Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package software-properties This fixes a release critical bug that made software-properties generate a trusted.gpg file in the wrong format, causing apt to fail to read. I essentially replaced the AptAuth.py with the one in Ubuntu 18.04, which makes it use apt-key instead of gpg directly, so while this is not as minimal a change as it maybe? could be, it's battle-tested :) (include/attach the debdiff against the package in testing) unblock software-properties/0.96.20.2-2 -- System Information: Debian Release: buster/sid APT prefers disco APT policy: (991, 'disco'), (500, 'disco'), (500, 'cosmic-security') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.0.0-7-generic (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
diff -Nru software-properties-0.96.20.2/debian/changelog software-properties-0.96.20.2/debian/changelog --- software-properties-0.96.20.2/debian/changelog 2016-06-30 12:13:48.000000000 +0200 +++ software-properties-0.96.20.2/debian/changelog 2019-03-30 20:45:34.000000000 +0100 @@ -1,3 +1,10 @@ +software-properties (0.96.20.2-2) unstable; urgency=medium + + * softwareproperties/AptAuth.py: Use apt-key (Closes: #867681) + * debian/gbp.conf: Point to debian/buster + + -- Julian Andres Klode <j...@debian.org> Sat, 30 Mar 2019 20:45:34 +0100 + software-properties (0.96.20.2-1) unstable; urgency=medium * Imported Upstream version 0.96.20.2 diff -Nru software-properties-0.96.20.2/debian/gbp.conf software-properties-0.96.20.2/debian/gbp.conf --- software-properties-0.96.20.2/debian/gbp.conf 2016-06-30 12:13:48.000000000 +0200 +++ software-properties-0.96.20.2/debian/gbp.conf 2019-03-30 20:45:34.000000000 +0100 @@ -1,2 +1,3 @@ -[buildpackage] +[DEFAULT] sign-tags = True +debian-branch = debian/buster diff -Nru software-properties-0.96.20.2/debian/patches/0001-Imported-Debian-version-0.96.9debian1.patch software-properties-0.96.20.2/debian/patches/0001-Imported-Debian-version-0.96.9debian1.patch --- software-properties-0.96.20.2/debian/patches/0001-Imported-Debian-version-0.96.9debian1.patch 2016-06-30 12:13:48.000000000 +0200 +++ software-properties-0.96.20.2/debian/patches/0001-Imported-Debian-version-0.96.9debian1.patch 2019-03-30 20:45:34.000000000 +0100 @@ -46,7 +46,7 @@ <packing> <property name="expand">True</property> diff --git a/softwareproperties/gtk/SoftwarePropertiesGtk.py b/softwareproperties/gtk/SoftwarePropertiesGtk.py -index fbe5b0a..33eaaca 100644 +index 11e65c4..cf375c1 100644 --- a/softwareproperties/gtk/SoftwarePropertiesGtk.py +++ b/softwareproperties/gtk/SoftwarePropertiesGtk.py @@ -51,7 +51,11 @@ import softwareproperties.distro diff -Nru software-properties-0.96.20.2/debian/patches/0004-Implement-PackageKit-support.patch software-properties-0.96.20.2/debian/patches/0004-Implement-PackageKit-support.patch --- software-properties-0.96.20.2/debian/patches/0004-Implement-PackageKit-support.patch 2016-06-30 12:13:48.000000000 +0200 +++ software-properties-0.96.20.2/debian/patches/0004-Implement-PackageKit-support.patch 2019-03-30 20:45:34.000000000 +0100 @@ -146,7 +146,7 @@ return res diff --git a/softwareproperties/gtk/SoftwarePropertiesGtk.py b/softwareproperties/gtk/SoftwarePropertiesGtk.py -index 33eaaca..df8ad45 100644 +index cf375c1..92037a9 100644 --- a/softwareproperties/gtk/SoftwarePropertiesGtk.py +++ b/softwareproperties/gtk/SoftwarePropertiesGtk.py @@ -27,16 +27,21 @@ from __future__ import absolute_import, print_function @@ -191,7 +191,7 @@ # Put some life into the user interface: self.init_auto_update() -@@ -1031,7 +1038,7 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp): +@@ -1033,7 +1040,7 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp): if e._dbus_error_name == 'com.ubuntu.SoftwareProperties.PermissionDeniedByPolicy': logging.error("Authentication canceled, changes have not been saved") @@ -200,7 +200,7 @@ #print(progress) self.button_driver_revert.set_visible(False) self.button_driver_apply.set_visible(False) -@@ -1041,30 +1048,30 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp): +@@ -1043,30 +1050,30 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp): self.progress_bar.set_visible(True) self.label_driver_action.set_label(_("Applying changes...")) @@ -254,7 +254,7 @@ def on_driver_changes_apply(self, button): -@@ -1077,18 +1084,36 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp): +@@ -1079,18 +1086,36 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp): else: installs.append(pkg.shortname) @@ -299,7 +299,7 @@ print("Warning: install transaction not completed successfully: {}".format(e)) def on_driver_changes_revert(self, button_revert=None): -@@ -1108,7 +1133,7 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp): +@@ -1110,7 +1135,7 @@ class SoftwarePropertiesGtk(SoftwareProperties, SimpleGtkbuilderApp): self.button_driver_apply.set_sensitive(False) def on_driver_changes_cancel(self, button_cancel): diff -Nru software-properties-0.96.20.2/debian/patches/0006-softwareproperties-AptAuth.py-Use-apt-key.patch software-properties-0.96.20.2/debian/patches/0006-softwareproperties-AptAuth.py-Use-apt-key.patch --- software-properties-0.96.20.2/debian/patches/0006-softwareproperties-AptAuth.py-Use-apt-key.patch 1970-01-01 01:00:00.000000000 +0100 +++ software-properties-0.96.20.2/debian/patches/0006-softwareproperties-AptAuth.py-Use-apt-key.patch 2019-03-30 20:45:34.000000000 +0100 @@ -0,0 +1,110 @@ +From: Julian Andres Klode <j...@debian.org> +Date: Sat, 30 Mar 2019 20:41:15 +0100 +Subject: softwareproperties/AptAuth.py: Use apt-key + +This fixes the code to not generate gpg keybox files rather +than classical keyring files (concatenated public keys), which +broke apt. + +Closes: #867681 +--- + softwareproperties/AptAuth.py | 61 +++++++++++++++++-------------------------- + 1 file changed, 24 insertions(+), 37 deletions(-) + +diff --git a/softwareproperties/AptAuth.py b/softwareproperties/AptAuth.py +index 7cc88ce..cbbe94f 100644 +--- a/softwareproperties/AptAuth.py ++++ b/softwareproperties/AptAuth.py +@@ -22,6 +22,7 @@ + from __future__ import print_function + + import atexit ++import datetime + import gettext + import os + import shutil +@@ -44,61 +45,47 @@ N_("Ubuntu Extras Archive Automatic Signing Key <ftpmas...@ubuntu.com>") + + class AptAuth: + def __init__(self, rootdir="/"): +- self.gpg = ["/usr/bin/gpg"] +- self.base_opt = self.gpg + [ +- "--no-options", +- "--no-default-keyring", +- "--no-auto-check-trustdb", +- "--trust-model", "always", +- "--keyring", os.path.join(rootdir, "etc/apt/trusted.gpg"), +- ] ++ self.rootdir = rootdir + self.tmpdir = tempfile.mkdtemp() +- self.base_opt += ["--secret-keyring", +- os.path.join(self.tmpdir, "secring.gpg")] +- self.list_opt = self.base_opt + ["--with-colons", +- "--batch", +- "--list-keys"] +- self.rm_opt = self.base_opt + ["--quiet", +- "--batch", +- "--delete-key", +- "--yes"] +- self.add_opt = self.base_opt + ["--quiet", +- "--batch", +- "--import"] ++ self.aptconf = os.path.join(self.tmpdir, 'apt.conf') ++ with open(self.aptconf, 'w') as f: ++ f.write('DIR "%s";\n' % self.rootdir) ++ os.environ['APT_CONFIG'] = self.aptconf + atexit.register(self._cleanup_tmpdir) + + def _cleanup_tmpdir(self): + shutil.rmtree(self.tmpdir) +- ++ + def list(self): ++ cmd = ["/usr/bin/apt-key", "--quiet", "adv", "--with-colons", "--batch", "--fixed-list-mode", "--list-keys"] + res = [] +- #print(self.list_opt) +- p = subprocess.Popen( +- self.list_opt, stdout=PIPE, universal_newlines=True).stdout ++ p = subprocess.Popen(cmd, stdout=PIPE, stderr=PIPE, universal_newlines=True).stdout ++ name = '' + for line in p: + fields = line.split(":") +- if fields[0] == "pub": ++ if fields[0] in ["pub", "uid"]: + name = fields[9] +- res.append("%s %s\n%s" %((fields[4])[-8:],fields[5], _(name))) ++ if fields[0] == "pub": ++ key = fields[4] ++ expiry = datetime.date.fromtimestamp(int(fields[5])).isoformat() ++ if not name: ++ continue ++ res.append("%s %s\n%s" % (key, expiry, _(name))) ++ name = '' + p.close() + return res + + def add(self, filename): +- #print("request to add " + filename) +- cmd = self.add_opt[:] +- cmd.append(filename) +- #print("cmd is: %s" % ' '.join(cmd)) +- p = subprocess.Popen(cmd) ++ cmd = ["/usr/bin/apt-key", "--quiet", "--fakeroot", "add", filename] ++ p = subprocess.Popen(cmd, stderr=PIPE) + return (p.wait() == 0) + + def update(self): +- cmd = ["/usr/bin/apt-key", "update"] +- p = subprocess.Popen(cmd) ++ cmd = ["/usr/bin/apt-key", "--quiet", "--fakeroot", "update"] ++ p = subprocess.Popen(cmd, stderr=PIPE) + return (p.wait() == 0) + + def rm(self, key): +- #print("request to remove " + key) +- cmd = self.rm_opt[:] +- cmd.append(key) +- p = subprocess.Popen(cmd) ++ cmd = ["/usr/bin/apt-key", "--quiet", "--fakeroot", "rm", key] ++ p = subprocess.Popen(cmd, stderr=PIPE) + return (p.wait() == 0) diff -Nru software-properties-0.96.20.2/debian/patches/series software-properties-0.96.20.2/debian/patches/series --- software-properties-0.96.20.2/debian/patches/series 2016-06-30 12:13:48.000000000 +0200 +++ software-properties-0.96.20.2/debian/patches/series 2019-03-30 20:45:34.000000000 +0100 @@ -3,3 +3,4 @@ 0003-Fix-typo-in-software-properties-drivers.desktop-and-.patch 0004-Implement-PackageKit-support.patch 0006-l18n-template-rebuild.patch +0006-softwareproperties-AptAuth.py-Use-apt-key.patch