From 9eba6010d58e32861de71ce9b7d80900f5972a1a Mon Sep 17 00:00:00 2001
From: Baptiste BEAUPLAT <lyknode@cilg.org>
Date: Sat, 17 Nov 2018 22:15:47 +0100
Subject: [PATCH 1/2] Fix multiple uids in gpg keys

Currently, gpg keys with multiple uid won't work for the following use
case:

- Package import will fail as the regexp matching gpg uids only match the
primary uid.

- Only the primary uid will be matched using uid fingerprint on user
profile update:

gpg --with-colons < key.gpg fails to print uid fingerprint
gpg --with-colons --import --import-options show-only < key.gpg succeed

https://unix.stackexchange.com/questions/335669/gnupg-2-1-16-with-fingerprint-no-longer-works-to-show-fingerprints
---
 debexpo/lib/gnupg.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/debexpo/lib/gnupg.py b/debexpo/lib/gnupg.py
index 6382ac69..40eea4f5 100644
--- a/debexpo/lib/gnupg.py
+++ b/debexpo/lib/gnupg.py
@@ -145,7 +145,8 @@ class GnuPG(object):
 
         """
         try:
-            (output, _) = self._run(stdin=key)
+            (output, _) = self._run(stdin=key, args=[
+                '--import', '--import-options', 'import-show', '--dry-run'])
             output = unicode(output, errors='replace')
             keys = KeyData.read_from_gpg(output.splitlines())
             for key in keys.values():
@@ -177,7 +178,7 @@ class GnuPG(object):
         """
         args = ('--verify', signed_file)
         (out, return_code) = self._run(args=args, pubring=pubring)
-        gpg_addr_pattern = re.compile(r"^gpg: Good signature from \"(?P<name>.+?)\s*(?:\((?P<comment>.+)\))?\s*(?:<(?P<email>.+)>)?\"")
+        gpg_addr_pattern = re.compile(r"\"(?P<name>.+?)\s*(?:\((?P<comment>.+)\))?\s*(?:<(?P<email>.+)>)?\"")
         user_ids = []
         for line in out.split("\n"):
             addr_matcher = gpg_addr_pattern.search(line)
-- 
GitLab


From 3ad4d76d746969c50f0e4f539fff9a8bb0c1b52e Mon Sep 17 00:00:00 2001
From: Baptiste BEAUPLAT <lyknode@cilg.org>
Date: Sun, 18 Nov 2018 16:16:47 +0100
Subject: [PATCH 2/2] Add regession tests for handling multiple uid in gpg keys

---
 debexpo/tests/functional/test_my.py           |  26 +++++++-----
 debexpo/tests/gpg/debian_announcement.gpg.asc |  29 +++----------
 debexpo/tests/gpg/pubring.gpg                 | Bin 4522 -> 664 bytes
 debexpo/tests/test_gnupg.py                   |  39 +++++++++---------
 4 files changed, 40 insertions(+), 54 deletions(-)

diff --git a/debexpo/tests/functional/test_my.py b/debexpo/tests/functional/test_my.py
index ecc31984..cb15e303 100644
--- a/debexpo/tests/functional/test_my.py
+++ b/debexpo/tests/functional/test_my.py
@@ -27,18 +27,22 @@ AQD4ZLpyUg+z6kJ+8YAmHFiOD9Ixv3QVvrfpBwnBVtJZBg==
 
