From 470da5754d0c97a883b76a7e263a678df83156e0 Mon Sep 17 00:00:00 2001
From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Date: Thu, 28 Aug 2014 14:44:10 -0700
Subject: tests/test_auth.py: update for gnupg 1.4.18

The test 'test_add_key_from_server_mitm' needs updating for gnupg 1.4.18
which fail differently/earlier when 'fingerprints do not match' since
commit
 'Screen keyserver responses' (5230304349490f31aa64ee2b69a8a2bc06bf7816)

With that change gnupg actually checks itself(!) if the key that the
server send matches the key that the user asked for.

Closes: #755342
---
 apt/auth.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'apt/auth.py')

diff --git a/apt/auth.py b/apt/auth.py
index 6fe7c01a..b8089d0c 100644
--- a/apt/auth.py
+++ b/apt/auth.py
@@ -154,6 +154,12 @@ def _add_key_from_keyserver(keyid, keyserver, tmp_keyring_dir):
     if res != 0:
         raise AptKeyError("recv from '%s' failed for '%s'" % (
             keyserver, keyid))
+    # FIXME:
+    # - with gnupg 1.4.18 the downloaded key is actually checked(!),
+    #   i.e. gnupg will not import anything that the server sends
+    #   into the keyring, so the below checks are now redundant *if*
+    #   gnupg 1.4.18 is used
+
     # now export again using the long key id (to ensure that there is
     # really only this one key in our keyring) and not someone MITM us
     tmp_export_keyring = os.path.join(tmp_keyring_dir, "export-keyring.gpg")
-- 
cgit v1.2.3