launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #21772
[Merge] lp:~cjwatson/launchpad/show-signing-key-fingerprints into lp:launchpad
Colin Watson has proposed merging lp:~cjwatson/launchpad/show-signing-key-fingerprints into lp:launchpad.
Commit message:
Show GPG fingerprints rather than collidable short key IDs.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
Related bugs:
Bug #1576142 in Launchpad itself: "show the gpg long keyid (instead of the short) on profile pages"
https://bugs.launchpad.net/launchpad/+bug/1576142
For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/show-signing-key-fingerprints/+merge/328305
--
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/launchpad/show-signing-key-fingerprints into lp:launchpad.
=== modified file 'lib/lp/archiveuploader/dscfile.py'
--- lib/lp/archiveuploader/dscfile.py 2017-03-29 09:28:09 +0000
+++ lib/lp/archiveuploader/dscfile.py 2017-07-31 12:27:40 +0000
@@ -181,7 +181,7 @@
if key.active == False:
raise UploadError("File %s is signed with a deactivated key %s"
- % (filename, key.keyid))
+ % (filename, key.fingerprint))
return (key, sig.plain_data)
=== modified file 'lib/lp/registry/browser/configure.zcml'
--- lib/lp/registry/browser/configure.zcml 2015-06-19 05:07:14 +0000
+++ lib/lp/registry/browser/configure.zcml 2017-07-31 12:27:40 +0000
@@ -2534,7 +2534,7 @@
/>
<browser:url
for="lp.registry.interfaces.gpg.IGPGKey"
- path_expression="string:+gpg-keys/${keyid}"
+ path_expression="string:+gpg-keys/${fingerprint}"
rootsite="api"
attribute_to_parent="owner"
/>
=== modified file 'lib/lp/registry/browser/tests/test_gpgkey.py'
--- lib/lp/registry/browser/tests/test_gpgkey.py 2016-11-03 15:07:36 +0000
+++ lib/lp/registry/browser/tests/test_gpgkey.py 2017-07-31 12:27:40 +0000
@@ -24,7 +24,7 @@
gpgkey = self.factory.makeGPGKey(person)
self.assertEqual(
'%s/+gpg-keys/%s' % (
- canonical_url(person, rootsite='api'), gpgkey.keyid),
+ canonical_url(person, rootsite='api'), gpgkey.fingerprint),
canonical_url(gpgkey))
=== modified file 'lib/lp/registry/model/gpgkey.py'
--- lib/lp/registry/model/gpgkey.py 2016-12-22 16:32:38 +0000
+++ lib/lp/registry/model/gpgkey.py 2017-07-31 12:27:40 +0000
@@ -56,7 +56,8 @@
@property
def displayname(self):
- return '%s%s/%s' % (self.keysize, self.algorithm.title, self.keyid)
+ return '%s%s/%s' % (
+ self.keysize, self.algorithm.title, self.fingerprint)
@implementer(IGPGKeySet)
@@ -85,7 +86,7 @@
ownerID = requester.id
keyid = key.keyid
keysize = key.keysize
- algorithm = GPGKeyAlgorithm.items[key.algorithm]
+ algorithm = key.algorithm
lp_key = self.new(
ownerID, keyid, fingerprint, keysize, algorithm,
can_encrypt=can_encrypt)
=== modified file 'lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt'
--- lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt 2016-03-23 17:55:39 +0000
+++ lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt 2017-07-31 12:27:40 +0000
@@ -43,7 +43,7 @@
>>> browser.getControl(name='import').click()
>>> print_feedback_messages(browser.contents)
A message has been sent to test@xxxxxxxxxxxxx, encrypted
- with the key 1024D/DFD20543.
+ with the key 1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543.
To confirm the key is yours, decrypt the message and follow the
link inside.
@@ -103,8 +103,9 @@
>>> key = import_secret_test_key('test@xxxxxxxxxxxxxxxxx')
'cipher_body' is a message encrypted with the just-imported
-1024D/DFD20543 OpenPGP key, we need to access the current IGpghandler
-instance to access this key and decrypt the message.
+1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543 OpenPGP key, we need to
+access the current IGpghandler instance to access this key and decrypt the
+message.
>>> body = decrypt_content(cipher_body, 'test')
@@ -130,13 +131,14 @@
>>> browser.url
'http://launchpad.dev/~name12'
>>> print_feedback_messages(browser.contents)
- The key 1024D/DFD20543 was successfully validated.
+ The key 1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543 was successfully
+ validated.
Certify the key is imported:
>>> browser.open("http://launchpad.dev/~name12/+editpgpkeys";)
>>> browser.getControl(name='DEACTIVATE_GPGKEY').displayOptions
- ['1024D/DFD20543']
+ ['1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543']
Verify that the key was imported with the "can encrypt" flag set:
@@ -165,8 +167,8 @@
>>> browser.getControl(name='import').click()
>>> print_feedback_messages(browser.contents)
A message has been sent to test@xxxxxxxxxxxxx. To
- confirm the key 1024D/17B05A8F is yours, follow
- the link inside.
+ confirm the key 1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F is yours,
+ follow the link inside.
Sample Person checks their email.
@@ -192,8 +194,8 @@
User name : Sample Person
Email address: test@xxxxxxxxxxxxx
...
+ Key type : 1024D
Fingerprint : 447DBF38C4F9C4ED752246B77D88913717B05A8F
- Key type/ID : 1024D/17B05A8F
<BLANKLINE>
UIDs:
sign.only@xxxxxxxxxxxxx
@@ -256,7 +258,8 @@
The signed content does not match the message found in the email.
If they sign the text with a different key, they get an error
-message. The following text was signed with the key DFD20543:
+message. The following text was signed with the key
+A419AE861E88BC9E04B9C26FBA2B9389DFD20543:
>>> signed_content = """
... -----BEGIN PGP SIGNED MESSAGE-----
@@ -290,7 +293,8 @@
>>> browser.url
'http://launchpad.dev/~name12'
>>> print_feedback_messages(browser.contents)
- The key 1024D/17B05A8F was successfully validated.
+ The key 1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F was successfully
+ validated.
Now that the key has been validated, the login token is consumed:
@@ -306,16 +310,16 @@
>>> content = find_main_content(browser.contents)
>>> browser.getControl(name='DEACTIVATE_GPGKEY').displayOptions
- [...'1024D/17B05A8F (sign only)']
+ [...'1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F (sign only)']
On a mad whim they decide to de-activate the key they just imported.
>>> browser.getControl(name="DEACTIVATE_GPGKEY").displayValue = [
- ... '1024D/17B05A8F (sign only)']
+ ... '1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F (sign only)']
>>> browser.getControl('Deactivate Key').click()
>>> print_feedback_messages(browser.contents)
- Deactivated key(s): 1024D/17B05A8F
+ Deactivated key(s): 1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F
Coming to their senses, they ask for a re-validation of the key.
@@ -324,7 +328,7 @@
>>> print_feedback_messages(browser.contents)
A message has been sent to test@xxxxxxxxxxxxx with instructions
- to reactivate these key(s): 1024D/17B05A8F
+ to reactivate these key(s): 1024D/447DBF38C4F9C4ED752246B77D88913717B05A8F
They open the page and checks that the key is displayed as pending
revalidation.
@@ -427,8 +431,8 @@
Active signatures
If you change your mind about agreeing to a code of conduct,
you can deactivate your signature.
- ...: digitally signed by Sample Person (1024D/DFD20543)
- ...
+ ...: digitally signed by Sample Person
+ (1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543) ...
Now Sample Person will deactivate their key...
@@ -441,7 +445,7 @@
>>> print browser.contents
<...
...Your active keys...
- ...1024D/DFD20543...
+ ...1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543...
... but they forgot to select the checkbox of the key they want to remove.
@@ -454,12 +458,13 @@
Now they select the checkbox and deactivate it.
