-
Notifications
You must be signed in to change notification settings - Fork 461
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow full length GPG key fingerprints. #404
Allow full length GPG key fingerprints. #404
Conversation
@@ -2,7 +2,8 @@ | |||
|
|||
describe 'apt::key', :type => :define do | |||
let(:facts) { { :lsbdistid => 'Debian' } } | |||
GPG_KEY_ID = '4BD6EC30' | |||
#GPG_KEY_ID = '4BD6EC30' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The comments serve no purpose, just remove them. We've got Git's history powers if we ever wanted to know what this line looked like in the past.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this is a major pet peeve. Commented code adds nothing unless its an example. Having Git means there's should be no such thing as "I'll comment this out in case I need it later."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I almost did, but it was late and I'd spent a couple hours rebasing/reformatting :) I'll remove them.
Also add support for ECC and ECDSA key_types
41b04f3
to
445ad0b
Compare
Updated based on feedback and rebased on current master again. Can someone take a look at my #403 pull request too? The apt_has_updates fact doesn't work at all at the moment. |
@WolverineFan Don't do that please, asking to push through another PR through this one unless they're related. We'll get to it, but we can't 24/7 our lives on this. |
Allow full length GPG key fingerprints.
I've merged this so we don't sit on it any longer and the PR diverges again. It seems good, tests pass, lets see what happens next. |
Great job everyone! |
:type => line_hash[:key_type] == 'R' ? :rsa : :dsa, | ||
:created => line_hash[:key_created] | ||
:name => line_hash[:key_fingerprint], | ||
:id => line_hash[:key_fingerprint], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this really what we wanted, we are not reporting back the id as a fingerprint, previously this was the short.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, but short is bad (not nearly unique enough). So I figured it had to change to long or fingerprint and chose fingerprint. It's a simple change back to short if it causes some breaking behavior (though I couldn't find anything that uses it).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be a candidate for a major version bump.
On Jan 14, 2015 7:31 PM, "WolverineFan" [email protected] wrote:
In lib/puppet/provider/apt_key/apt_key.rb
#404 (diff)
:@@ -41,14 +49,17 @@ def self.instances
endnew(
:name => line_hash[:key_id],
:id => line_hash[:key_id],
:ensure => :present,
:expired => expired,
:expiry => line_hash[:key_expiry],
:size => line_hash[:key_size],
:type => line_hash[:key_type] == 'R' ? :rsa : :dsa,
:created => line_hash[:key_created]
:name => line_hash[:key_fingerprint],
:id => line_hash[:key_fingerprint],
True, but short is bad (not nearly unique enough). So I figured it had to
change to long or fingerprint and chose fingerprint. It's a simple change
back to short if it causes some breaking behavior (though I couldn't find
anything that uses it).—
Reply to this email directly or view it on GitHub
https://github.com/puppetlabs/puppetlabs-apt/pull/404/files#r22988859.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, the build is broken.
On Jan 14, 2015 7:40 PM, "Naftuli Tzvi Kay" [email protected] wrote:
This might be a candidate for a major version bump.
On Jan 14, 2015 7:31 PM, "WolverineFan" [email protected] wrote:In lib/puppet/provider/apt_key/apt_key.rb
#404 (diff)
:@@ -41,14 +49,17 @@ def self.instances
endnew(
:name => line_hash[:key_id],
:id => line_hash[:key_id],
:ensure => :present,
:expired => expired,
:expiry => line_hash[:key_expiry],
:size => line_hash[:key_size],
:type => line_hash[:key_type] == 'R' ? :rsa : :dsa,
:created => line_hash[:key_created]
:name => line_hash[:key_fingerprint],
:id => line_hash[:key_fingerprint],
True, but short is bad (not nearly unique enough). So I figured it had to
change to long or fingerprint and chose fingerprint. It's a simple change
back to short if it causes some breaking behavior (though I couldn't find
anything that uses it).—
Reply to this email directly or view it on GitHub
https://github.com/puppetlabs/puppetlabs-apt/pull/404/files#r22988859.
I'm pretty the failures aren't because of this patch. My guess is the failure is in the test framework because it is consistently reporting getting nil for things (ironically the failures are in the code I fixed in my other patch, but my version doesn't work either). Also, running the all tests on my box against current master works fine. |
No the failures were directly part of how we were deleting the keys. Previously the failures were only b/c there were duplicate keys and we would not delete the expired key but just the first one apt-key found. Now it wasn't deleting them at all. |
That's odd. The tests have several checks for key deletion, so I'm very surprised if that broke as part of this patch. Plus the tests that are listed as failing are all apt_has_updates checks that refer to unexpected results. |
Just realized I can pretty much guarantee this patch didn't break the tests: Nothing was committed to master between my last rebase and when it was merged. My last rebase passed all tests. So the exact same commit SHA passed once and failed the second time. That points to a testing environment issue. (By the way, I'm not implying there aren't problems with the patch, just that the test failures aren't because of it) |
The builds were passing until it was merged. I'm not saying it was the On Wed, Jan 14, 2015 at 9:41 PM, WolverineFan [email protected]
|
It isn't just the travis tests that I am referencing but also the acceptance tests we run internally. But nevertheless they are working now. Also given the community feedback I have created a PR #410 which changes the delete to use fingerprints as well. |
Now that this is involving changes to other places in the codebase, I'm even more in favor of a major version bump. |
@rfkrocktk the changes that have occurred do not warrant a major version bump. I will look at what has occurred outside of this scope of these PR's |
Aren't they backwards-breaking changes?
|
How so? The API now takes 8, 16 or 40, we have added. I don't see it as a breaking change, we have exactly the same behavior just different mechanism of doing it. My only concern was that the puppet resource apt_key now does not report the namevar as short key. |
My apologies, I thought that there were breaking changes, nevermind.
|
This is a rebased version of rfkrocktk's patch #354 with added tests and several bug fixes found while running said tests. I think this should be good to go.