Your message dated Sun, 21 Feb 2016 19:14:46 +0530 with message-id <1456062286.4681.3.camel@debian.org> and subject line Re: Bug#814716: jessie-pu: package apt-offline/1.5.1 has caused the Debian Bug report #814716, regarding jessie-pu: package apt-offline/1.5.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 814716: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814716 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package apt-offline/1.5.1
- From: Ritesh Raj Sarraf <rrs@debian.org>
- Date: Sun, 14 Feb 2016 21:25:00 +0530
- Message-id: <[🔎] 145546530023.16898.636375644076996430.reportbug@learner.researchut.com>Package: release.debian.org Severity: normal Tags: jessie User: release.debian.org@packages.debian.org Usertags: pu There are 2 bugs reported to me privately about functionality broken in apt-offline, in the version shipped in Jessie. Bug 1: apt-offline only look into /etc/apt/trusted.gpg for key verification. This results in most apt data not to be installed because the debian (archive) keyring resides in /usr/share/keyrings Bug 2: Because of the last minute changes in 1.5.x release, the file detection plugin had some output changes that led to .gpg data represented differently by different plugins. Both bugs were known and are already fixed in the current 1.7.x release in Unstable/Testing. This request is to backport those changes for Stable. The patch has been verified by the user who reported the bug to me. I've also verified the patch in a Jessie container, and it seems to not break anything. root@learner:~# apt-offline -v 1.5.2 root@learner:~# apt-offline install /var/tmp/lxc/jessie.zip gpgv: Signature made Sat Jan 23 18:49:39 2016 IST using RSA key ID 46925553 gpgv: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>" gpgv: Signature made Sat Jan 23 18:49:39 2016 IST using RSA key ID 2B90D010 gpgv: Good signature from "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" gpgv: Signature made Sat Jan 23 18:55:24 2016 IST using RSA key ID 518E17E1 gpgv: Good signature from "Jessie Stable Release Key <debian-release@lists.debian.org>" /var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_jessie_Release synced. /var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_jessie_Release.gpg synced. /var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_jessie_main_binary-amd64_Packages.bz2 synced. /var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_jessie_main_i18n_Translation-en.bz2 synced. Please give me an ACK on this email, and then I will go ahead and upload it for Stable (Jessie) inclusion. The debdiff is attached with this bug report. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.5+ (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_IN.utf8, LC_CTYPE=en_IN.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff -Nru apt-offline-1.5.1/apt_offline_core/AptOfflineCoreLib.py apt-offline-1.5.2/apt_offline_core/AptOfflineCoreLib.py --- apt-offline-1.5.1/apt_offline_core/AptOfflineCoreLib.py 2015-11-18 19:37:20.000000000 +0530 +++ apt-offline-1.5.2/apt_offline_core/AptOfflineCoreLib.py 2016-02-14 20:53:21.000000000 +0530 @@ -93,7 +93,7 @@ app_name = "apt-offline" -version = "1.5" +version = "1.5.2" myCopyright = "(C) 2005 - 2014 Ritesh Raj Sarraf" terminal_license = "This program comes with ABSOLUTELY NO WARRANTY.