     _GPGKEY = """-----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mDMEW+iERRYJKwYBBAHaRw8BAQdAZN+9IfILcMWaZ5bOx4Ykmum/1ZMaxZAw1YbI
-KjEWWU60J0RlYmV4cG8gdGVzdGluZyBrZXkgPGVtYWlsQGV4YW1wbGUuY29tPoiQ
-BBMWCAA4FiEEdhj55Cj1+6e2+jO1NU98o/QgaL4FAlvohEUCGwMFCwkIBwIGFQoJ
-CAsCBBYCAwECHgECF4AACgkQNU98o/QgaL7I+wEAjY6np4hgEfkotEM0hpOo1LGF
-sWWiO1OKhi/Nfg+WOoUA/0/DEcGfclpGhpB+unaqn0dLnMKDJeZAxINji7/Lz2gH
-uDgEW+iERRIKKwYBBAGXVQEFAQEHQJwX6mLJZQMkBwKbyJa0+oz15wSiYHFONGYI
-s9TdseYWAwEIB4h4BBgWCAAgFiEEdhj55Cj1+6e2+jO1NU98o/QgaL4FAlvohEUC
-GwwACgkQNU98o/QgaL6XtAEAl+8Pqc8q6EWTudqgynVIpdraSuBrVSaEcxffKaT3
-P6YA/0SM1Yi/F2maISv8k44MzRAdGf2yFabwsfdCH+RLD6YO
-=BYiE
+mDMEW/GBqhYJKwYBBAHaRw8BAQdA+6hBA4PcdcPwgMsKGQXrqwbJemLBgS1PkKZg
+RFlKdKi0IHByaW1hcnkgaWQgPHByaW1hcnlAZXhhbXBsZS5vcmc+iJMEExYIADsC
+GwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRVkwbu4cjBst0cc7HENHgc6HHz
+3wUCW/GB7AIZAQAKCRDENHgc6HHz35EOAP9lXBb8lm72xPeMdjRL+TU83PimD0NZ
+urQfnnLVZOu4tAEAqdrz/2q41mScnKJFAnQ5pan5FYlUnDR2WVp1kiFoPwu0HVRl
+c3QgdXNlciA8ZW1haWxAZXhhbXBsZS5jb20+iJAEExYIADgWIQRVkwbu4cjBst0c
+c7HENHgc6HHz3wUCW/GB6AIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDE
+NHgc6HHz3yr6AP9MyMaz+dsOC3R/WnjE8EdM42mpf3VkKY0icS60K/Aj3QD/XkIA
+qs+ItQAUoeqZM3jh0HvLwUESxm6FtCltwyGlqwW4OARb8YGqEgorBgEEAZdVAQUB
+AQdANrk3qq/eP1TEWfFZqhR0vcz7YB9c5+OnvMV+xO4W3nQDAQgHiHgEGBYIACAW
+IQRVkwbu4cjBst0cc7HENHgc6HHz3wUCW/GBqgIbDAAKCRDENHgc6HHz3/CHAP0c
+hxes4Ebtg7N8B/BoMYwmUVvmMVmoV+ef/vqYvfm6sgEA6fKzMSXllw57UJ90Unyn
+xOwJ1heEnfmgPkuiz7jFCAo=
+=xgUN
 -----END PGP PUBLIC KEY BLOCK-----"""
-    _GPG_ID= '256E/F42068BE'
+    _GPG_ID= '256E/E871F3DF'
 
     def _setup_gpg_env(self):
         self.homedir = tempfile.mkdtemp()
diff --git a/debexpo/tests/gpg/debian_announcement.gpg.asc b/debexpo/tests/gpg/debian_announcement.gpg.asc
index ee88ea97..8b180377 100644
--- a/debexpo/tests/gpg/debian_announcement.gpg.asc
+++ b/debexpo/tests/gpg/debian_announcement.gpg.asc
@@ -1,7 +1,6 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
-
 Fellow Linuxers,
 
 This is just to announce the imminent completion of a brand-new Linux release,
@@ -82,31 +81,13 @@ this in the newsgroup, please don't turn it into a flamewar. :)
 Until later,
 
