summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSalim Afiune <afiune@chef.io>2017-03-07 17:42:20 -0500
committerTom Duffield <tom@chef.io>2017-03-08 12:33:58 -0600
commit54e75c431c0d45653b857e61412d8f85de69fbab (patch)
treed708ee577e7df9c7b6b3f65529dd1cf9ae5f608b
parent9c3dc16179eedeefe0b97b79fd3d459bbf0e9988 (diff)
downloadchef-54e75c431c0d45653b857e61412d8f85de69fbab.tar.gz
Fix apt_repository for latest os version 16.10
Great description and solution of the problem made by @jeremiahsnapp in the below issue! Closes https://github.com/chef/chef/issues/5831 I have validated this works fine for the following os: * Ubuntu 14.04 * Ubuntu 16.04 * Ubuntu 16.10 (latest) * Debian-6.0.10 * Debian-8.7 (latest) Signed-off-by: Salim Afiune <afiune@chef.io>
-rw-r--r--lib/chef/provider/apt_repository.rb8
-rw-r--r--spec/unit/provider/apt_repository_spec.rb60
2 files changed, 38 insertions, 30 deletions
diff --git a/lib/chef/provider/apt_repository.rb b/lib/chef/provider/apt_repository.rb
index 9e91b12373..07aeb090d0 100644
--- a/lib/chef/provider/apt_repository.rb
+++ b/lib/chef/provider/apt_repository.rb
@@ -115,7 +115,7 @@ class Chef
so = shell_out(cmd)
so.run_command
so.stdout.split(/\n/).map do |t|
- if z = t.match(/^ +Key fingerprint = ([0-9A-F ]+)/)
+ if z = t.match(/^fpr:+([0-9A-F]+):/)
z[1].split.join
end
end.compact
@@ -147,8 +147,10 @@ class Chef
end
def no_new_keys?(file)
- installed_keys = extract_fingerprints_from_cmd("apt-key finger")
- proposed_keys = extract_fingerprints_from_cmd("gpg --with-fingerprint #{file}")
+ # Now we are using the option --with-colons that works across old os versions
+ # as well as the latest (16.10). This for both `apt-key` and `gpg` commands
+ installed_keys = extract_fingerprints_from_cmd("apt-key adv --list-public-keys --with-fingerprint --with-colons")
+ proposed_keys = extract_fingerprints_from_cmd("gpg --with-fingerprint --with-colons #{file}")
(installed_keys & proposed_keys).sort == proposed_keys.sort
end
diff --git a/spec/unit/provider/apt_repository_spec.rb b/spec/unit/provider/apt_repository_spec.rb
index d8f2c85cb7..6180582d69 100644
--- a/spec/unit/provider/apt_repository_spec.rb
+++ b/spec/unit/provider/apt_repository_spec.rb
@@ -18,32 +18,30 @@
require "spec_helper"
+# Now we are using the option --with-colons that works across old os versions
+# as well as the latest (16.10). This for both `apt-key` and `gpg` commands
+#
+# Output of the command:
+# => apt-key adv --list-public-keys --with-fingerprint --with-colons
APT_KEY_FINGER = <<-EOF
-/etc/apt/trusted.gpg
---------------------
-pub 1024D/437D05B5 2004-09-12
- Key fingerprint = 6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5
-uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
-sub 2048g/79164387 2004-09-12
-
-pub 1024D/FBB75451 2004-12-30
- Key fingerprint = C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451
-uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
-
-pub 4096R/C0B21F32 2012-05-11
- Key fingerprint = 790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32
-uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
-
-pub 4096R/EFE21092 2012-05-11
- Key fingerprint = 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
-uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
-
+tru:t:1:1488924856:0:3:1:5
+pub:-:1024:17:40976EAF437D05B5:2004-09-12:::-:Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>::scESC:
+fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:
+sub:-:2048:16:251BEFF479164387:2004-09-12::::::e:
+pub:-:1024:17:46181433FBB75451:2004-12-30:::-:Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>::scSC:
+fpr:::::::::C5986B4F1257FFA86632CBA746181433FBB75451:
+pub:-:4096:1:3B4FE6ACC0B21F32:2012-05-11:::-:Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>::scSC:
+fpr:::::::::790BC7277767219C42C86F933B4FE6ACC0B21F32:
+pub:-:4096:1:D94AA3F0EFE21092:2012-05-11:::-:Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>::scSC:
+fpr:::::::::843938DF228D22F7B3742BC0D94AA3F0EFE21092:
EOF
+# Output of the command:
+# => gpg --with-fingerprint --with-colons [FILE]
GPG_FINGER = <<-EOF
-pub 1024D/02A818DD 2009-04-22 Cloudera Apt Repository
- Key fingerprint = F36A 89E3 3CC1 BD0F 7107 9007 3275 74EE 02A8 18DD
-sub 2048g/D1CA74A1 2009-04-22
+pub:-:1024:17:327574EE02A818DD:2009-04-22:::-:Cloudera Apt Repository:
+fpr:::::::::F36A89E33CC1BD0F71079007327574EE02A818DD:
+sub:-:2048:16:84080586D1CA74A1:2009-04-22::::
EOF
describe Chef::Provider::AptRepository do
@@ -57,6 +55,10 @@ describe Chef::Provider::AptRepository do
Chef::Provider::AptRepository.new(new_resource, run_context)
end
+ let(:apt_key_finger_cmd) do
+ "apt-key adv --list-public-keys --with-fingerprint --with-colons"
+ end
+
let(:apt_key_finger) do
r = double("Mixlib::ShellOut", stdout: APT_KEY_FINGER, exitstatus: 0, live_stream: true)
allow(r).to receive(:run_command)
@@ -102,28 +104,32 @@ C5986B4F1257FFA86632CBA746181433FBB75451
it "should run the desired command" do
expect(apt_key_finger).to receive(:run_command)
- provider.extract_fingerprints_from_cmd("apt-key finger")
+ provider.extract_fingerprints_from_cmd(apt_key_finger_cmd)
end
it "should return a list of key fingerprints" do
- expect(provider.extract_fingerprints_from_cmd("apt-key finger")).to eql(apt_fingerprints)
+ expect(provider.extract_fingerprints_from_cmd(apt_key_finger_cmd)).to eql(apt_fingerprints)
end
end
describe "#no_new_keys?" do
before do
- allow(provider).to receive(:extract_fingerprints_from_cmd).with("apt-key finger").and_return(apt_fingerprints)
+ allow(provider).to receive(:extract_fingerprints_from_cmd).with(apt_key_finger_cmd).and_return(apt_fingerprints)
end
let(:file) { "/tmp/remote-gpg-keyfile" }
it "should match a set of keys" do
- allow(provider).to receive(:extract_fingerprints_from_cmd).with("gpg --with-fingerprint #{file}").and_return(Array(apt_fingerprints.first))
+ allow(provider).to receive(:extract_fingerprints_from_cmd)
+ .with("gpg --with-fingerprint --with-colons #{file}")
+ .and_return(Array(apt_fingerprints.first))
expect(provider.no_new_keys?(file)).to be_truthy
end
it "should notice missing keys" do
- allow(provider).to receive(:extract_fingerprints_from_cmd).with("gpg --with-fingerprint #{file}").and_return(%w{ F36A89E33CC1BD0F71079007327574EE02A818DD })
+ allow(provider).to receive(:extract_fingerprints_from_cmd)
+ .with("gpg --with-fingerprint --with-colons #{file}")
+ .and_return(%w{ F36A89E33CC1BD0F71079007327574EE02A818DD })
expect(provider.no_new_keys?(file)).to be_falsey
end
end