2017-03-14 12:55:57 |
Dimitri John Ledkov |
bug |
|
|
added bug |
2017-03-14 12:55:57 |
Dimitri John Ledkov |
attachment added |
|
reproducer.sh https://bugs.launchpad.net/bugs/1672710/+attachment/4837553/+files/reproducer.sh |
|
2017-03-14 12:56:09 |
Dimitri John Ledkov |
apt (Ubuntu): status |
New |
Confirmed |
|
2017-03-14 12:56:11 |
Dimitri John Ledkov |
apt (Ubuntu): importance |
Undecided |
High |
|
2017-04-05 16:00:25 |
Launchpad Janitor |
apt (Ubuntu): status |
Confirmed |
Fix Released |
|
2017-04-21 20:07:10 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Yakkety |
|
2017-04-21 20:07:10 |
Julian Andres Klode |
bug task added |
|
apt (Ubuntu Yakkety) |
|
2017-04-21 20:10:06 |
Julian Andres Klode |
description |
When Dir has a space, and it is set via APT_CONFIG file, keys are found and validated correctly.
When Dir is set without a space via cmdline, keys are found and validated correctly.
When Dir is set with a space via cmdline, keys are not found and repositories are not verified.
Please see attached reproducer, which works on xenial system (gpg1) but not on zesty system (gpg2)
$ bash reproducer.sh
++ mktemp -d
+ tmpdir=/tmp/tmp.sFipy6h5yL
+ pushd /tmp/tmp.sFipy6h5yL
/tmp/tmp.sFipy6h5yL ~
+ mkdir 'Sub Dir'
+ pushd 'Sub Dir'
/tmp/tmp.sFipy6h5yL/Sub Dir /tmp/tmp.sFipy6h5yL ~
+ mkdir -p etc/apt/apt.conf.d
+ mkdir -p etc/apt/trusted.gpg.d
+ mkdir -p etc/apt/preferences.d
+ mkdir -p var/lib/apt/lists/partial
+ mkdir -p var/lib/dpkg
+ touch var/lib/dpkg/status
+ cp /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg etc/apt/trusted.gpg.d/
+ echo 'deb http://archive.ubuntu.com/ubuntu/ trusty main'
+ echo 'Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";'
+ export APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf
+ APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf
+ cat /tmp/tmp.sFipy6h5yL/apt.conf
Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";
+ :
+ : == list available keys ==
+ apt-key list
/tmp/tmp.sFipy6h5yL/Sub Dir/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
---------------------------------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32
uid [ unknown] Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
+ :
+ : == update with environ APT_CONFIG setting the Dir variable ==
+ apt update
Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
Get:2 http://archive.ubuntu.com/ubuntu trusty Release [58.5 kB]
Get:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg [933 B]
Get:4 http://archive.ubuntu.com/ubuntu trusty/main amd64 Packages [1,350 kB]
Fetched 1,410 kB in 0s (1,959 kB/s)
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
+ unset APT_CONFIG
+ :
+ : == update with cmdline Dir option setting Dir to relative pwd ==
+ apt -o Dir=./ update
Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
Hit:2 http://archive.ubuntu.com/ubuntu trusty Release
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
+ :
+ : == update with cmdline Dir option setting Dir to absolute pwd with space ==
+ apt -o 'Dir=/tmp/tmp.sFipy6h5yL/Sub Dir' update
Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
Hit:2 http://archive.ubuntu.com/ubuntu trusty Release
Err:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com/ubuntu trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: Some index files failed to download. They have been ignored, or old ones used instead. |
When Dir has a space, and it is set via APT_CONFIG file, keys are found and validated correctly.
When Dir is set without a space via cmdline, keys are found and validated correctly.
When Dir is set with a space via cmdline, keys are not found and repositories are not verified.
[Test case]
Please see attached reproducer, which works on xenial system (gpg1) but not on zesty system (gpg2)
$ bash reproducer.sh
++ mktemp -d
+ tmpdir=/tmp/tmp.sFipy6h5yL
+ pushd /tmp/tmp.sFipy6h5yL
/tmp/tmp.sFipy6h5yL ~
+ mkdir 'Sub Dir'
+ pushd 'Sub Dir'
/tmp/tmp.sFipy6h5yL/Sub Dir /tmp/tmp.sFipy6h5yL ~
+ mkdir -p etc/apt/apt.conf.d
+ mkdir -p etc/apt/trusted.gpg.d
+ mkdir -p etc/apt/preferences.d
+ mkdir -p var/lib/apt/lists/partial
+ mkdir -p var/lib/dpkg
+ touch var/lib/dpkg/status
+ cp /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg etc/apt/trusted.gpg.d/
+ echo 'deb http://archive.ubuntu.com/ubuntu/ trusty main'
+ echo 'Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";'
+ export APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf
+ APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf
+ cat /tmp/tmp.sFipy6h5yL/apt.conf
Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";
+ :
+ : == list available keys ==
+ apt-key list
/tmp/tmp.sFipy6h5yL/Sub Dir/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
---------------------------------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32
uid [ unknown] Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
+ :
+ : == update with environ APT_CONFIG setting the Dir variable ==
+ apt update
Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
Get:2 http://archive.ubuntu.com/ubuntu trusty Release [58.5 kB]
Get:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg [933 B]
Get:4 http://archive.ubuntu.com/ubuntu trusty/main amd64 Packages [1,350 kB]
Fetched 1,410 kB in 0s (1,959 kB/s)
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
+ unset APT_CONFIG
+ :
+ : == update with cmdline Dir option setting Dir to relative pwd ==
+ apt -o Dir=./ update
Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
Hit:2 http://archive.ubuntu.com/ubuntu trusty Release
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
+ :
+ : == update with cmdline Dir option setting Dir to absolute pwd with space ==
+ apt -o 'Dir=/tmp/tmp.sFipy6h5yL/Sub Dir' update
Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
Hit:2 http://archive.ubuntu.com/ubuntu trusty Release
Err:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com/ubuntu trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: Some index files failed to download. They have been ignored, or old ones used instead.
[Regression Potential]
The fix changes the code to generate quotes in the Commmandline:AsString option, which dumps the command line for logging purposes. This was not parseable before, causing the file to be rejected, so what can happen is that something now works that did not before. |
|
2017-04-21 20:10:11 |
Julian Andres Klode |
apt (Ubuntu Yakkety): importance |
Undecided |
High |
|
2017-04-21 20:10:28 |
Julian Andres Klode |
apt (Ubuntu Yakkety): status |
New |
Triaged |
|
2017-04-21 20:10:32 |
Julian Andres Klode |
apt (Ubuntu Yakkety): assignee |
|
Julian Andres Klode (juliank) |
|
2017-04-25 22:40:33 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Xenial |
|
2017-04-25 22:40:33 |
Julian Andres Klode |
bug task added |
|
apt (Ubuntu Xenial) |
|
2017-04-25 22:40:50 |
Julian Andres Klode |
apt (Ubuntu Xenial): status |
New |
Triaged |
|
2017-04-25 22:40:58 |
Julian Andres Klode |
apt (Ubuntu Xenial): importance |
Undecided |
Low |
|
2017-04-25 23:54:28 |
Julian Andres Klode |
apt (Ubuntu Xenial): status |
Triaged |
Fix Committed |
|
2017-04-25 23:54:30 |
Julian Andres Klode |
apt (Ubuntu Yakkety): status |
Triaged |
Fix Committed |
|
2017-04-26 12:55:09 |
Chris J Arges |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2017-04-26 12:55:15 |
Chris J Arges |
bug |
|
|
added subscriber SRU Verification |
2017-04-26 12:55:19 |
Chris J Arges |
tags |
|
verification-needed |
|
2017-07-27 20:32:00 |
Adam Conrad |
tags |
verification-needed |
verification-needed verification-needed-xenial |
|
2017-07-27 20:32:29 |
Adam Conrad |
apt (Ubuntu Yakkety): status |
Fix Committed |
Won't Fix |
|
2017-07-28 09:26:13 |
Dimitri John Ledkov |
tags |
verification-needed verification-needed-xenial |
verification-done verification-done-xenial |
|
2017-07-31 16:25:38 |
Launchpad Janitor |
apt (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2017-07-31 16:25:46 |
Adam Conrad |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|