private ppa signing_key_fingerprint shows ''

Bug #1879781 reported by Dan Streetman on 2020-05-20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Colin Watson

Bug Description

A ppa that I have access to install, but not access to the private team that owns the ppa, is accessible to me via the LP api. I am able to get ppa.getSigningKeyData(). However, ppa.signing_key_fingerprint is '' so I'm not able to check the fingerprint of the key data. This isn't a blocker, since I can still just use the key data, but it's unfortunate that I can't access the fingerprint to verify the key data is correct.

For example, the ppa:canonical-is-fwgen/ppa is available to anyone in canonical, but I can't access the team that owns it. So I get:

$ lp-shell
Connected to LP service "production" with API version "devel":
Note: LP can be accessed through the "lp" object.
In [1]:
Out[1]: <person at>

In [2]: team = lp.people('canonical-is-fwgen')

In [3]: team
Out[3]: <team at>

In [4]: ppa = team.getPPAByName(name='ppa')

In [5]: ppa
Out[5]: <archive at>

In [6]: ppa.signing_key_fingerprint
Out[6]: ''

In [7]: keydata = ppa.getSigningKeyData()

In [8]: keydata[:80]
Out[8]: '-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1\n\nmQINBFeF3Z8BEACzbqGvIqj7'

Related branches

Dan Streetman (ddstreet) wrote :

to clarify, the fingerprint isn't required. Would just be nice to have it, since it's available for public ppas, and i don't see any reason it should be redacted while the actual key data is available.

Colin Watson (cjwatson) on 2020-05-21
tags: added: api lp-soyuz trivial
Changed in launchpad:
status: New → In Progress
importance: Undecided → Low
assignee: nobody → Colin Watson (cjwatson)
Colin Watson (cjwatson) on 2020-05-27
Changed in launchpad:
status: In Progress → Fix Committed
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers