-            with open(self.vpath, 'r') as f:
+-                import hashlib
++            with open(self.path, 'r') as f:
+                 h = hashlib.sha1(f.read()).hexdigest()
+             return 'Keyring version %s, checksum %s' % (self.version, h)
+         return 'NO KEYRING'
+diff --git a/weboob/tools/application/console.py b/weboob/tools/application/console.py
+index 35c9cf9..5e9e892 100644
+--- a/weboob/tools/application/console.py
++++ b/weboob/tools/application/console.py
+@@ -31,7 +31,7 @@ from weboob.capabilities import UserError
+ from weboob.capabilities.account import CapAccount, Account, AccountRegisterError
+ from weboob.core.backendscfg import BackendAlreadyExists
+ from weboob.core.modules import ModuleLoadError
+-from weboob.core.repositories import ModuleInstallError
++from weboob.core.repositories import ModuleInstallError, IProgress
+ from weboob.exceptions import BrowserUnavailable, BrowserIncorrectPassword, BrowserForbidden, BrowserSSLError
+ from weboob.tools.value import Value, ValueBool, ValueFloat, ValueInt, ValueBackendPassword
+ from weboob.tools.misc import to_unicode
+@@ -55,6 +55,20 @@ class BackendNotFound(Exception):
+     pass
+
+
++class ConsoleProgress(IProgress):
++    def __init__(self, app):
++        self.app = app
++
++    def progress(self, percent, message):
++        self.app.stdout.write('=== [%3.0f%%] %s\n' % (percent*100, message))
++
++    def error(self, message):
++        self.app.stderr.write('ERROR: %s\n' % message)
++
++    def prompt(self, message):
++        return self.app.ask(message, default=True)
++
++
+ class ConsoleApplication(Application):
+     """
+     Base application class for CLI applications.
+@@ -288,7 +302,7 @@ class ConsoleApplication(Application):
+
+     def install_module(self, name):
+         try:
+-            self.weboob.repositories.install(name)
++            self.weboob.repositories.install(name, ConsoleProgress(self))
+         except ModuleInstallError as e:
+             print('Unable to install module "%s": %s' % (name, e), file=self.stderr)
+             return False
+@@ -562,7 +576,7 @@ class ConsoleApplication(Application):
+
+             minfo = self.weboob.repositories.get_module_info(backend.NAME)
+             if minfo and not minfo.is_local():
+-                self.weboob.repositories.update_repositories()
++                self.weboob.repositories.update_repositories(ConsoleProgress(self))
+
+                 # minfo of the new available module
+                 minfo = self.weboob.repositories.get_module_info(backend.NAME)
+diff --git a/weboob/tools/application/qt/backendcfg.py b/weboob/tools/application/qt/backendcfg.py
+index fc5531a..0b8db78 100644
+--- a/weboob/tools/application/qt/backendcfg.py
++++ b/weboob/tools/application/qt/backendcfg.py
+@@ -80,6 +80,11 @@ class ProgressDialog(IProgress, QProgressDialog):
+     def error(self, message):
+         QMessageBox.critical(self, self.tr('Error'), '%s' % message, QMessageBox.Ok)
+
++    def prompt(self, message):
++        reply = QMessageBox.question(self, '', unicode(message), QMessageBox.Yes|QMessageBox.No)
++
++        return reply == QMessageBox.Yes
++
+
+ class BackendCfg(QDialog):
+     def __init__(self, weboob, caps=None, parent=None):
diff -Nru weboob-1.0/debian/patches/series weboob-1.0/debian/patches/series
--- weboob-1.0/debian/patches/series	2014-12-10 10:05:31.000000000 +0100
+++ weboob-1.0/debian/patches/series	2015-01-18 19:56:20.000000000 +0100
@@ -1,3 +1,4 @@
 0001-Set-copyright-in-applications.patch
 0002-fix-StatusField-to-be-a-BaseObject.patch
 0003-fix-compatibility-with-a-patch-introduced-by-768611.patch
+0004-prompt-user-to-accept-an-untrusted-keyring.patch

unblock weboob/1.0-3

Regards,

Romain

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---
--- Begin Message --- 
On Mon, Jan 19, 2015 at 08:23:52AM +0100, Romain Bignon wrote:
> The package weboob has been marked for autoremoval because of a RC which
> reports that weboob applications don't ask user before accepting a new
> modules repository's keyring:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774838
> 
> To fix it, I've applied a patch from upstream to let user accept or not
> the keyring of a new repository after displaying him the fingerprint of the
> keyring.

Unblocked.

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: