apt_key: fix parsing invalid dates when using GnuPG 2.x #465
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If one should happen to have redirected /usr/bin/gpg to run GnuPG 2.x rather than the more usual GnuPG 1.x, the apt_key provider fails with the following error: Could not prefetch apt_key provider 'apt_key': invalid date This is because the output of "--with-colons" defaults to using "fixed-list-mode" in 2.x but did not do so for 1.x. This new format gives much more information about keys and also uses timestamps in seconds from 1970-01-01 (UNIX epoch) rather than dates in the format YYYY-MM-DD. This patch adds "--fixed-list-mode" when calling apt-key, and adjusts the code to parse the timestamps instead. This actually has several advantages: - Works the same with GnuPG 1.x and 2.x. - More accurate expiry time tracking, not just entire days. - No need to require 'date' any longer. - Will allow the provider to expose more key information in future. Tested on: - Debian Wheezy (Puppet 2.7.23, Ruby 1.8.7p358) - Debian Jessie (Puppet 3.7.2, Ruby 2.1.5p273)
underscorgan
pushed a commit
that referenced
this pull request
Mar 16, 2015
apt_key: fix parsing invalid dates when using GnuPG 2.x
|
Great, thanks @bootc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If one should happen to have redirected
/usr/bin/gpgto run GnuPG 2.x rather than the more usual GnuPG 1.x, theapt_keyprovider fails with the following error:This is because the output of
--with-colonsdefaults to usingfixed-list-modein 2.x but did not do so for 1.x. This new format gives much more information about keys and also uses timestamps in seconds from 1970-01-01 (UNIX epoch) rather than dates in the formatYYYY-MM-DD.It's likely that GnuPG 2.x will replace GnuPG 1.x as the default version of GnuPG in Debian fairly soon, so I think it will pay to be forward-compatible. I also know I'm not the only person to have made the switch already, though this is currently a manual process so this will be uncommon still.
This patch adds
--fixed-list-modewhen callingapt-key, and adjusts the code to parse the timestamps instead. This actually has several advantages:require 'date'any longer.Tested on:
The second commit also sneaks in some unrelated whitespace fixes within the same file.