Your message dated Thu, 22 Jan 2015 13:13:46 +0000 with message-id <20150122131346.GA29173@lupin.home.powdarrmonkey.net> and subject line Re: Bug#775717: unblock: weboob/1.0-3 has caused the Debian Bug report #775717, regarding unblock: weboob/1.0-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 775717: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775717 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: weboob/1.0-3
- From: Romain Bignon <romain@symlink.me>
- Date: Mon, 19 Jan 2015 08:23:52 +0100
- Message-id: <[🔎] 20150119072352.28321.79646.reportbug@b.i>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Dear release team, The package weboob has been marked for autoremoval because of a RC which reports that weboob applications don't ask user before accepting a new modules repository's keyring: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774838 To fix it, I've applied a patch from upstream to let user accept or not the keyring of a new repository after displaying him the fingerprint of the keyring. Please unblock package weboob to allow it to re-enter jessie. diff -Nru weboob-1.0/debian/changelog weboob-1.0/debian/changelog --- weboob-1.0/debian/changelog 2014-12-10 10:05:31.000000000 +0100 +++ weboob-1.0/debian/changelog 2015-01-18 19:56:20.000000000 +0100 @@ -1,3 +1,11 @@ +weboob (1.0-3) unstable; urgency=medium + + *debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch: + prompt user to accept an untrusted keyring when updating repositories + (Closes: #774838). + + -- Romain Bignon <romain@symlink.me> Sun, 18 Jan 2015 16:07:58 +0100 + weboob (1.0-2) unstable; urgency=low * debian/patches/0003-fix-compatibility-with-a-patch-introduced-by-768611.patch: diff -Nru weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch --- weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch 1970-01-01 01:00:00.000000000 +0100 +++ weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch 2015-01-18 19:56:20.000000000 +0100 @@ -0,0 +1,183 @@ +From: Romain Bignon <romain@budget-insight.com> +Date: Fri, 16 Jan 2015 12:21:51 +0100 +Subject: prompt user to accept an untrusted keyring + +--- + weboob/applications/weboobcfg/weboobcfg.py | 3 ++- + weboob/core/repositories.py | 25 ++++++++++++++++--------- + weboob/tools/application/console.py | 20 +++++++++++++++++--- + weboob/tools/application/qt/backendcfg.py | 5 +++++ + 4 files changed, 40 insertions(+), 13 deletions(-) + +diff --git a/weboob/applications/weboobcfg/weboobcfg.py b/weboob/applications/weboobcfg/weboobcfg.py +index 822325c..3c4e96b 100644 +--- a/weboob/applications/weboobcfg/weboobcfg.py ++++ b/weboob/applications/weboobcfg/weboobcfg.py +@@ -25,6 +25,7 @@ import re + from weboob.capabilities.account import CapAccount + from weboob.core.modules import ModuleLoadError + from weboob.tools.application.repl import ReplApplication ++from weboob.tools.application.console import ConsoleProgress + from weboob.tools.ordereddict import OrderedDict + + +@@ -261,4 +262,4 @@ class WeboobCfg(ReplApplication): + + Update weboob. + """ +- self.weboob.update() ++ self.weboob.update(ConsoleProgress(self)) +diff --git a/weboob/core/repositories.py b/weboob/core/repositories.py +index dbf7448..89ff23f 100644 +--- a/weboob/core/repositories.py ++++ b/weboob/core/repositories.py +@@ -26,6 +26,7 @@ import re + import sys + import os + import subprocess ++import hashlib + from datetime import datetime + from contextlib import closing + from compileall import compile_dir +@@ -180,7 +181,7 @@ class Repository(object): + # Save the repository index in ~/.weboob/repositories/ + self.save(repo_path, private=True) + +- def retrieve_keyring(self, browser, keyring_path): ++ def retrieve_keyring(self, browser, keyring_path, progress): + # ignore local + if self.local: + return +@@ -202,11 +203,11 @@ class Repository(object): + if keyring.exists(): + if not keyring.is_valid(keyring_data, sig_data): + raise InvalidSignature('the keyring itself') +- print('The keyring was updated (and validated by the previous one).') +- else: +- print('First time saving the keyring, blindly accepted.') ++ progress.progress(0.0, 'The keyring was updated (and validated by the previous one).') ++ elif not progress.prompt('The repository %s isn\'t trusted yet.\nFingerprint of keyring is %s\nAre you sure you want to continue?' % (self.url, hashlib.sha1(keyring_data).hexdigest())): ++ raise RepositoryUnavailable('Repository not trusted') + keyring.save(keyring_data, self.key_update) +- print(keyring) ++ progress.progress(0.0, str(keyring)) + + def parse_index(self, fp): + """ +@@ -378,6 +379,9 @@ class IProgress(object): + def error(self, message): + raise NotImplementedError() + ++ def prompt(self, message): ++ raise NotImplementedError() ++ + def __repr__(self): + return '<%s>' % self.__class__.__name__ + +@@ -389,6 +393,10 @@ class PrintProgress(IProgress): + def error(self, message): + print('ERROR: %s' % message, file=sys.stderr) + ++ def prompt(self, message): ++ print('%s (Y/n): *** ASSUMING YES ***' % message) ++ return True ++ + + class ModuleInstallError(Exception): + pass +@@ -579,7 +587,7 @@ class Repositories(object): + try: + repository.retrieve_index(self.browser, repo_path) + if gpgv: +- repository.retrieve_keyring(self.browser, keyring_path) ++ repository.retrieve_keyring(self.browser, keyring_path, progress) + else: + progress.error('Cannot find gpgv to check for repository authenticity.\n' + 'You should install GPG for better security.') +@@ -610,7 +618,7 @@ class Repositories(object): + :param progress: observer object. + :type progress: :class:`IProgress` + """ +- self.update_repositories() ++ self.update_repositories(progress) + + to_update = [] + for name, info in self.get_all_modules_info().iteritems(): +@@ -792,8 +800,7 @@ class Keyring(object): + + def __str__(self): + if self.exists(): +- with open(self.vpath, 'r') as f: +- import hashlib ++ with open(self.path, 'r') as f: + h = hashlib.sha1(f.read()).hexdigest() + return 'Keyring version %s, checksum %s' % (self.version, h) + return 'NO KEYRING' +diff --git a/weboob/tools/application/console.py b/weboob/tools/application/console.py +index 35c9cf9..5e9e892 100644 +--- a/weboob/tools/application/console.py ++++ b/weboob/tools/application/console.py +@@ -31,7 +31,7 @@ from weboob.capabilities import UserError + from weboob.capabilities.account import CapAccount, Account, AccountRegisterError + from weboob.core.backendscfg import BackendAlreadyExists + from weboob.core.modules import ModuleLoadError +-from weboob.core.repositories import ModuleInstallError ++from weboob.core.repositories import ModuleInstallError, IProgress + from weboob.exceptions import BrowserUnavailable, BrowserIncorrectPassword, BrowserForbidden, BrowserSSLError + from weboob.tools.value import Value, ValueBool, ValueFloat, ValueInt, ValueBackendPassword + from weboob.tools.misc import to_unicode +@@ -55,6 +55,20 @@ class BackendNotFound(Exception): + pass + + ++class ConsoleProgress(IProgress): ++ def __init__(self, app): ++ self.app = app ++ ++ def progress(self, percent, message): ++ self.app.stdout.write('=== [%3.0f%%] %s\n' % (percent*100, message)) ++ ++ def error(self, message): ++ self.app.stderr.write('ERROR: %s\n' % message) ++ ++ def prompt(self, message): ++ return self.app.ask(message, default=True) ++ ++ + class ConsoleApplication(Application): + """ + Base application class for CLI applications. +@@ -288,7 +302,7 @@ class ConsoleApplication(Application): + + def install_module(self, name): + try: +- self.weboob.repositories.install(name) ++ self.weboob.repositories.install(name, ConsoleProgress(self)) + except ModuleInstallError as e: + print('Unable to install module "%s": %s' % (name, e), file=self.stderr) + return False +@@ -562,7 +576,7 @@ class ConsoleApplication(Application): + + minfo = self.weboob.repositories.get_module_info(backend.NAME) + if minfo and not minfo.is_local(): +- self.weboob.repositories.update_repositories() ++ self.weboob.repositories.update_repositories(ConsoleProgress(self)) + + # minfo of the new available module + minfo = self.weboob.repositories.get_module_info(backend.NAME) +diff --git a/weboob/tools/application/qt/backendcfg.py b/weboob/tools/application/qt/backendcfg.py +index fc5531a..0b8db78 100644 +--- a/weboob/tools/application/qt/backendcfg.py ++++ b/weboob/tools/application/qt/backendcfg.py +@@ -80,6 +80,11 @@ class ProgressDialog(IProgress, QProgressDialog): + def error(self, message): + QMessageBox.critical(self, self.tr('Error'), '%s' % message, QMessageBox.Ok) + ++ def prompt(self, message): ++ reply = QMessageBox.question(self, '', unicode(message), QMessageBox.Yes|QMessageBox.No) ++ ++ return reply == QMessageBox.Yes ++ + + class BackendCfg(QDialog): + def __init__(self, weboob, caps=None, parent=None): diff -Nru weboob-1.0/debian/patches/series weboob-1.0/debian/patches/series --- weboob-1.0/debian/patches/series 2014-12-10 10:05:31.000000000 +0100 +++ weboob-1.0/debian/patches/series 2015-01-18 19:56:20.000000000 +0100 @@ -1,3 +1,4 @@ 0001-Set-copyright-in-applications.patch 0002-fix-StatusField-to-be-a-BaseObject.patch 0003-fix-compatibility-with-a-patch-introduced-by-768611.patch +0004-prompt-user-to-accept-an-untrusted-keyring.patch unblock weboob/1.0-3 Regards, Romain -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
- To: Romain Bignon <romain@symlink.me>, 775717-done@bugs.debian.org
- Subject: Re: Bug#775717: unblock: weboob/1.0-3
- From: Jonathan Wiltshire <jmw@debian.org>
- Date: Thu, 22 Jan 2015 13:13:46 +0000
- Message-id: <20150122131346.GA29173@lupin.home.powdarrmonkey.net>
- In-reply-to: <[🔎] 20150119072352.28321.79646.reportbug@b.i>
- References: <[🔎] 20150119072352.28321.79646.reportbug@b.i>
On Mon, Jan 19, 2015 at 08:23:52AM +0100, Romain Bignon wrote: > The package weboob has been marked for autoremoval because of a RC which > reports that weboob applications don't ask user before accepting a new > modules repository's keyring: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774838 > > To fix it, I've applied a patch from upstream to let user accept or not > the keyring of a new repository after displaying him the fingerprint of the > keyring. Unblocked. -- Jonathan Wiltshire jmw@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51Attachment: signature.asc
Description: Digital signature
--- End Message ---