 Ian
-- --
+- - --
 Ian Murdock                                Internet: imur...@shell.portal.com
 The Linux Warehouse
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAEBCAAdFiEEuSzBcBIwbfVk7W13FdIOf2r1tSUFAlvXATEACgkQFdIOf2r1
-tSV3uxAApxV+PFe9gP7a7cJJ5nVKvcpLKUom501TSgHnebjoxT32x5S5+/l2Lf6U
-z9w9bQoggbCMF0FwoFQ/qtBJ+loFKDiz1ToZqV7gWNRYR8YxRg867c1JQ780gmBx
-tq44D8UN5IRT6o2NQpmBvkTLyOo3cYScbwUarny1pPPrT+pWcrz5sO3Fw0pcPuJU
-qu4S6kDZHm3sLOvgevhmBgAX5OEeZpJNP/FemV7a2wNVT4+xCwsmzMvyN3kTitKR
-gCoH/n0MyGkgHupI5B6B22WTGIX6ogbSmjH4jUjr8YmRsJHBZkncjEPkGhOU5YeU
-8Mizp+u6Z70N/b/A2fuqmwkA7X24FEZ1Re27V5YU+eF/23kk62LSBxGmr9NEe2eE
-5HxP3+DgdszULs6t1xH9vAuSnCNlxmSNZ6fMJCsggd+mddBIRrZMSAdqgosYW/YD
-qw+ydGPb6P0w6DZQZs0K7p3OB5fKjdLbXn7rl+ut70chkMtAkRvH5jYlC+QaPjmN
-vwYGwv1PZPaOsIaCM8a2OzpzqePF+NFDAg0wa5gr7sxaBeMgtvwwCe2+Ufq1JY6R
-X7/ubU4/LKouiUvUlkx94ywzMMUu3jT5h0YKcpFNSYIdYDryKphKsfShkPL99Hc3
-xuMqR6HFZmCFLPxNue5/i/yycAAfXecXr3ZcoYVMIUl50NV7OuqIdAQBFggAHRYh
-BOF57qTrR+YF2YZjLihiGOfHT5wRBQJb1wExAAoJEChiGOfHT5wRGV0A/3WvXKec
-IJBQxGQt9tevYll6yPV7+fKeAWxzblL4YIM6APYgmWXfitzvt7hxmJrS5+cpMd9A
-w75HtceAxeuhvK4IiQEzBAEBCAAdFiEEd8cUFd1/c7yHLW6GLs8+zl3EJqcFAlvX
-ATEACgkQLs8+zl3EJqfuGAgAm7hctCl4Ol4UYaeD7RQrObX0l/GTYZTI28ffyXal
-+C+oo98ifVLlnyIat3GRib3bP8U4fz8440E4UClUrPiMUfUHMff+3rNvWnXzTeQj
-IqsfMycrq4cQNpLQU05H7/z4pzfDg1yY3/J92BJL+OAbO2K13pVd6/fW3rZK+H0E
-htd0mj512QNH0lzIcUx2dp+4VTyRPlda+zbBn2bJaphLMkmAV2cfnRQ4xDjqNxGk
-XKTRAtAi6oqZDskYYJoIf4UrdWzQrNE7MgDsmr/eGy/0wG5cSbuintuBoonc7agb
-lefymg6+MlgapLm45sptAgjy//nWGRbGO2pYttWEZiHWcQ==
-=VDty
+iIoEARYIADIWIQSGVz4uSUdVmCPsPxTH4ZqYGuqOuwUCW/F80RQcZGViZXhwb0Bl
+eGFtcGxlLm9yZwAKCRDH4ZqYGuqOu782AQC7bhU/2C3xzZAkuvuBpTYlGLHC/yZ2
+C8eiVvzXJ/6EJwEAlXe68PmgVrQb5/r2mTY0G3Paj4HGLIEHBMsifT5YnwY=
+=6ea2
 -----END PGP SIGNATURE-----
diff --git a/debexpo/tests/gpg/pubring.gpg b/debexpo/tests/gpg/pubring.gpg
index 881e9ee9ecf51f9f86b37d5da76b2f2049b7c141..68eee7ef28eec97afd3612e7490ebef88c3797c2 100644
GIT binary patch
literal 664
zcmbPX%o6>vMna5Jn~jl$@s>M3BO|-RONmuq(h~nvY}gWUzUa@-?pdto=6ZaTSan3&
zwApWkm;44E28Q&4bVdd+*dkj{l$o1YRH=}eqF|Gon3?C0T9KGrkdvyHUzBbKRm=oY
z+%cI&Sd4?gnn{|Om79};orz79i<5(!iA9WwnUP73kx9HkOp&E6+)mHaJ#>ch8+(!C
z4`<Dgdeyg^l?mw35++GT1};tknBc|9j0{bNV%K*)Z`M7qqcXEcBBNo}qR*N)+|)(n
zsy!{s*QjVRGTi!}YQ&#&*U|god*wNkZ&cjMIbt?T;MbR)L(dN$$o$N<fsKI~=pTkH
zswt^SsTBqJ3MHw<C7F5Y3N}yyd_I~0_K^iXX9wZ&F0yxwOc@!DiF)1eUtGoI9{e)=
z`fQnqNsN+nZpakszey`Mf8=U=j^V$j;~Xci*joqs3KyMMJDfgugXxUICEHFvNy{~Q
z|CyzX5$2s87T~xQ;sVF*^iW1tP~^TS{`lKp`~L5hveQcWR`ze%UX`NR@kQX#E{C9=
zc_EqV%#0lD9ThARz*thi=O+m!X&z*^hsiVi;R)8*)xa_HQb^RfTL-j@x9Q%yvyA<f
z{FmvC;wxsb?rvuIpM5{6%D2(+%ahIPg8~IB6C9-{mfnku)IM=!S(jwk4Q`m*0rFPw
Am;e9(

