New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

repo,baseplugin: support trusting repo keys #2437

Merged
merged 4 commits into from Jan 16, 2019

Conversation

Projects
None yet
3 participants
@kyrofa
Copy link
Member

kyrofa commented Jan 11, 2019

  • Have you followed the guidelines for contributing?
  • Have you signed the CLA?
  • If this is a bugfix. Have you checked that there is a bug report open for the issue you are trying to fix on bug reports?
  • If this is a new feature. Have you discussed the design on the forum?
  • Have you successfully run ./runtests.sh static?
  • Have you successfully run ./runtests.sh tests/unit?

Today, snapcraft allows insecure repositories (i.e. repos without a key) because that is the default behavior in Xenial (core16). This behavior changed in Zesty, and stays changed in Bionic (core18). This PR resolves LP: #1811304 by adding the ability to trust keys to the plugin API, taking advantage of it in the Catkin plugin, and flipping the switch to only allow snapcraft to use secure repositories.

For history, see #1614 as well as this forum topic.

@kyrofa kyrofa force-pushed the kyrofa:feature/1811304/apt_keys branch 2 times, most recently from 703934f to 4bd3b5c Jan 12, 2019

@codecov-io

This comment has been minimized.

Copy link

codecov-io commented Jan 14, 2019

Codecov Report

❗️ No coverage uploaded for pull request base (master@e4614ab). Click here to learn what that means.
The diff coverage is 88.23%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #2437   +/-   ##
=========================================
  Coverage          ?   90.03%           
=========================================
  Files             ?      196           
  Lines             ?    12959           
  Branches          ?     1966           
=========================================
  Hits              ?    11668           
  Misses            ?      889           
  Partials          ?      402
Impacted Files Coverage Δ
snapcraft/plugins/catkin_tools.py 88.23% <ø> (ø)
snapcraft/plugins/_ros/rosdep.py 100% <100%> (ø)
snapcraft/plugins/catkin.py 94.07% <100%> (ø)
snapcraft/plugins/_ros/wstool.py 100% <100%> (ø)
snapcraft/internal/project_loader/_parts_config.py 100% <100%> (ø)
snapcraft/internal/common.py 94.66% <100%> (ø)
snapcraft/_baseplugin.py 92.85% <100%> (ø)
snapcraft/internal/dirs.py 50% <50%> (ø)
snapcraft/internal/repo/_deb.py 74% <83.33%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e4614ab...e778f0a. Read the comment docs.

@kyrofa kyrofa force-pushed the kyrofa:feature/1811304/apt_keys branch from 4bd3b5c to e1433da Jan 14, 2019

repo,baseplugin: support trusting repo keys
Today, snapcraft allows insecure repositories (i.e. repos without a key)
because that is the default behavior in Xenial (core16). This behavior
changed in Zesty, and stays changed in Bionic (core18). Add the ability
to trust keys to the plugin API, take advantage of it in the Catkin
plugin, and flip the switch to only allow snapcraft to use secure
repositories.

LP: #1811304

Signed-off-by: Kyle Fazzari <kyrofa@ubuntu.com>

@kyrofa kyrofa force-pushed the kyrofa:feature/1811304/apt_keys branch from e1433da to d3b3cb2 Jan 14, 2019

kyrofa added some commits Jan 15, 2019

Switch around optional keyrings
Signed-off-by: Kyle Fazzari <kyrofa@ubuntu.com>
Switch List to Sequence
Signed-off-by: Kyle Fazzari <kyrofa@ubuntu.com>

@sergiusens sergiusens merged commit 5bca5ed into snapcore:master Jan 16, 2019

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@kyrofa kyrofa deleted the kyrofa:feature/1811304/apt_keys branch Jan 17, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment