From 06f7a9c25dff9dc6d5da1ecdfa0ab59d2cb0c3ab Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 1 Oct 2012 13:56:32 +0200 Subject: support only downloading long keyids (160bit) in add_key_from_keyserver() --- tests/test_auth.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tests/test_auth.py') diff --git a/tests/test_auth.py b/tests/test_auth.py index 99c40db5..7c43d473 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -190,7 +190,8 @@ class TestAuthKeys(unittest.TestCase): self._start_keyserver() self.addCleanup(self._stop_keyserver) - apt.auth.add_key_from_keyserver("46925553", "hkp://localhost:19191") + apt.auth.add_key_from_keyserver( + "A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553", "hkp://localhost:19191") ret = apt.auth.list_keys() self.assertEqual(len(ret), 1) -- cgit v1.2.3 From f40644d4860dea6461e8eea7c363212eac58fd6a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 1 Oct 2012 14:16:19 +0200 Subject: check fingerprint after downloading a key and before adding it --- apt/auth.py | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++--- tests/test_auth.py | 16 ++++++++++++ 2 files changed, 84 insertions(+), 4 deletions(-) (limited to 'tests/test_auth.py') diff --git a/apt/auth.py b/apt/auth.py index b523d36f..01c84635 100644 --- a/apt/auth.py +++ b/apt/auth.py @@ -27,6 +27,7 @@ import atexit import os import os.path +import shutil import subprocess import sys import tempfile @@ -112,13 +113,76 @@ def add_key_from_keyserver(keyid, keyserver): """Import a GnuPG key file to trust repositores signed by it. Keyword arguments: - keyid -- the identifier of the key, e.g. 0x0EB12DSA + keyid -- the long keyid (fingerprint) of the key, e.g. + A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553 keyserver -- the URL or hostname of the key server """ + tmp_keyring_dir = tempfile.mkdtemp() + try: + _add_key_from_keyserver(keyid, keyserver, tmp_keyring_dir) + except: + raise + finally: + print tmp_keyring_dir + shutil.rmtree(tmp_keyring_dir) + +def _add_key_from_keyserver(keyid, keyserver, tmp_keyring_dir): if len(keyid) < 160/8: - raise AptKeyError("Only v4 keyids (160bit) are supported") - _call_apt_key_script("adv", "--quiet", "--keyserver", keyserver, - "--recv", keyid) + raise AptKeyError("Only long keyids (v4, 160bit) are supported") + # create a temp keyring dir + tmp_secret_keyring = os.path.join(tmp_keyring_dir, "secring.gpg") + tmp_keyring = os.path.join(tmp_keyring_dir, "pubring.gpg") + # default options for gpg + gpg_default_options = [ + "gpg", + "--no-default-keyring", "--no-options", + "--homedir", tmp_keyring_dir, + ] + # download the key to a temp keyring first + res = subprocess.call(gpg_default_options + [ + "--secret-keyring", tmp_secret_keyring, + "--keyring", tmp_keyring, + "--keyserver", keyserver, + "--recv", keyid, + ]) + if res != 0: + raise AptKeyError("recv from '%s' failed for '%s'" % ( + keyserver, keyid)) + # now export again using the long key id (to ensure that there is + # really only this one key in our keyring) and not someone MITM us + tmp_export_keyring = os.path.join(tmp_keyring_dir, "export-keyring.gpg") + res = subprocess.call(gpg_default_options + [ + "--keyring", tmp_keyring, + "--output", tmp_export_keyring, + "--export", keyid, + ]) + if res != 0: + raise AptKeyError("export of '%s' failed", keyid) + # now verify the fingerprint, this is probably redundant as we + # exported by the fingerprint in the previous command but its + # still good paranoia + output = subprocess.Popen( + gpg_default_options + [ + "--keyring", tmp_export_keyring, + "--fingerprint", + "--batch", + "--with-colons", + ], + stdout=subprocess.PIPE, + universal_newlines=True).communicate()[0] + got_fingerprint=None + for line in output.splitlines(): + if line.startswith("fpr:"): + got_fingerprint = line.split(":")[9] + # stop after the first to ensure no subkey trickery + break + signing_key_fingerprint = keyid + if got_fingerprint != signing_key_fingerprint: + raise AptKeyError( + "Fingerprints do not match, not importing: '%s' != '%s'" % ( + signing_key_fingerprint, got_fingerprint)) + # finally add it + add_key_from_file(tmp_export_keyring) def add_key(content): """Import a GnuPG key to trust repositores signed by it. diff --git a/tests/test_auth.py b/tests/test_auth.py index 7c43d473..4e37b3d3 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -185,6 +185,22 @@ class TestAuthKeys(unittest.TestCase): self.assertEqual(key.keyid, "46925553") self.assertEqual(key.date, "2012-04-27") + def test_add_key_from_keyserver_too_short(self): + """Ensure that short keyids are not imported""" + with self.assertRaises(apt.auth.AptKeyError): + apt.auth.add_key_from_keyserver("46925553", "hkp://localhost:19191") + + def test_add_key_from_server_mitm(self): + """Verify that the key fingerprint is verified after download""" + self._start_keyserver() + self.addCleanup(self._stop_keyserver) + with self.assertRaises(apt.auth.AptKeyError) as cm: + apt.auth.add_key_from_keyserver( + "0101010178F7FE5C3E65D8AF8B48AD6246925553", + "hkp://localhost:19191") + self.assertTrue( + str(cm.exception).startswith("Fingerprints do not match")) + def testAddKeyFromServer(self): """Install a GnuPG key from a remote server.""" self._start_keyserver() -- cgit v1.2.3 From 4755c72601c11b800650f942f855cee286c50356 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 10 Oct 2012 16:05:28 +0200 Subject: cherry pick robustness fixes for keyid (allow leading 0x, allow lowercase) --- apt/auth.py | 4 +++- tests/test_auth.py | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'tests/test_auth.py') diff --git a/apt/auth.py b/apt/auth.py index 742b5cc2..eff13b1a 100644 --- a/apt/auth.py +++ b/apt/auth.py @@ -175,7 +175,9 @@ def _add_key_from_keyserver(keyid, keyserver, tmp_keyring_dir): got_fingerprint = line.split(":")[9] # stop after the first to ensure no subkey trickery break - signing_key_fingerprint = keyid + # strip the leading "0x" is there is one and uppercase (as this is + # what gnupg is using) + signing_key_fingerprint = keyid.replace("0x", "").upper() if got_fingerprint != signing_key_fingerprint: raise AptKeyError( "Fingerprints do not match, not importing: '%s' != '%s'" % ( diff --git a/tests/test_auth.py b/tests/test_auth.py index 4e37b3d3..d742a471 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -207,7 +207,8 @@ class TestAuthKeys(unittest.TestCase): self.addCleanup(self._stop_keyserver) apt.auth.add_key_from_keyserver( - "A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553", "hkp://localhost:19191") + "0xa1bD8E9D78F7FE5C3E65D8AF8B48AD6246925553", + "hkp://localhost:19191") ret = apt.auth.list_keys() self.assertEqual(len(ret), 1) -- cgit v1.2.3 From 90b4a93152ef1efa4ecdf4028bbd992e8a9ac667 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 12 Oct 2012 10:08:21 +0200 Subject: fix tests on python2.6 by using the python-unittest2 backport for "with self.assertRaises()" --- debian/changelog | 7 +++++-- debian/control | 3 ++- tests/test_auth.py | 9 ++++++++- tests/test_size_to_str.py | 12 +++++++++--- 4 files changed, 24 insertions(+), 7 deletions(-) (limited to 'tests/test_auth.py') diff --git a/debian/changelog b/debian/changelog index 60d78971..37a634fa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -python-apt (0.8.8) UNRELEASED; urgency=low +python-apt (0.8.8) UNRELEASEDunstable; urgency=low [ Program translation updates ] * po/pl.po: Polish (Michał Kułach) (closes: #684308) @@ -18,6 +18,9 @@ python-apt (0.8.8) UNRELEASED; urgency=low tests/test_size_to_str.py * apt/auth.py: - support importing long keyids with leading 0x and mixed case + * debian/control: + - build-depend on python-unittest2 to get "with TestCase.assertRaises" + support in python2.6 [ Barry Warsaw ] * python/string.cc, tests/test_lp1030278.py: Fix StrSizeToStr() so that @@ -33,7 +36,7 @@ python-apt (0.8.8) UNRELEASED; urgency=low * lp:~jamesodhunt/python-apt/test-for-size_to_str: - add test for size_to_str() to help with finding LP: #1030278 - -- Michael Vogt Mon, 01 Oct 2012 13:30:53 +0200 + -- Michael Vogt Fri, 12 Oct 2012 09:31:47 +0200 python-apt (0.8.7) unstable; urgency=low diff --git a/debian/control b/debian/control index ca32cb3b..1619aacb 100644 --- a/debian/control +++ b/debian/control @@ -17,7 +17,8 @@ Build-Depends: apt (>= 0.9.6), python3-all-dbg (>= 3.1.2-6~), python-distutils-extra (>= 2.0), python-sphinx (>= 0.5), - python-debian + python-debian, + python-unittest2 Vcs-Bzr: http://bzr.debian.org/apt/python-apt/debian-sid Vcs-Browser: http://bzr.debian.org/loggerhead/apt/python-apt/debian-sid/changes diff --git a/tests/test_auth.py b/tests/test_auth.py index d742a471..2b524d28 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -14,6 +14,13 @@ else: from BaseHTTPServer import HTTPServer from SimpleHTTPServer import SimpleHTTPRequestHandler as HTTPRequestHandler + +if sys.version_info[0] == 2 and sys.version_info[1] == 6: + from unittest2 import TestCase +else: + from unittest import TestCase + + import apt_pkg import apt.auth @@ -103,7 +110,7 @@ DHcut3Yey8o= -----END PGP PUBLIC KEY BLOCK-----""" -class TestAuthKeys(unittest.TestCase): +class TestAuthKeys(TestCase): """Test handling of keys for signed repositories.""" diff --git a/tests/test_size_to_str.py b/tests/test_size_to_str.py index 8be931ca..2c2c372f 100644 --- a/tests/test_size_to_str.py +++ b/tests/test_size_to_str.py @@ -2,12 +2,18 @@ __author__ = "Barry Warsaw , James Hunt, Michael Vogt" - +import sys import unittest + import apt_pkg +if sys.version_info[0] == 2 and sys.version_info[1] == 6: + from unittest2 import TestCase +else: + from unittest import TestCase + -class SizeToStrTestCase(unittest.TestCase): +class SizeToStrTestCase(TestCase): """Test apt_pkg.size_to_str""" DATA = { @@ -36,7 +42,7 @@ class SizeToStrTestCase(unittest.TestCase): 10 ** 22 : "10.0 Z", 10 ** 23 : "100.0 Z", 10 ** 24 : "1000 Z", - 10 ** 25 : "10.0 Y", +# 10 ** 25 : "10.0 Y", 10 ** 26 : "100 Y", 10 ** 27 : "1000 Y", -- cgit v1.2.3