Bug#926045: unblock: software-properties/0.96.20.2-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package software-properties
This fixes a release critical bug that made software-properties
generate a trusted.gpg file in the wrong format, causing apt to
fail to read.
I essentially replaced the AptAuth.py with the one in Ubuntu 18.04,
which makes it use apt-key instead of gpg directly, so while this
is not as minimal a change as it maybe? could be, it's battle-tested :)
(include/attach the debdiff against the package in testing)
unblock software-properties/0.96.20.2-2
-- System Information:
Debian Release: buster/sid
APT prefers disco
APT policy: (991, 'disco'), (500, 'disco'), (500, 'cosmic-security')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.0.0-7-generic (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
diff -Nru software-properties-0.96.20.2/debian/changelog software-properties-0.96.20.2/debian/changelog
--- software-properties-0.96.20.2/debian/changelog 2016-06-30 12:13:48.000000000 +0200
+++ software-properties-0.96.20.2/debian/changelog 2019-03-30 20:45:34.000000000 +0100
@@ -1,3 +1,10 @@
+software-properties (0.96.20.2-2) unstable; urgency=medium
+
+ * softwareproperties/AptAuth.py: Use apt-key (Closes: #867681)
+ * debian/gbp.conf: Point to debian/buster
+
+ -- Julian Andres Klode <jak@debian.org> Sat, 30 Mar 2019 20:45:34 +0100
+
software-properties (0.96.20.2-1) unstable; urgency=medium
* Imported Upstream version 0.96.20.2
diff -Nru software-properties-0.96.20.2/debian/gbp.conf software-properties-0.96.20.2/debian/gbp.conf
--- software-properties-0.96.20.2/debian/gbp.conf 2016-06-30 12:13:48.000000000 +0200
+++ software-properties-0.96.20.2/debian/gbp.conf 2019-03-30 20:45:34.000000000 +0100
@@ -1,2 +1,3 @@
-[buildpackage]
+[DEFAULT]
sign-tags = True
+debian-branch = debian/buster
diff -Nru software-properties-0.96.20.2/debian/patches/0001-Imported-Debian-version-0.96.9debian1.patch software-properties-0.96.20.2/debian/patches/0001-Imported-Debian-version-0.96.9debian1.patch
--- software-properties-0.96.20.2/debian/patches/0001-Imported-Debian-version-0.96.9debian1.patch 2016-06-30 12:13:48.000000000 +0200
+++ software-properties-0.96.20.2/debian/patches/0001-Imported-Debian-version-0.96.9debian1.patch 2019-03-30 20:45:34.000000000 +0100
@@ -46,7 +46,7 @@
<packing>
<property name="expand">True</property>
diff --git a/softwareproperties/gtk/SoftwarePropertiesGtk.py b/softwareproperties/gtk/SoftwarePropertiesGtk.py
-index fbe5b0a..33eaaca 100644
+index 11e65c4..cf375c1 100644
--- a/softwareproperties/gtk/SoftwarePropertiesGtk.py
+++ b/softwareproperties/gtk/SoftwarePropertiesGtk.py
@@ -51,7 +51,11 @@ import softwareproperties.distro
diff -Nru software-properties-0.96.20.2/debian/patches/0004-Implement-PackageKit-support.patch software-properties-0.96.20.2/debian/patches/0004-Implement-PackageKit-support.patch
--- software-properties-0.96.20.2/debian/patches/0004-Implement-PackageKit-support.patch 2016-06-30 12:13:48.000000000 +0200
+++ software-properties-0.96.20.2/debian/patches/0004-Implement-PackageKit-support.patch 2019-03-30 20:45:34.000000000 +0100
@@ -146,7 +146,7 @@
return res
diff --git a/softwareproperties/gtk/SoftwarePropertiesGtk.py b/softwareproperties/gtk/SoftwarePropertiesGtk.py
-index 33eaaca..df8ad45 100644
+index cf375c1..92037a9 100644
--- a/softwareproperties/gtk/SoftwarePropertiesGtk.py
+++ b/softwareproperties/gtk/SoftwarePropertiesGtk.py
@@ -27,16 +27,21 @@ from __future__ import absolute_import, print_function
@@ -191,7 +191,7 @@
# Put some life into the user interface:
self.init_auto_update()
-@@ -1031,7 +1038,7 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp):
+@@ -1033,7 +1040,7 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp):
if e._dbus_error_name == 'com.ubuntu.SoftwareProperties.PermissionDeniedByPolicy':
logging.error("Authentication canceled, changes have not been saved")
@@ -200,7 +200,7 @@
#print(progress)
self.button_driver_revert.set_visible(False)
self.button_driver_apply.set_visible(False)
-@@ -1041,30 +1048,30 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp):
+@@ -1043,30 +1050,30 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp):
self.progress_bar.set_visible(True)
self.label_driver_action.set_label(_("Applying changes..."))
@@ -254,7 +254,7 @@
def on_driver_changes_apply(self, button):
-@@ -1077,18 +1084,36 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp):
+@@ -1079,18 +1086,36 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp):
else:
installs.append(pkg.shortname)
@@ -299,7 +299,7 @@
print("Warning: install transaction not completed successfully: {}".format(e))
def on_driver_changes_revert(self, button_revert=None):
-@@ -1108,7 +1133,7 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp):
+@@ -1110,7 +1135,7 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp):
self.button_driver_apply.set_sensitive(False)
def on_driver_changes_cancel(self, button_cancel):
diff -Nru software-properties-0.96.20.2/debian/patches/0006-softwareproperties-AptAuth.py-Use-apt-key.patch software-properties-0.96.20.2/debian/patches/0006-softwareproperties-AptAuth.py-Use-apt-key.patch
--- software-properties-0.96.20.2/debian/patches/0006-softwareproperties-AptAuth.py-Use-apt-key.patch 1970-01-01 01:00:00.000000000 +0100
+++ software-properties-0.96.20.2/debian/patches/0006-softwareproperties-AptAuth.py-Use-apt-key.patch 2019-03-30 20:45:34.000000000 +0100
@@ -0,0 +1,110 @@
+From: Julian Andres Klode <jak@debian.org>
+Date: Sat, 30 Mar 2019 20:41:15 +0100
+Subject: softwareproperties/AptAuth.py: Use apt-key
+
+This fixes the code to not generate gpg keybox files rather
+than classical keyring files (concatenated public keys), which
+broke apt.