- >>> browser.getControl('1024D/DFD20543').selected = True
+ >>> browser.getControl(
+ ... '1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543').selected = True
>>> browser.getControl('Deactivate Key').click()
>>> soup = find_main_content(browser.contents)
>>> for tag in soup('p', 'informational message'):
... print tag.renderContents()
- Deactivated key(s): 1024D/DFD20543
+ Deactivated key(s): 1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543
Sample Person already has a deactivated key.
@@ -471,7 +476,7 @@
>>> print browser.contents
<...
...Deactivated keys...
- ...1024D/DFD20543...
+ ...1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543...
Now they'll request their key to be reactivated.
@@ -482,7 +487,8 @@
... print tag.renderContents()
No key(s) selected for reactivation.
- >>> browser.getControl('1024D/DFD20543').selected = True
+ >>> browser.getControl(
+ ... '1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543').selected = True
>>> browser.getControl('Reactivate Key').click()
>>> soup = find_main_content(browser.contents)
>>> for tag in soup('p', 'informational message'):
@@ -524,7 +530,8 @@
>>> print browser.contents
<...
- ...Key 1024D/DFD20543 successfully reactivated...
+ ...Key 1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543 successfully
+ reactivated...
And now we can see the key listed as one of Sample Person's active keys.
@@ -533,7 +540,7 @@
>>> print browser.contents
<...
...Your active keys...
- ...1024D/DFD20543...
+ ...1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543...
This test verifies that we correctly handle keys which are in some way
special: either invalid, broken, revoked, expired, or already imported.
=== modified file 'lib/lp/registry/stories/gpg-coc/xx-ubuntu-codeofconduct-signer.txt'
--- lib/lp/registry/stories/gpg-coc/xx-ubuntu-codeofconduct-signer.txt 2016-01-26 15:47:37 +0000
+++ lib/lp/registry/stories/gpg-coc/xx-ubuntu-codeofconduct-signer.txt 2017-07-31 12:27:40 +0000
@@ -15,7 +15,8 @@
>>> signatures = find_tags_by_class(admin_browser.contents, 'signature')
>>> for signature in signatures:
... print extract_text(signature)
- 2005-09-27: digitally signed by Foo Bar (1024D/12345678)
+ 2005-09-27: digitally signed by Foo Bar
+ (1024D/ABCDEF0123456789ABCDDCBA0000111112345678)
A regular user can't see the link to Foo Bar's signed codes of conduct.
=== modified file 'lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt'
--- lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt 2016-01-26 15:47:37 +0000
+++ lib/lp/registry/stories/person/xx-person-editgpgkeys-invalid-key.txt 2017-07-31 12:27:40 +0000
@@ -40,7 +40,8 @@
>>> for tag in find_tags_by_class(browser.contents, 'error message'):
... print tag.renderContents()
<BLANKLINE>
- The key AACCD97C cannot be validated because it has been publicly revoked.
+ The key 84D205F03E1E67096CB54E262BE83793AACCD97C cannot be validated
+ because it has been publicly revoked.
You will need to generate a new key (using <kbd>gpg --genkey</kbd>) and
repeat the process to import it.
<BLANKLINE>
@@ -55,10 +56,10 @@
>>> for tag in find_tags_by_class(browser.contents, 'error message'):
... print tag.renderContents()
<BLANKLINE>
- The key 046C6D63 cannot be validated because it has expired. Change the
- expiry date (in a terminal, enter <kbd>gpg --edit-key
- <var>your@email.address</var></kbd> then enter <kbd>expire</kbd>),
- and try again.
+ The key ECA5B797586F2E27381A16CFDE6C9167046C6D63 cannot be validated
+ because it has expired. Change the expiry date (in a terminal, enter
+ <kbd>gpg --edit-key <var>your@email.address</var></kbd> then enter
+ <kbd>expire</kbd>), and try again.
<BLANKLINE>
@@ -90,7 +91,8 @@
>>> for tag in find_tags_by_class(browser.contents, 'error message'):
... print tag.renderContents()
There is 1 error.
- The key AACCD97C cannot be validated because it has been publicly revoked.
+ The key 84D205F03E1E67096CB54E262BE83793AACCD97C cannot be validated
+ because it has been publicly revoked.
You will need to generate a new key (using <kbd>gpg --genkey</kbd>) and
repeat the previous process to
<a href="http://launchpad.dev/~name12/+editpgpkeys";>find and import</a>
@@ -105,10 +107,10 @@
>>> for tag in find_tags_by_class(browser.contents, 'error message'):
... print tag.renderContents()
There is 1 error.
- The key 046C6D63 cannot be validated because it has expired. Change the
- expiry date (in a terminal, enter <kbd>gpg --edit-key
- <var>your@email.address</var></kbd> then enter <kbd>expire</kbd>),
- and try again.
+ The key ECA5B797586F2E27381A16CFDE6C9167046C6D63 cannot be validated
+ because it has expired. Change the expiry date (in a terminal, enter
+ <kbd>gpg --edit-key <var>your@email.address</var></kbd> then enter
+ <kbd>expire</kbd>), and try again.
The login tokens are only consumed if they're successfully processed.
Otherwise they're kept around so the user can try again after fixing their
=== modified file 'lib/lp/registry/stories/person/xx-person-home.txt'
--- lib/lp/registry/stories/person/xx-person-home.txt 2016-01-26 15:47:37 +0000
+++ lib/lp/registry/stories/person/xx-person-home.txt 2017-07-31 12:27:40 +0000
@@ -106,7 +106,7 @@
In order to avoid email harvesters to find a person's email addresses
just by following the link to that person's OpenPGP keys, only
-authenticated users can see the key ID with a link to the keyserver.
+authenticated users can see the key fingerprint with a link to the keyserver.
>>> user_browser.open('http://launchpad.dev/~name16')
>>> print find_tag_by_id(user_browser.contents, 'pgp-keys')
@@ -116,7 +116,7 @@
>>> anon_browser.open('http://launchpad.dev/~name16')
>>> print find_tag_by_id(anon_browser.contents, 'pgp-keys')
<dl...
- <dd> 12345678...
+ <dd> ABCDEF0123456789ABCDDCBA0000111112345678...
Languages
=== modified file 'lib/lp/registry/templates/codeofconduct-list.pt'
--- lib/lp/registry/templates/codeofconduct-list.pt 2016-03-01 14:15:26 +0000
+++ lib/lp/registry/templates/codeofconduct-list.pt 2017-07-31 12:27:40 +0000
@@ -47,7 +47,8 @@
</tal:multiple_keys>
<tal:single_key condition="python: len(gpg_keys) == 1">
- The key <code tal:content="python: gpg_keys[0].keyid" /> is
+ The key <code tal:content="python: gpg_keys[0].fingerprint" />
+ is
</tal:single_key>
registered on your account. You can skip to the next step if
=== modified file 'lib/lp/registry/templates/person-editpgpkeys.pt'
--- lib/lp/registry/templates/person-editpgpkeys.pt 2016-03-01 14:15:26 +0000
+++ lib/lp/registry/templates/person-editpgpkeys.pt 2017-07-31 12:27:40 +0000
@@ -52,14 +52,14 @@
<tal:has_key condition="view/key">
<p tal:condition="view/key/revoked" class="error message">
- The key <span tal:replace="view/key/keyid" /> cannot be validated
+ The key <span tal:replace="view/key/fingerprint" /> cannot be validated
because it has been publicly revoked. You will need to generate a
new key (using <kbd>gpg --genkey</kbd>) and repeat the process
to import it.
</p>
<p tal:condition="view/key/expired" class="error message">
- The key <span tal:replace="view/key/keyid" /> cannot be validated
+ The key <span tal:replace="view/key/fingerprint" /> cannot be validated
because it has expired. Change the expiry date (in a terminal, enter
<kbd>gpg --edit-key <var>your@email.address</var></kbd> then enter
<kbd>expire</kbd>), and try again.
