Draft: Handle Signed-By option in case it is a filename instead of fingerprint (!358) · Merge requests · APT Developers / apt

Aristo Chen requested to merge Aristo/apt:main into main Jul 01, 2024

Previously, apt only check if the string of 2 normalized Signed-By value are the same, but it is allowed that both or one of the normalized Signed-By is actually a file name instead of fingerprint

Here are some examples that will fail.

1. Define 2 different file name for the `Signed-By`, but the content is actually the same

/etc/apt/sources.list.d/a.sources	/etc/apt/sources.list.d/b.sources
Types: deb URIs: http://ports.ubuntu.com/ubuntu-ports Suites: jammy jammy-security jammy-updates jammy-backports Components: main Architectures: arm64 Signed-By: /etc/apt/keyrings/a.gpg	Types: deb URIs: http://ports.ubuntu.com/ubuntu-ports Suites: jammy jammy-security jammy-updates jammy-backports Components: main Architectures: arm64 Signed-By: /etc/apt/keyrings/b.gpg

in this case, the error message is

E: Conflicting values set for option Signed-By regarding source http://ports.ubuntu.com/ubuntu-ports/ jammy: /etc/apt/keyrings/a.gpg != /etc/apt/keyrings/b.gpg
E: The list of sources could not be read.

2. Only one of the source lists is defined with `Signed-By`

/etc/apt/sources.list.d/a.sources	/etc/apt/sources.list.d/b.sources
Types: deb URIs: http://ports.ubuntu.com/ubuntu-ports Suites: jammy jammy-security jammy-updates jammy-backports Components: main Architectures: arm64 Signed-By: /etc/apt/keyrings/a.gpg	Types: deb URIs: http://ports.ubuntu.com/ubuntu-ports Suites: jammy jammy-security jammy-updates jammy-backports Components: main Architectures: arm64

in this case, the error message is

E: Conflicting values set for option Signed-By regarding source http://ports.ubuntu.com/ubuntu-ports/ jammy: /etc/apt/keyrings/a.gpg !=
E: The list of sources could not be read.

3. One of the `Signed-By` value is file name, while the other is a fingerprint

/etc/apt/sources.list.d/a.sources	/etc/apt/sources.list.d/b.sources
Types: deb URIs: http://ports.ubuntu.com/ubuntu-ports Suites: jammy jammy-security jammy-updates jammy-backports Components: main Architectures: arm64 Signed-By: /etc/apt/keyrings/a.gpg	Types: deb URIs: http://ports.ubuntu.com/ubuntu-ports Suites: jammy jammy-security jammy-updates jammy-backports Components: main Architectures: arm64 Signed-By: F6ECB3762474EDA9D21B7022871920D1991BC93C

in this case, the error message is

E: Conflicting values set for option Signed-By regarding source http://ports.ubuntu.com/ubuntu-ports/ jammy: /etc/apt/keyrings/a.gpg != F6ECB3762474EDA9D21B7022871920D1991BC93C
E: The list of sources could not be read.

Signed-off-by: Aristo Chen aristo.chen@canonical.com

Draft: Handle Signed-By option in case it is a filename instead of fingerprint

1. Define 2 different file name for the Signed-By, but the content is actually the same

2. Only one of the source lists is defined with Signed-By

3. One of the Signed-By value is file name, while the other is a fingerprint

Merge request reports

1. Define 2 different file name for the `Signed-By`, but the content is actually the same

2. Only one of the source lists is defined with `Signed-By`

3. One of the `Signed-By` value is file name, while the other is a fingerprint