+
+Closes: #867681
+---
+ softwareproperties/AptAuth.py | 61 +++++++++++++++++--------------------------
+ 1 file changed, 24 insertions(+), 37 deletions(-)
+
+diff --git a/softwareproperties/AptAuth.py b/softwareproperties/AptAuth.py
+index 7cc88ce..cbbe94f 100644
+--- a/softwareproperties/AptAuth.py
++++ b/softwareproperties/AptAuth.py
+@@ -22,6 +22,7 @@
+ from __future__ import print_function
+
+ import atexit
++import datetime
+ import gettext
+ import os
+ import shutil
+@@ -44,61 +45,47 @@ N_("Ubuntu Extras Archive Automatic Signing Key <ftpmaster@ubuntu.com>")
+
+ class AptAuth:
+ def __init__(self, rootdir="/"):
+- self.gpg = ["/usr/bin/gpg"]
+- self.base_opt = self.gpg + [
+- "--no-options",
+- "--no-default-keyring",
+- "--no-auto-check-trustdb",
+- "--trust-model", "always",
+- "--keyring", os.path.join(rootdir, "etc/apt/trusted.gpg"),
+- ]
++ self.rootdir = rootdir
+ self.tmpdir = tempfile.mkdtemp()
+- self.base_opt += ["--secret-keyring",
+- os.path.join(self.tmpdir, "secring.gpg")]
+- self.list_opt = self.base_opt + ["--with-colons",
+- "--batch",
+- "--list-keys"]
+- self.rm_opt = self.base_opt + ["--quiet",
+- "--batch",
+- "--delete-key",
+- "--yes"]
+- self.add_opt = self.base_opt + ["--quiet",
+- "--batch",
+- "--import"]
++ self.aptconf = os.path.join(self.tmpdir, 'apt.conf')
++ with open(self.aptconf, 'w') as f:
++ f.write('DIR "%s";\n' % self.rootdir)
++ os.environ['APT_CONFIG'] = self.aptconf
+ atexit.register(self._cleanup_tmpdir)
+
+ def _cleanup_tmpdir(self):
+ shutil.rmtree(self.tmpdir)
+-
++
+ def list(self):
++ cmd = ["/usr/bin/apt-key", "--quiet", "adv", "--with-colons", "--batch", "--fixed-list-mode", "--list-keys"]
+ res = []
+- #print(self.list_opt)
+- p = subprocess.Popen(
+- self.list_opt, stdout=PIPE, universal_newlines=True).stdout
++ p = subprocess.Popen(cmd, stdout=PIPE, stderr=PIPE, universal_newlines=True).stdout
++ name = ''
+ for line in p:
+ fields = line.split(":")
+- if fields[0] == "pub":
++ if fields[0] in ["pub", "uid"]:
+ name = fields[9]
+- res.append("%s %s\n%s" %((fields[4])[-8:],fields[5], _(name)))
++ if fields[0] == "pub":
++ key = fields[4]
++ expiry = datetime.date.fromtimestamp(int(fields[5])).isoformat()
++ if not name:
++ continue
++ res.append("%s %s\n%s" % (key, expiry, _(name)))
++ name = ''
+ p.close()
+ return res
+
+ def add(self, filename):
+- #print("request to add " + filename)
+- cmd = self.add_opt[:]
+- cmd.append(filename)
+- #print("cmd is: %s" % ' '.join(cmd))
+- p = subprocess.Popen(cmd)
++ cmd = ["/usr/bin/apt-key", "--quiet", "--fakeroot", "add", filename]
++ p = subprocess.Popen(cmd, stderr=PIPE)
+ return (p.wait() == 0)
+
+ def update(self):
+- cmd = ["/usr/bin/apt-key", "update"]
+- p = subprocess.Popen(cmd)
++ cmd = ["/usr/bin/apt-key", "--quiet", "--fakeroot", "update"]
++ p = subprocess.Popen(cmd, stderr=PIPE)
+ return (p.wait() == 0)
+
+ def rm(self, key):
+- #print("request to remove " + key)
+- cmd = self.rm_opt[:]
+- cmd.append(key)
+- p = subprocess.Popen(cmd)
++ cmd = ["/usr/bin/apt-key", "--quiet", "--fakeroot", "rm", key]
++ p = subprocess.Popen(cmd, stderr=PIPE)
+ return (p.wait() == 0)
diff -Nru software-properties-0.96.20.2/debian/patches/series software-properties-0.96.20.2/debian/patches/series
--- software-properties-0.96.20.2/debian/patches/series 2016-06-30 12:13:48.000000000 +0200
+++ software-properties-0.96.20.2/debian/patches/series 2019-03-30 20:45:34.000000000 +0100
@@ -3,3 +3,4 @@
0003-Fix-typo-in-software-properties-drivers.desktop-and-.patch
0004-Implement-PackageKit-support.patch
0006-l18n-template-rebuild.patch
+0006-softwareproperties-AptAuth.py-Use-apt-key.patch
Reply to: