* UpdateManager/MetaRelease.py, DistUpgradeFetcher:

  - make the authentication work reliable
* DistUpgrade/DistUpgradeViewGtk.py:
  - exit on fatal uncaught exceptions
* SoftwareProperties/SoftwareProperties.py:
  - fix a indent error when adding gpg keys 

2 files changed, 41 insertions, 15 deletions

diff --git a/UpdateManager/DistUpgradeFetcher.py b/UpdateManager/DistUpgradeFetcher.py
index 7af32865..676f064b 100644
--- a/UpdateManager/DistUpgradeFetcher.py
+++ b/UpdateManager/DistUpgradeFetcher.py
@@ -91,7 +91,19 @@ class DistUpgradeFetcher(object):
               return False
           return True
 
-    def authenticate(self, file, signature, keyring='/etc/apt/trusted.gpg'):
+    def authenticate(self):
+        if self.new_dist.upgradeToolSig:
+            f = self.tmpdir+"/"+os.path.basename(self.new_dist.upgradeTool)
+            sig = self.tmpdir+"/"+os.path.basename(self.new_dist.upgradeToolSig)
+            print "authenticate '%s' against '%s' " % (f,sig)
+            if not self.gpgauthenticate(f, sig):
+                return False
+
+        # we may return False here by default if we want to make a sig
+        # mandatory
+        return True
+
+    def gpgauthenticate(self, file, signature, keyring='/etc/apt/trusted.gpg'):
         """ authenticated a file against a given signature, if no keyring
             is given use the apt default keyring
         """
@@ -101,6 +113,7 @@ class DistUpgradeFetcher(object):
         proc = gpg.run(['--verify', signature, file],
                        create_fhs=['status','logger','stderr'])
         gpgres = proc.handles['status'].read()
+        proc.wait()
         if "VALIDSIG" in gpgres:
             return True
         return False
@@ -140,23 +153,32 @@ class DistUpgradeFetcher(object):
         # now download the tarball with the upgrade script
         self.tmpdir = tmpdir = tempfile.mkdtemp()
         os.chdir(tmpdir)
+
+        # turn debugging on here (if required)
+        #apt_pkg.Config.Set("Debug::Acquire::http","1")
+
+        progress = GtkProgress.GtkFetchProgress(self.parent,
+                                                _("Downloading the upgrade "
+                                                  "tool"),
+                                                _("The upgrade tool will "
+                                                  "guide you through the "
+                                                  "upgrade process."))
+        fetcher = apt_pkg.GetAcquire(progress)
+
+        if self.new_dist.upgradeToolSig != None:
+            uri = self.new_dist.upgradeToolSig
+            af = apt_pkg.GetPkgAcqFile(fetcher,uri, descr=_("Upgrade tool signature"))
         if self.new_dist.upgradeTool != None:
-            progress = GtkProgress.GtkFetchProgress(self.parent,
-                                                    _("Downloading the upgrade "
-                                                      "tool"),
-                                                    _("The upgrade tool will "
-                                                      "guide you through the "
-                                                      "upgrade process."))
-            fetcher = apt_pkg.GetAcquire(progress)
             self.uri = self.new_dist.upgradeTool
             af = apt_pkg.GetPkgAcqFile(fetcher,self.uri, descr=_("Upgrade tool"))
             if fetcher.Run() != fetcher.ResultContinue:
                 return False
             return True
+        return False
 
     def runDistUpgrader(self):
         #print "runing: %s" % script
-        os.execv(script,[])
+        os.execv(self.script,[])
 
     def cleanup(self):
       # cleanup
@@ -185,10 +207,10 @@ class DistUpgradeFetcher(object):
             print "verify failed"
             self.cleanup()
             return
-        #if not self.authenticate(distUpgradeTar, distUpgradeSig):
-        #   print "authenticate failed"
-        #   self.cleanup()
-        #   return
+        if not self.authenticate():
+            print "authenticate failed"
+            self.cleanup()
+            return
         self.runDistUpgrader()
 
 
diff --git a/UpdateManager/MetaRelease.py b/UpdateManager/MetaRelease.py
index cd56970f..fde705bb 100644
--- a/UpdateManager/MetaRelease.py
+++ b/UpdateManager/MetaRelease.py
@@ -38,12 +38,13 @@ class Dist(object):
         self.supported = supported
         self.releaseNotesURI = None
         self.upgradeTool = None
+        self.upgradeToolSig = None
 
 class MetaRelease(gobject.GObject):
 
     # some constants
-    #METARELEASE_URI = "http://changelogs.ubuntu.com/meta-release"
-    METARELEASE_URI = "http://people.ubuntu.com/~mvo/dist-upgrader/meta-release-test.save"
+    METARELEASE_URI = "http://changelogs.ubuntu.com/meta-release"
+    #METARELEASE_URI = "http://people.ubuntu.com/~mvo/dist-upgrader/meta-release-test2"
     METARELEASE_FILE = "/var/lib/update-manager/meta-release"
 
     __gsignals__ = { 
@@ -73,6 +74,7 @@ class MetaRelease(gobject.GObject):
         if res != 0:
             sys.stderr.write("lsb_release returned exitcode: %i\n" % res)
         dist = string.strip(p.stdout.readline())
+        #dist = "breezy"
         return dist
     
     def check(self):
@@ -107,6 +109,8 @@ class MetaRelease(gobject.GObject):
                     dist.releaseNotesURI = index_tag.Section["ReleaseNotes"]
                 if index_tag.Section.has_key("UpgradeTool"):
                     dist.upgradeTool =  index_tag.Section["UpgradeTool"]
+                if index_tag.Section.has_key("UpgradeToolSignature"):
+                    dist.upgradeToolSig =  index_tag.Section["UpgradeToolSignature"]
                 dists.append(dist)
                 if name == current_dist_name:
                     current_dist = dist