literal 4522
zcmb_fWmHt%8a^`&-5{-W4W*LO4mn7DfYQ>9fWS~HF*G6}UDDDB(xs?KBPB6(OUVcl
zj!0a<%lhuU>s$A`Kki;@pR><<_E~H1=Y7ueyc+-jW)KJftIFxy0B6l;oV4S-pO1ex
z>~t{bV&n$^*!Tb#xa!q;g=)s%y(Ns_IaFXkrvLs&&cd@9%;&TEQ_bZAjE1L_QPbQD
z{vwA9bZy&bVX5<XXAJ}pon11|MjRK<U;uJ)|BuV%3Q|GD5TmhU4G<ns10b17oyBw+
z%B63W6pPvH?Tq`WRK^hbIp>a!33+)_P?|bZ-%%*!R*KtdnJAO);+)qu+VDvv%JH8x
z3yyQTYM>JARltUraX4J9E6aVDUF0!Rm6UvYn!Suwqud23^^1))W%D-J7nwiw%E8)X
z$@SgXY%vm$n0$eWT9U>oj|7^ESWT--7-<W>Cw<_ShUXckr3W2S)_PRI6YSNBXzu%l
z%RrkZvuA+#{exL)qV^U1dl&-E<R3cq3xl|2^_2&t$|$c=?UN}Q3ovr>B~&qet99_}
zPMwVAiP<NrrqEa1^pexc&odv5yznyS(exW&dg-CJ2rCmUP)v0N$Uy+8@(exOhqk}-
z0n~6<SzB0pKXhS6Si2+aoo$(={u#J!?QQP#@PV~}i<_;?KR*Kh#yA3W7eaZ4rwla<
z<gXHm4L%1P%z%ZBkM+S8z$V1U!v*6|5#Zwyf+5skED)Fx1f~f92=K`+bMF&?duphF
zuJ9UTYq#~1^No!uAg)Aww8ug@7l$q{*a#$kdT0Oe9gx?yV;@kk+%kJqP8TH{1|f+c
zEE-8vkr6$CU`MG6U9k*%J)=n5JVAe|WLMG+)n=OVL*;qc`$ENfuj};Pt6i6C0w!I`
zEma8nY>xJ2qkUe@jVwvNmOtuZfw_d?RQS2a_I#zl7xkw_wHu@%mTwmO4ExdHFX~*c
z!pv}b_PevUJ%@TuF_Ny4L$hy;^)G7$4Lp1`Xdl`T*Xi*|#R*(@Qvcb1I$<A|Pr%##
zMt?kel5QaVM2bvpi8iuHhqY)dTe_YFm%4Yz(Pn`5)4PpoJTI;45Pc{$q_GkQz&gte
z(D)}~du06r3pK*uHo9}zCgL#W=GVxIa&kOWw|Y&7#Z@-={=J4Hx1*S}9v<rs$&-W_
zSEtH593)r%;Le66`1LgYvIEh;MY380c4G<nlm^mskXQ`rbv5$u{n{V((7x*u?fo9n
zyqoISw}CwPdRO2%<p=(;tMEi&dOp~a$_Gs)WtnJ`$76;C)}l?+=pSyh(anW(uX!_@
zmQ88anZ$7%<k306uI3OOAKah>Q_%3b;Z2uIgnCpa&R3XV!i$P9TA2ImN~Mv(S|0Xe
zuKi|egpNH7EO<*SWc7~G{XSLww<O>%<x*PmlHTtg6ZwaX35+)&xIF0@)v$whv^hJ9
z^-V7r8v&An(4Nta^Ka-z^qX$~N~^7U+~ccOf`(O&qP*P_-7SzFYCAhxV8Ju|xuui+
z%Ay9%a=1&4e}o2UfZWXolGolAp}NbNw!~R`5T7UaDo1Y<pgq*VuUIf#^j#=(&Q&*b
zA|2r<mt<L#l60}mZNZFaKMBq|I`zaT#)fN+`D4f@GWI(ff9zzV_~?Eb64)5+?Zg;a
z#_bglBeKWRkV*0UMHP=uZG7d771UAV58TMZmRn(l=D>Jk_R^9LvBQo~7SznWR#ga$