\n\ This is free software, and you are welcome to redistribute it under\n\ @@ -915,15 +915,37 @@ class APTVerifySigs: def __init__(self, gpgv=None, keyring=None): + self.defaultPaths = ['/etc/apt/trusted.gpg.d/', '/usr/share/keyrings/'] + if gpgv is None: self.gpgv="/usr/bin/gpgv" else: self.gpgv=gpgv - + + self.opts = [] if keyring is None: - self.opts="--keyring /etc/apt/trusted.gpg --ignore-time-conflict" + + self.opts.append("--ignore-time-conflict ") + + #INFO: For backwards compatibility + if os.path.exists("/etc/apt/trusted.gpg"): + self.opts.extend("--keyring /etc/apt/trusted.gpg".split()) + + for eachPath in self.defaultPaths: + if os.path.exists(eachPath): + for eachGPG in os.listdir(eachPath): + eachGPG = os.path.join(eachPath, eachGPG) + if os.path.exists(eachGPG): + log.verbose("Adding %s to the apt-offline keyring\n" % (eachGPG) ) + eachKeyring = "--keyring %s" % (eachGPG) + self.opts.extend(eachKeyring.split()) + else: + log.err("Path for keyring is invalid: %s\n" % (eachGPG) ) + else: + log.err("Path for keyring is invalid: %s\n" % (eachPath) ) else: - self.opts = "--keyring %s --ignore-time-conflict" % (keyring) + finalKeyring = "--keyring %s --ignore-time-conflict" % (keyring) + self.opts.extend(finalKeyring.split()) def VerifySig(self, signature_file, signed_file): @@ -933,8 +955,10 @@ if not os.access(signed_file, os.F_OK): log.err("%s is bad. Can't proceed.\n" % (signed_file) ) return False - - x = os.system("%s %s %s %s" % (self.gpgv, self.opts, signature_file, signed_file) ) + gpgOpts = "" + for eachOpt in self.opts: + gpgOpts += ' ' + eachOpt + x = os.system("%s %s %s %s" % (self.gpgv, gpgOpts, signature_file, signed_file) ) #TODO: Find a way to redirect std[out|err] # look at subprocess module @@ -1155,7 +1179,7 @@ os.rename(temp_filename, filename) else: os.unlink(temp_filename) - elif magicMIME.file( archive_file ) == "application/x-gnupg-keyring": + elif magicMIME.file( archive_file ) == "application/x-gnupg-keyring" or magicMIME.file( archive_file ) == "application/pgp-signature": filename = os.path.join(apt_update_target_path, filename) shutil.copy2(archive_file, filename) # PGP armored data should be bypassed diff -Nru apt-offline-1.5.1/debian/changelog apt-offline-1.5.2/debian/changelog --- apt-offline-1.5.1/debian/changelog 2015-11-18 19:40:36.000000000 +0530 +++ apt-offline-1.5.2/debian/changelog 2016-02-14 20:54:54.000000000 +0530 @@ -1,3 +1,11 @@ +apt-offline (1.5.2) jessie; urgency=medium + + * [64dd250] Fix detection of filetype .gpg and extend keyring database. + Thanks to Daniel Freedman + * [1ea439e] Mark as stable release 1.5.2 + + -- Ritesh Raj Sarraf <rrs@debian.org> Sun, 14 Feb 2016 20:54:15 +0530 + apt-offline (1.5.1) jessie; urgency=medium * [67c2ba5] Add python-apt to Depends. Thanks Paul Wise
--- End Message ---
--- Begin Message ---
- To: 814716-done@bugs.debian.org
- Subject: Re: Bug#814716: jessie-pu: package apt-offline/1.5.1
- From: Ritesh Raj Sarraf <rrs@debian.org>
- Date: Sun, 21 Feb 2016 19:14:46 +0530
- Message-id: <1456062286.4681.3.camel@debian.org>
- Reply-to: rrs@debian.org
- In-reply-to: <[🔎] CAP0eoCxw7sfFvHx8MwxF2fdg8D1E=CLHfQCJP_RYNaqTXecWmA@mail.gmail.com>
- References: <[🔎] 145546530023.16898.636375644076996430.reportbug@learner.researchut.com> <[🔎] 20160220143013.GB6200@betterave.cristau.org> <[🔎] CAP0eoCxw7sfFvHx8MwxF2fdg8D1E=CLHfQCJP_RYNaqTXecWmA@mail.gmail.com>On Sun, 2016-02-21 at 00:03 +0530, Ritesh Raj Sarraf wrote: > Yes. I'll be sending a revised patch soon. > s3nt fr0m a $martph0ne, excuse typ0s I'm closing this for now. There may be more issues. I'll add Paul's fix in the master repo though. -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System
Attachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---