tests/test_auth.py: update for gnupg 1.4.18

The test 'test_add_key_from_server_mitm' needs updating for gnupg 1.4.18 which fail differently/earlier when 'fingerprints do not match' since commit 'Screen keyserver responses' (5230304349490f31aa64ee2b69a8a2bc06bf7816) With that change gnupg actually checks itself(!) if the key that the server send matches the key that the user asked for. Closes: #755342
author: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> 2014-08-28 14:44:10 -0700
committer: Michael Vogt <mvo@debian.org> 2014-08-28 14:44:10 -0700
commit: 470da5754d0c97a883b76a7e263a678df83156e0 (patch)
tree: d276e9c78e6e5fd53967e836af4fd37770649564 /apt
parent: 260597a6f29415ccacb5583381f9ba5bcb463e6f (diff)
download: python-apt-470da5754d0c97a883b76a7e263a678df83156e0.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/apt/auth.py b/apt/auth.py
index 6fe7c01a..b8089d0c 100644
--- a/apt/auth.py
+++ b/apt/auth.py
@@ -154,6 +154,12 @@ def _add_key_from_keyserver(keyid, keyserver, tmp_keyring_dir):
     if res != 0:
         raise AptKeyError("recv from '%s' failed for '%s'" % (
             keyserver, keyid))
+    # FIXME:
+    # - with gnupg 1.4.18 the downloaded key is actually checked(!),
+    #   i.e. gnupg will not import anything that the server sends
+    #   into the keyring, so the below checks are now redundant *if*
+    #   gnupg 1.4.18 is used
+
     # now export again using the long key id (to ensure that there is
     # really only this one key in our keyring) and not someone MITM us
     tmp_export_keyring = os.path.join(tmp_keyring_dir, "export-keyring.gpg")
author	Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>	2014-08-28 14:44:10 -0700
committer	Michael Vogt <mvo@debian.org>	2014-08-28 14:44:10 -0700
commit	470da5754d0c97a883b76a7e263a678df83156e0 (patch)
tree	d276e9c78e6e5fd53967e836af4fd37770649564 /apt
parent	260597a6f29415ccacb5583381f9ba5bcb463e6f (diff)
download	python-apt-470da5754d0c97a883b76a7e263a678df83156e0.tar.gz