Bug#1051852: python-apt does not recognise 'signed-by' parameter

To: submit@bugs.debian.org
Subject: Bug#1051852: python-apt does not recognise 'signed-by' parameter
From: zzaimeche <zzaimeche@suse.de>
Date: Wed, 13 Sep 2023 16:27:13 +0000
Message-id: <[🔎] 351a43aa2089e29f3af00caf99ae21ee@suse.de>
Reply-to: zzaimeche <zzaimeche@suse.de>, 1051852@bugs.debian.org

Package: python3-apt
Version: all

The current code does not handle sources which include the 'signed-by'option.These are interpreted as invalid, although signed-by is listed as avalid

option for ubuntu source lists here:
https://manpages.ubuntu.com/manpages/focal/en/man5/sources.list.5.html .

I'm not sure whether it's supported for debian or not,
but I couldn't find a better place to report the issue,
so hopefully this is the right place! :)

When 'signed-by' is not recognised, it causes knock-on effects,
for example when using salt to add repos to /etc/apt/sources.list,
there will be duplicate entries.

This is where the 'signed-by' parameter would need to be added:
https://salsa.debian.org/apt-team/python-apt/-/blob/main/aptsources/sourceslist.py#L240

And below is a patch that has fixed the issue for us
(it's a little old so we may need to adjust the line numbers, but the
rest should be the same).
Best Wishes,
Zara

@@ -, +, @@
---
 aptsources/sourceslist.py | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)
--- a/aptsources/sourceslist.py
+++ a/aptsources/sourceslist.py
@@ -92,6 +92,7 @@ class SourceEntry(object):
         self.type = ""               # what type (deb, deb-src)
         self.architectures = []      # architectures
         self.trusted = None          # Trusted
+        self.signed_by = ""          # gpg
         self.uri = ""                # base-uri
         self.dist = ""               # distribution (dapper, edgy, etc)

self.comps = [] # list of available componetns(may empty)

@@ -198,6 +199,8 @@ class SourceEntry(object):
                         self.architectures = value.split(",")
                     elif key == "trusted":
                         self.trusted = apt_pkg.string_to_bool(value)
+                    elif key == "signed-by":
+                        self.signed_by = value
                     else:
                         self.invalid = True
@@ -239,13 +242,23 @@ class SourceEntry(object):
         line += self.type
-        if self.architectures and self.trusted is not None:
-            line += " [arch=%s trusted=%s]" % (

- ",".join(self.architectures), "yes" if self.trustedelse "no")

-        elif self.trusted is not None:
-            line += " [trusted=%s]" % ("yes" if self.trusted else "no")
-        elif self.architectures:
-            line += " [arch=%s]" % ",".join(self.architectures)
+        repo_opts = {}
+
+        if self.architectures:
+            repo_opts["arch"] = ",".join(self.architectures)
+
+        if self.trusted is not None:
+            repo_opts["trusted"] = "yes" if self.trusted else "no"
+
+        if self.signed_by:
+            repo_opts["signed-by"] = self.signed_by
+
+        if repo_opts:
+            _opts_str = ""
+            for key in repo_opts:
+                _opts_str += "%s=%s " % (key, repo_opts[key])
+            line += " [%s]" % _opts_str.strip()
+
         line += " %s %s" % (self.uri, self.dist)
         if len(self.comps) > 0:
             line += " " + " ".join(self.comps)
--

Reply to:

Prev by Date: Bug#1051732: apt: download content from unauthenticated repository if matching authenticated repository
Next by Date: Examen de Certificación de Recursos Humanos
Previous by thread: Bug#1051732: apt: download content from unauthenticated repository if matching authenticated repository
Next by thread: Examen de Certificación de Recursos Humanos
Index(es):
- Date
- Thread