launchpad-reviewers team mailing list archive

[Colin Watson <cjwatson@xxxxxxxxxxxxx>]

Colin Watson has proposed merging lp:~cjwatson/launchpad/inline-release into lp:launchpad.

Commit message:
Add clearsigned InRelease files for archives.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #804252 in Launchpad itself: "Please support InRelease files"
  https://bugs.launchpad.net/launchpad/+bug/804252

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/inline-release/+merge/272132

Add clearsigned InRelease files for archives.

This only applies to PPAs.  The primary archive will be handled by a separate change to ubuntu-archive-publishing once one remaining bit of Canonical's infrastructure has been upgraded to cope with that.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/launchpad/inline-release into lp:launchpad.

=== modified file 'lib/lp/archivepublisher/archivesigningkey.py'
--- lib/lp/archivepublisher/archivesigningkey.py	2015-07-08 16:05:11 +0000
+++ lib/lp/archivepublisher/archivesigningkey.py	2015-09-23 15:47:46 +0000
@@ -135,3 +135,12 @@
             os.path.join(suite_path, 'Release.gpg'), 'w')
         release_signature_file.write(signature)
         release_signature_file.close()
+
+        inline_release = gpghandler.signContent(
+            release_file_content, secret_key.fingerprint,
+            mode=gpgme.SIG_MODE_CLEAR)
+
+        inline_release_file = open(
+            os.path.join(suite_path, 'InRelease'), 'w')
+        inline_release_file.write(inline_release)
+        inline_release_file.close()

=== modified file 'lib/lp/archivepublisher/tests/archive-signing.txt'
--- lib/lp/archivepublisher/tests/archive-signing.txt	2012-09-20 12:00:22 +0000
+++ lib/lp/archivepublisher/tests/archive-signing.txt	2015-09-23 15:47:46 +0000
@@ -15,9 +15,11 @@
 Once the signing key is available, the subsequent publications will
 result in a signed repository.
 
-The signed repository will contained a detached signature of the
-top-level 'Release' file, named 'Release.gpg' and a ASCII-armoded
-export of the public GPG key (name 'key.gpg')
+The signed repository will contain a detached signature of the
+top-level 'Release' file, named 'Release.gpg' and a ASCII-armored
+export of the public GPG key (name 'key.gpg'). A clearsigned
+'InRelease' file is also created, reducing the risk of clients
+acquiring skewed copies of the content and its signature.
 
 We will set up and use the test-keyserver.
 
@@ -377,7 +379,7 @@
     /var/tmp/ppa.test/cprov/ppa/ubuntutest/dists/hoary/Release
 
 It produces a detached signature for the repository Release current
-file contents.
+file contents, and a clearsigned InRelease file.
 
     >>> from lp.archivepublisher.config import getPubConfig
     >>> archive_root = getPubConfig(cprov.archive).archiveroot
@@ -398,6 +400,15 @@
     -----END PGP SIGNATURE-----
     <BLANKLINE>
 
+    >>> inline_release_path = os.path.join(suite_path, 'InRelease')
+    >>> print open(inline_release_path).read()
+    -----BEGIN PGP SIGNED MESSAGE-----
+    ...
+    -----BEGIN PGP SIGNATURE-----
+    ...
+    -----END PGP SIGNATURE-----
+    <BLANKLINE>
+
 The signature can be verified by retrieving the public key from the
 keyserver.
 
@@ -415,6 +426,11 @@
     >>> signature.fingerprint == expected_fingerprint
     True
 
+    >>> inline_signature = gpghandler.getVerifiedSignature(
+    ...     content=open(inline_release_path).read())
+    >>> inline_signature.fingerprint == expected_fingerprint
+    True
+
 Finally, if we try to sign a repository for which the archive doesn't
 have a 'signing_key' set,  it raises an error.
 

=== modified file 'lib/lp/archivepublisher/tests/test_publisher.py'
--- lib/lp/archivepublisher/tests/test_publisher.py	2015-04-09 05:16:37 +0000
+++ lib/lp/archivepublisher/tests/test_publisher.py	2015-09-23 15:47:46 +0000
@@ -2183,6 +2183,10 @@
         return os.path.join(self.suite_path, 'Release.gpg')
 
     @property
+    def inline_release_file_path(self):
+        return os.path.join(self.suite_path, 'InRelease')
+
+    @property
     def public_key_path(self):
         return os.path.join(
             self.archive_publisher._config.distsroot, 'key.gpg')
@@ -2206,7 +2210,8 @@
         """Check publisher behaviour when signing repositories.
 
         When the 'signing_key' is available every modified suite Release
-        file gets signed with a detached signature name 'Release.gpg'.
+        file gets signed with a detached signature name 'Release.gpg' and
+        a clearsigned file name 'InRelease'.
         """
         cprov = getUtility(IPersonSet).getByName('cprov')
         self.assertTrue(cprov.archive.signing_key is None)
@@ -2222,9 +2227,10 @@
 
         self._publishArchive(cprov.archive)
 
-        # Both, Release and Release.gpg exist.
+        # All of Release, Release.gpg, and InRelease exist.
         self.assertTrue(os.path.exists(self.release_file_path))
         self.assertTrue(os.path.exists(self.release_file_signature_path))
+        self.assertTrue(os.path.exists(self.inline_release_file_path))
 
         # Release file signature is correct and was done by Celso's PPA
         # signing_key.
@@ -2235,6 +2241,15 @@
         self.assertEqual(
             cprov.archive.signing_key.fingerprint, signature.fingerprint)
 
+        # InRelease file signature is correct and was done by Celso's PPA
+        # signing_key.
+        with open(self.inline_release_file_path) as inline_release_file:
+            inline_signature = getUtility(IGPGHandler).getVerifiedSignature(
+                inline_release_file.read())
+        self.assertEqual(
+            inline_signature.fingerprint,
+            cprov.archive.signing_key.fingerprint)
+
         # All done, turn test-keyserver off.
         tac.tearDown()