=== modified file 'lib/lp/registry/templates/person-portlet-contact-details.pt'
--- lib/lp/registry/templates/person-portlet-contact-details.pt 2016-07-28 00:26:13 +0000
+++ lib/lp/registry/templates/person-portlet-contact-details.pt 2017-07-31 12:27:40 +0000
@@ -142,7 +142,7 @@
<tal:keys repeat="key view/gpg_keys">
<a tal:attributes="href key/keyserverURL"
tal:omit-tag="not: request/lp:person">
- <tal:keyid replace="key/keyid"
+ <tal:fingerprint replace="key/fingerprint"
/></a><span tal:condition="not: repeat/key/end">,</span>
</tal:keys>
<div tal:condition="not: view/gpg_keys">
=== modified file 'lib/lp/services/gpg/doc/gpghandler.txt'
--- lib/lp/services/gpg/doc/gpghandler.txt 2015-06-24 00:17:11 +0000
+++ lib/lp/services/gpg/doc/gpghandler.txt 2017-07-31 12:27:40 +0000
@@ -205,7 +205,7 @@
>>> print new_key.secret
True
- >>> print new_key.algorithm
+ >>> print new_key.algorithm.title
R
>>> print new_key.keysize
@@ -244,7 +244,7 @@
>>> print pub_key.secret
False
- >>> print pub_key.algorithm
+ >>> print pub_key.algorithm.title
R
>>> print pub_key.keysize
=== modified file 'lib/lp/services/gpg/handler.py'
--- lib/lp/services/gpg/handler.py 2017-01-26 12:23:56 +0000
+++ lib/lp/services/gpg/handler.py 2017-07-31 12:27:40 +0000
@@ -580,7 +580,7 @@
self.revoked = subkey.revoked
self.keysize = subkey.length
- self.algorithm = GPGKeyAlgorithm.items[subkey.pubkey_algo].title
+ self.algorithm = GPGKeyAlgorithm.items[subkey.pubkey_algo]
self.keyid = self.fingerprint[-8:]
self.expired = key.expired
self.secret = key.secret
@@ -598,7 +598,8 @@
@property
def displayname(self):
- return '%s%s/%s' % (self.keysize, self.algorithm, self.keyid)
+ return '%s%s/%s' % (
+ self.keysize, self.algorithm.title, self.fingerprint)
def export(self):
"""See `PymeKey`."""
=== modified file 'lib/lp/services/gpg/interfaces.py'
--- lib/lp/services/gpg/interfaces.py 2017-01-26 12:23:56 +0000
+++ lib/lp/services/gpg/interfaces.py 2017-07-31 12:27:40 +0000
@@ -144,7 +144,7 @@
def __init__(self, key):
self.key = key
super(GPGKeyRevoked, self).__init__(
- "%s has been publicly revoked" % (key.keyid, ))
+ "%s has been publicly revoked" % (key.fingerprint, ))
class GPGKeyExpired(Exception):
@@ -152,7 +152,8 @@
def __init__(self, key):
self.key = key
- super(GPGKeyExpired, self).__init__("%s has expired" % (key.keyid, ))
+ super(GPGKeyExpired, self).__init__(
+ "%s has expired" % (key.fingerprint, ))
class GPGKeyMismatchOnServer(Exception):
=== modified file 'lib/lp/services/verification/browser/logintoken.py'
--- lib/lp/services/verification/browser/logintoken.py 2016-11-03 15:07:36 +0000
+++ lib/lp/services/verification/browser/logintoken.py 2017-07-31 12:27:40 +0000
@@ -358,7 +358,7 @@
'(using <kbd>gpg --genkey</kbd>) and repeat the previous '
'process to <a href="${url}/+editpgpkeys">find and '
'import</a> the new key.',
- mapping=dict(key=e.key.keyid, url=person_url))))
+ mapping=dict(key=e.key.fingerprint, url=person_url))))
except GPGKeyExpired as e:
self.addError(
structured(_(
@@ -366,7 +366,7 @@
'Change the expiry date (in a terminal, enter '
'<kbd>gpg --edit-key <var>your@email.address</var></kbd> '
'then enter <kbd>expire</kbd>), and try again.',
- mapping=dict(key=e.key.keyid))))
+ mapping=dict(key=e.key.fingerprint))))
else:
return key
=== modified file 'lib/lp/services/verification/browser/tests/logintoken-views.txt'
--- lib/lp/services/verification/browser/tests/logintoken-views.txt 2016-01-26 15:47:37 +0000
+++ lib/lp/services/verification/browser/tests/logintoken-views.txt 2017-07-31 12:27:40 +0000
@@ -57,5 +57,6 @@
>>> print "\n".join(
... notification.message
... for notification in validategpg_view.request.notifications)
- The key 1024D/DFD20543 was successfully validated...
+ The key 1024D/A419AE861E88BC9E04B9C26FBA2B9389DFD20543 was successfully
+ validated...
>>> tac.tearDown()
=== modified file 'lib/lp/services/verification/emailtemplates/validate-gpg.txt'
--- lib/lp/services/verification/emailtemplates/validate-gpg.txt 2011-12-20 11:55:18 +0000
+++ lib/lp/services/verification/emailtemplates/validate-gpg.txt 2017-07-31 12:27:40 +0000
@@ -9,8 +9,8 @@
Key details:
+ Key type : %(key_type)s
Fingerprint : %(fingerprint)s
- Key type/ID : %(displayname)s
UIDs:
%(uids)s
=== modified file 'lib/lp/services/verification/model/logintoken.py'
--- lib/lp/services/verification/model/logintoken.py 2016-03-23 17:55:39 +0000
+++ lib/lp/services/verification/model/logintoken.py 2017-07-31 12:27:40 +0000
@@ -152,9 +152,10 @@
# Here are the instructions that need to be encrypted.
template = get_email_template('validate-gpg.txt', app=MAIL_APP)
+ key_type = '%s%s' % (key.keysize, key.algorithm.title)
replacements = {'requester': self.requester.displayname,
'requesteremail': self.requesteremail,
- 'displayname': key.displayname,
+ 'key_type': key_type,
'fingerprint': key.fingerprint,
'uids': formatted_uids,
'token_url': canonical_url(self)}
=== modified file 'lib/lp/services/webservice/wadl-to-refhtml.xsl'
--- lib/lp/services/webservice/wadl-to-refhtml.xsl 2016-04-24 15:31:31 +0000
+++ lib/lp/services/webservice/wadl-to-refhtml.xsl 2017-07-31 12:27:40 +0000
@@ -371,7 +371,7 @@
<xsl:text>/</xsl:text>
<var><person.name></var>
<xsl:text>/+gpg-keys/</xsl:text>
- <var><keyid></var>
+ <var><fingerprint></var>
</xsl:when>
<xsl:when test="@id = 'hwdb'">
<xsl:text>/+hwdb</xsl:text>
=== modified file 'lib/lp/soyuz/doc/fakepackager.txt'
--- lib/lp/soyuz/doc/fakepackager.txt 2012-01-06 11:08:30 +0000
+++ lib/lp/soyuz/doc/fakepackager.txt 2017-07-31 12:27:40 +0000
@@ -20,8 +20,8 @@
>>> os.path.exists(packager.sandbox_path)
True
-Source 'name' and 'version' and 'gpg_key_id' are set according to the
-give arguments passed in the initialization.
+Source 'name' and 'version' and 'gpg_key_fingerprint' are set according to
+the arguments passed in the initialization.
>>> print packager.name
biscuit
@@ -29,7 +29,7 @@
>>> print packager.version
1.0
- >>> print packager.gpg_key_id
+ >>> print packager.gpg_key_fingerprint
None
The upstream directory is known but not yet created.
@@ -124,7 +124,7 @@
The error was raised because no signing key was set.
- >>> print packager.gpg_key_id
+ >>> print packager.gpg_key_fingerprint
None
A GPG key can only be set on initialization so we will have to create a
@@ -137,8 +137,8 @@
GPG key set, now we are able to build a signed version.
- >>> print packager.gpg_key_id
- 0x5D147547
+ >>> print packager.gpg_key_fingerprint
+ 0xFD311613D941C6DE55737D310E3498675D147547
FakePackager also allows us to include as many versions it needs
before building the package. It helps when the content of the
@@ -163,7 +163,7 @@
>>> gpghandler = getUtility(IGPGHandler)
>>> sig = gpghandler.verifySignature(content)
- >>> sig.fingerprint[-8:] == packager.gpg_key_id[2:]
+ >>> sig.fingerprint == packager.gpg_key_fingerprint[2:]
True
Continuing in the same 'sandbox', we can generate subsequent packages
=== modified file 'lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt'
--- lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt 2016-07-18 08:25:34 +0000
+++ lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt 2017-07-31 12:27:40 +0000
@@ -573,14 +573,14 @@
... anon_browser.contents, 'signing-key')
>>> print extract_text(signing_key_section)
- Signing key: 1024D/12345678 (What is this?)
+ Signing key: 1024D/ABCDEF0123456789ABCDDCBA0000111112345678 (What is this?)
Fingerprint: ABCDEF0123456789ABCDDCBA0000111112345678
The key fingerprint links to the actual key available in the ubuntu
keyserver.
>>> print anon_browser.getLink(
- ... '1024D/12345678').url
+ ... '1024D/ABCDEF0123456789ABCDDCBA0000111112345678').url
http://keyserver.ubuntu.com:11371/pks/lookup?fingerprint=on&op=index&search=0xABCDEF0123456789ABCDDCBA0000111112345678
Using software from a PPA can be hard for novices. We offer two
=== modified file 'lib/lp/soyuz/tests/fakepackager.py'
--- lib/lp/soyuz/tests/fakepackager.py 2011-12-22 04:46:24 +0000
+++ lib/lp/soyuz/tests/fakepackager.py 2017-07-31 12:27:40 +0000
@@ -89,9 +89,9 @@
self.version = version
if key_path is not None:
- self.gpg_key_id = self._importGPGKey(key_path)
+ self.gpg_key_fingerprint = self._importGPGKey(key_path)
else:
- self.gpg_key_id = None
+ self.gpg_key_fingerprint = None
self.upstream_directory = os.path.join(
self.sandbox_path, '%s-%s' % (self.name, self.version))
@@ -119,19 +119,19 @@
def _importGPGKey(self, key_path):
"""Import the given secret GPG key to sign packages.
- Return the key ID import as '0xAABBCCDD'
+ Return the fingerprint of the imported key, prefixed with '0x'.
"""
gpghandler = getUtility(IGPGHandler)
if key_path is None:
- self.gpg_key_id = None
+ self.gpg_key_fingerprint = None
return
gpghandler.resetLocalState()
import_secret_test_key(key_path)
key = list(gpghandler.localKeys())[0]
- return '0x%s' % key.keyid
+ return '0x%s' % key.fingerprint
def _appendContents(self, content):
"""Append a given content in the upstream 'contents' file.
@@ -360,9 +360,9 @@
if not signed:
debuild_options.extend(['-uc', '-us'])
else:
- assert self.gpg_key_id is not None, (
+ assert self.gpg_key_fingerprint is not None, (
'Cannot build signed packages because the key is not set.')
- debuild_options.append('-k%s' % self.gpg_key_id)
+ debuild_options.append('-k%s' % self.gpg_key_fingerprint)
if include_orig:
debuild_options.append('-sa')
=== modified file 'lib/lp/testing/gpgkeys/__init__.py'
--- lib/lp/testing/gpgkeys/__init__.py 2017-01-12 15:03:09 +0000
+++ lib/lp/testing/gpgkeys/__init__.py 2017-07-31 12:27:40 +0000
@@ -70,7 +70,7 @@
keyid=key.keyid,
fingerprint=key.fingerprint,
keysize=key.keysize,
- algorithm=GPGKeyAlgorithm.items[key.algorithm],
+ algorithm=key.algorithm,
active=(not key.revoked))
Follow ups
