Ubuntu
bzr package

bzr verify-signature fails when acceptable_keys is defined

Bug #1249732 reported by Haw Loeung
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Bazaar
Fix Released
High
Vincent Ladeuil
Bazaar 2.7.0
bzr (Ubuntu)
Fix Released
High
Dimitri John Ledkov
Saucy
Won't Fix
High
Unassigned
Trusty
Fix Released
High
Dimitri John Ledkov
Ubuntu trusty-updates

Bug Description

Please keep this description header, needed for Ubuntu SRU to Trusty.
Please see https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template

 Impact:

 Bzr crashes when verifying non-ascii characters in signatures, in
 verbose mode.

 Testcase:

 bzr branch lp:~xnox/+junk/test-signatures
 cd test-signatures
 gpg --import key.asc
 bzr config "acceptable_keys=*@example.net"
 bzr verify-signatures

Original Report:
Hi,

I updated my ~/.bazaar/bazaar.conf file adding the following:

acceptable_keys = *@canonical.com

It seems that the option causes 'bzr verify-signatures' to now fail as follows:

$ bzr verify-signatures -v
bzr: ERROR: exceptions.AttributeError: 'list' object has no attribute 'split'

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/bzrlib/commands.py", line 930, in exception_to_return_code
    return the_callable(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/bzrlib/commands.py", line 1121, in run_bzr
    ret = run(*run_argv)
  File "/usr/lib/python2.7/dist-packages/bzrlib/commands.py", line 673, in run_argv_aliases
    return self.run(**all_cmd_args)
  File "/usr/lib/python2.7/dist-packages/bzrlib/commands.py", line 697, in run
    return self._operation.run_simple(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/bzrlib/cleanup.py", line 136, in run_simple
    self.cleanups, self.func, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/bzrlib/cleanup.py", line 166, in _do_with_cleanups
    result = func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/bzrlib/commit_signature_commands.py", line 127, in run
    gpg_strategy.set_acceptable_keys(acceptable_keys)
  File "/usr/lib/python2.7/dist-packages/bzrlib/gpg.py", line 354, in set_acceptable_keys
    patterns = key_patterns.split(",")
AttributeError: 'list' object has no attribute 'split'

bzr 2.6.0 on python 2.7.5 (Linux-3.11.0-13-generic-x86_64-with-
    Ubuntu-13.10-saucy)
arguments: ['/usr/bin/bzr', 'verify-signatures', '-v']
plugins: bash_completion[2.6.0], bzrtools[2.5.0], changelog_merge[2.6.0],
    grep[2.6.0], launchpad[2.6.0], netrc_credential_store[2.6.0],
    news_merge[2.6.0], po_merge[2.6.0], stats[0.2.0dev], weave_fmt[2.6.0]
encoding: 'utf-8', fsenc: 'UTF-8', lang: 'en_AU.UTF-8'

*** Bazaar has encountered an internal error. This probably indicates a
    bug in Bazaar. You can help us fix it by filing a bug report at
        https://bugs.launchpad.net/bzr/+filebug
    including this traceback and a description of the problem.

$ apt-cache policy bzr
bzr:
  Installed: 2.6.0-3ubuntu1
  Candidate: 2.6.0-3ubuntu1
  Version table:
 *** 2.6.0-3ubuntu1 0
        500 http://archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
        100 /var/lib/dpkg/status

Regards,

Haw

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: bzr 2.6.0-3ubuntu1
ProcVersionSignature: Ubuntu 3.11.0-13.20-generic 3.11.6
Uname: Linux 3.11.0-13-generic x86_64
ApportVersion: 2.12.5-0ubuntu2.1
Architecture: amd64
Date: Sun Nov 10 17:53:03 2013
MarkForUpload: True
PackageArchitecture: all
SourcePackage: bzr
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Related branches

lp:~vila/bzr/1249732-acceptable-keys-from-config
Richard Wilbur: Approve
Bazaar Codereview Subscribers: Pending requested
Diff: 89 lines (+19/-16)
4 files modified
bzrlib/commit_signature_commands.py (+3/-3)
bzrlib/gpg.py (+4/-13)
bzrlib/tests/test_gpg.py (+9/-0)
doc/en/release-notes/bzr-2.7.txt (+3/-0)
Revision history for this message
Haw Loeung (hloeung) wrote :
Revision history for this message
Vincent Ladeuil (vila) wrote :

Reproduced.

It seems that setting 'acceptable_keys' in bazaar.conf is not supported. At least the simple test I'm adding confirms this.

So the workaround is to not set it in bazaar.conf but use the command-line option :-/

Changed in bzr:
status: New → Confirmed
importance: Undecided → High
assignee: nobody → Vincent Ladeuil (vila)
Revision history for this message
Haw Loeung (hloeung) wrote :

Seems to be to do with the following in set_acceptable_keys():

        try:
            if isinstance(acceptable_keys_config, unicode):
                acceptable_keys_config = str(acceptable_keys_config)
        except UnicodeEncodeError:
            # gpg Context.keylist(pattern) does not like unicode
            raise errors.BzrCommandError(
                gettext('Only ASCII permitted in option names'))

The acceptable_keys config is read in as a list, and that bit of code in try doesn't seem to be running to convert it to a string.

Revision history for this message
Vincent Ladeuil (vila) wrote :

In addition, given the way it's implemented, 'acceptable_keys' can be specified in any of branch.conf, locations.conf and bazaar.conf. Same bug and same workaround,

I have a fix in progress.

Changed in bzr:
status: Confirmed → In Progress
Revision history for this message
Brian Murray (brian-murray) wrote :

That fix hasn't made it into to trusty yet, I'm setting a milestone for trusty-updates.

Changed in bzr (Ubuntu Trusty):
milestone: none → trusty-updates
status: New → Triaged
Changed in bzr (Ubuntu Saucy):
status: New → Triaged
Changed in bzr (Ubuntu Trusty):
importance: Undecided → High
Changed in bzr (Ubuntu Saucy):
importance: Undecided → High
Vincent Ladeuil (vila)
Changed in bzr:
milestone: none → 2.7b1
status: In Progress → Fix Released
Dimitri John Ledkov (xnox)
Changed in bzr (Ubuntu Saucy):
status: Triaged → Won't Fix
Dimitri John Ledkov (xnox)
Changed in bzr (Ubuntu):
assignee: nobody → Dimitri John Ledkov (xnox)
Changed in bzr (Ubuntu Trusty):
assignee: nobody → Dimitri John Ledkov (xnox)
Dimitri John Ledkov (xnox)
description: updated
Vincent Ladeuil (vila)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzr - 2.6.0+bzr6595-1ubuntu1

---------------
bzr (2.6.0+bzr6595-1ubuntu1) utopic; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Drop non-main build dependencies on python-{meliae,lzma,medusa}

bzr (2.6.0+bzr6595-1) unstable; urgency=medium

  [ Jelmer Vernooij ]
  * Re-add myself to uploaders.
  * Don't pass blob to file.writelines(), but rather to file.write().
    Closes: #722091

  [ Dimitri John Ledkov ]
  * New upstream snapshot:
    - verify-signature crashes on non ascii characters (LP: #1123460)
    - verify-signature crashes when acceptable_keys is defined (LP:
    #1249732)
 -- Dimitri John Ledkov <email address hidden> Fri, 02 May 2014 14:18:01 +0100

Changed in bzr (Ubuntu):
status: Triaged → Fix Released
Dimitri John Ledkov (xnox)
description: updated
Dimitri John Ledkov (xnox)
Changed in bzr (Ubuntu Trusty):
status: Triaged → In Progress
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Haw, or anyone else affected,

Accepted bzr into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/bzr/2.6.0+bzr6593-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in bzr (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Haw Loeung (hloeung) wrote :

Hi,

I've upgraded to the latest in trusty-proposed and have verified that this is indeed fixed.

hloeung@ragnar:~/Downloads$ apt-cache policy bzr
bzr:
  Installed: 2.6.0+bzr6593-1ubuntu1.1
  Candidate: 2.6.0+bzr6593-1ubuntu1.1
  Version table:
 *** 2.6.0+bzr6593-1ubuntu1.1 0
        100 /var/lib/dpkg/status
     2.6.0+bzr6593-1ubuntu1 0
        500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

hloeung@ragnar:~/Downloads$ apt-cache policy python-bzrlib
python-bzrlib:
  Installed: 2.6.0+bzr6593-1ubuntu1.1
  Candidate: 2.6.0+bzr6593-1ubuntu1.1
  Version table:
 *** 2.6.0+bzr6593-1ubuntu1.1 0
        100 /var/lib/dpkg/status
     2.6.0+bzr6593-1ubuntu1 0
        500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

hloeung@ragnar:~/test$ bzr verify-signatures
1 commits with valid signatures
0 commits with key now expired
0 commits with unknown keys
0 commits not valid
1 commit not signed

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzr - 2.6.0+bzr6593-1ubuntu1.1

---------------
bzr (2.6.0+bzr6593-1ubuntu1.1) trusty; urgency=medium

  * Fix verify-signature command crashing:
    - on non ascii characters (LP: #1123460)
    - when acceptable_keys configuration option is specified (LP: #1249732)
 -- Dimitri John Ledkov <email address hidden> Fri, 09 May 2014 03:48:24 +0100

Changed in bzr (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Scott Kitterman (kitterman) wrote : Update Released

The verification of the Stable Release Update for bzr has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Mathew Hodson (mhodson)
Changed in bzr (Ubuntu):
milestone: trusty-updates → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.