z-oo!;99FBdY))npF*PMDzdjpFRw=bdHU5CM$<2$_z(2E-Bub4VvwrLb9!xL8HbGg`
z39+!QpaW`Ot@r&ocF+^5o5;o4HFrs?<Q+l7-b48Kc-TDR6T71L`<Wau0Kkv=Q=0LP
z&!xGM@BKrH8&3OHTTWh7!zBI=`?cpn%Y6Rt2b085)`yB9+gV!!yZEUauZyiKpN0QT
zn!*3OG=ndsIRr!oR1I7i%yo)jf4Nz-8-5^LXUZ3(Y`kxbODu_8TALOubH9fgmF<)b
zBJ5dk=ZH+$XEBTw>CZI!1AO{ofXeVDuIm~*ZvlK~1s{Uo7gMKB8Ic~^aB(IOgK@a3
z868pV@o$?3Cpvx`;&VP)?`%%sbcf4^sQ&8re7Uys)LB=feRt@y9VJR$%<`zT<e(8H
z)*(@6Sa{UW?Lnbzm984cv$@h4H%W1Sr3B+v`t~J1Z+>yt=qVG@%nrX?Vf#&)vb!ml
zOD9~?Zqvr{)P9a4ZWe%hjL>R@gCo|ZlI}6;N*D;rZ^;(NIAqnnDAFUwY^-D|@%F2f
zfbSow%W9A$Tf&@zB<K7N{6A_tzp5;;hOQV1?@s+pf-<Wun>?WS&NF+hwffq|)8y^D
znYr@|;MPaZ2{?+~c_gF<<SqWB85z6Ue3Wc^)!F6HuzsI*m1iqJSrN&E%8q@*m+-Mr
zU+N&KRvj|_&CKNat#nLMFcg-fqlfeOZUKwBH~BT`jegBG*s4_>`||~RBr6J3l7=?C
zQ#K^gDl9wHXDg3%zqR8_bCvf#Lo?nF{}qY#>PYFmr^Uyv*$pw3`-^=)pLVC}WW#1e
zS8aP?l|9<EKjwv4;S_R!%b{PUd5nTJh*}~s8|!Mc@w9U`J1g9iW%m!$k4IWji5Wy>
zmCKUGh5t8e0&84Y)2%bD_$wk`SX0QkHT@S;x@3J;8tJL6W=w;`zCT-?CUnG2HzY~U
zrX+B3tb}Yuc({-cJs?k|Zs5~F6xs5Ha@GS&d|6Bg4pU!68nz`cwhS)7@;Q?+KPMcM
zPB`gZo(wO`Nb%=!%k+HQ)2|qKBUY;LS?!aFgLqc7<e)0OwAVWin?6pby-s4AX*Cah
zvyKnLOPWX8%QaOWe<W_fadpc(Z|O-OTX6OW+XvFsnLMk;vT{bTQ>DEk+1`~^7h9L6
z%RC7S5$!Xi?7r6hTrXxH-J)P(JrM3fy<?#_;`$SdwBp4SjtGYJJ3M?u+r5|ThL3(0
zM3j;&VCYpE30DxukXTLAOP>>sGIytgE2AQ1L3xD-CjDu8U5I5UNWRBqSX4qNSIo%%
z;j)*=4H5RJJAK!M5?RCVn}2B>e?7i+IM=_nxNF1Ae!E^C){8Nvj=b8z#+@aV5P1bd
zGO~!*ruvqsYB4P8aY*#GMvQjg=XIq-Z_sxyPZHZKfz)RWxG|$Q)GOn8JXN?bTS#jN
z^<MVs9%>6yX7(fYn<9PX`vU`Wg1ykbx(3t+PfVH3>bJxxv69)y2Wi1_h`gCS?3{(d
z{*vK18N=@eE?(R6T<CpNG#Azk58<joy|LX-|G7K*7VZ=qwuf8-Z2XzLYqqN!GBw&S
z^l~;ABcrPt-{C;NN983@I3|5DaIjYCq<m8QYw1!w8~@a*k-D7ZYfBbLyJyepKbR|>
z5Xtda5y{h*)^uj4u!i4b%cT&53w+Ht@tWF=Z)WH0GZ5$6=MhBJ{tOHpISCB}DEVd_
zgPf_xTY_GtzEiTmnI3X1a%>Z62gz4%Ix#m>S2aA!vQRWfPUtgDkd5tPve0mrEzhRr
z?Lb{)f$Qv8_#t+IWJURP<gN?7#-CQL5H9#tb(T&UT1gms-@EX9nKFegVnlQ0mn|k8
z^V%fuk7zviq6F)KgRA#lysLjb-lvIQ6ZudI@#;|As8&3|UOg?XaMf5cpOkBRJjyy=
zOeMYeq3p@W6^19bZU-kvYFy>C?$#<Cv@(hA*f(Hk%TQ?}K#DPy^vBIB=K69YGb}9Y
z<AX#g!H)TdiiUqM1PMN>7O6`*A~t3|jGL89Xl`L8BK;bLPwyu_cF%=d{5xzGsh5J?
zS)L}8`8B0^2;X-)Iq=BB&J-LmvUPJf&Z$zetDN$?^XXLJ^9PLE_R~o;p{FM}X$-I7
zZ#Xq;#-jVZ=EV=u4wkn+(=*l$L+NlNO3Bt6>gY&0dj?DLCk%LL@M?(&wi6Xh+m5Y7
zw>OVPZ>Hb*n2u2~w@!?DvK{A}oyxBv8i`M5-#<)PXv=>u9uP`eB%2e;?jWC>p7S_W
z@>hf2FE6~elKRv?n1Hhj?s{v2T;I`tlXL-mJP-O^lz>GqiW26(5gMZNa^zA_B9=%`
zn8^r2B5s-%<{eqpZmDAB<_($1G6|?!%)Q5yyU^7Kt=rSHbq#z=QFzQjuQ#G6a6R#p
z+_9!Ze>b!+&b?v+y2f-W=WUC0*lYD3_H{{xO$+$%KL~Ixy>iT75cumFJ#9&s;?Om2
z$Mm)OvS_Ae0F^Pr?Lf|~{*p*JxQ-u&Rtul@?<TiPjl@}jEHfcHdhbN6vE1}L60LC|
zglOUMWf)!;z7d}*qT<eDVsbMp^4r+LGVeBuo3Ha(Q%sfUamctqg{vbXINwZb<JfPX
z!#5Kzp{*8Ar6m#Zys0gQY_bh|gx~J=g4wuKgh0YWxa-Te%6GkNDKOHus#^OHB`Elb
zhj&KV(RGpQl9Az_&dTzD2aT{rdP;-$d&Bx>Gcl#GYniuzIn71l=dW^~iBy=m9gT_|
zeGZOVu#6D`V>5rQ!_CF_328eZ@9a~dAR4HVN7v0da9pvSXyXW|!SIb_^Pr46A9Dqw
zyHi{?wk^?s(hBkCs5eo%<wS7Z>cq~SU<fyJvaq15WiEA&#*ZBC;WuW?6XHmaJ&YBn
zCPD(OlU^q<6X8d6FJ4AxKIyB#w#56gv65;$ahm3}7gP+Rb0Hm$v08gQ-Q$~<#tj+s
zzf{~GQ`Lh>d1HG$?xH0VpleG{**+OaVGq`DufAE%d{;<_CRR~+iWqMF1iKUz)QbmG
z4arsOo^0H!d0LplO;*}P005i)S&o7F&&#m|A9Vhv@)zuhP)h-B3)<CA%?$Fhl8gDQ
z10R?|4VcMI@`lCPU*DaJZ!L6JYdQ=6TR8@_okjkqlX8mC`9XP<8lM*j1OZJdlY&6F
zw;4zAU}k(Nn3v6R@`7$t`Fl*7`t<`ARDuDWujuq+zx^MMli{%tN@_gd+_L{_vlo^<
z`Ztz+iHye?d|AA1?1;xYlUR!jIU-?pd)b79(+NXvN*epsZ~a2(Sb!taOq19mM-s=|
z-`N=-*z55~@uX0__GoISX2BnjW}qUx%u&Ow3q&XgE)Yq+2f{vwWVbxvL*Y`Iuzq1t
zF_uA3R$WOe1f+dn*x-RSQ<yFn#scBthI>P3&-Qe#4*zXW7wT}icHs)(^uEu_0U1ef
zP_JHxvGtE+)sk^s)9|!ehEsj(ao3}SE)amRYI4&it=^FH+X>*jsvk`{e6tln^|pQ;
i7yrHPumR5H+9jiAR4Uq%L0gI(O|}YdT@xGD1OEVhG^q^$

diff --git a/debexpo/tests/test_gnupg.py b/debexpo/tests/test_gnupg.py
index 2da4f41c..1219484f 100644
--- a/debexpo/tests/test_gnupg.py
+++ b/debexpo/tests/test_gnupg.py
@@ -45,20 +45,23 @@ from debexpo.lib.gnupg import GnuPG
 test_gpg_key = \
 """-----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mDMEW9b91RYJKwYBBAHaRw8BAQdAHtUIQWAsmPilu0JDMnLbpPQfT1i3z2IVMoDH
-rhlYkO+0JWRlYmV4cG8gdGVzdGluZyA8ZGViZXhwb0BleGFtcGxlLm9yZz6IkAQT
-FggAOBYhBOF57qTrR+YF2YZjLihiGOfHT5wRBQJb1v3VAhsDBQsJCAcCBhUKCQgL
-AgQWAgMBAh4BAheAAAoJEChiGOfHT5wRdQIBAJ8rciR0e1PaA+LhoTWHaPSgCwvc
-lNFyRk71s75+hRkhAPwPnl6QqGsOa0DyJB5saVcqPCqYFbF1usUWIQnPPRsVC7g4
-BFvW/dUSCisGAQQBl1UBBQEBB0DzrYDCp+OaNFinqKkDWcqftqq/BAFS9lq4de5g
-RNytNAMBCAeIeAQYFggAIBYhBOF57qTrR+YF2YZjLihiGOfHT5wRBQJb1v3VAhsM
-AAoJEChiGOfHT5wRNK8A/115pc8+OwKDy1fGXGX3l0uq1wdfiJreG/9YZddx/JTI
-AQD4ZLpyUg+z6kJ+8YAmHFiOD9Ixv3QVvrfpBwnBVtJZBg==
-=N+9W
------END PGP PUBLIC KEY BLOCK-----
-"""
-
-test_gpg_key_id = '256E/C74F9C11'
+mDMEW/F8GBYJKwYBBAHaRw8BAQdA6Riq9GZh/HiwtFjPcvz5i5oFzp1I8RiqxBs1
+g06oSh+0HXByaW1hcnkgaWQgPG1haW5AZXhhbXBsZS5vcmc+iJMEExYIADsCGwMF
+CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQSGVz4uSUdVmCPsPxTH4ZqYGuqOuwUC
+W/F8dAIZAQAKCRDH4ZqYGuqOu9GTAQCCMRbXuueDLcC4eWmMGGiAmqLzKdhGJxQe
+e0k5d6wkKQEA2vdlMg9s3UFL4e8jnJPYeNpsxDaaEPr0jMLnwcBp8wa0JWRlYmV4
+cG8gdGVzdGluZyA8ZGViZXhwb0BleGFtcGxlLm9yZz6IkAQTFggAOBYhBIZXPi5J
+R1WYI+w/FMfhmpga6o67BQJb8XxSAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
+AAoJEMfhmpga6o67MjUBAMYVSthPo3oKR1PpV9ebHFiSARmc2BxxL+xmdzfiRT3O
+AP9JQZxCSl3awI5xos8mw2edsDWYcaS2y+RmbTLv8wR2Abg4BFvxfBgSCisGAQQB
+l1UBBQEBB0Doc/H7Tyvf+6kdlnUOqY+0t3pkKYj0EOK6QFKMnlRpJwMBCAeIeAQY
+FggAIBYhBIZXPi5JR1WYI+w/FMfhmpga6o67BQJb8XwYAhsMAAoJEMfhmpga6o67
+Vh8A/AxTKLqACJnSVFrO2sArc7Yt3tymB+of9JeBF6iYBbuDAP9r32J6TYFB9OSz
+r1JREXlgQRuRdd5ZWSvIxKaKGVbYCw==
+=BMLr
+-----END PGP PUBLIC KEY BLOCK-----"""
+
+test_gpg_key_id = '256E/1AEA8EBB'
 test_gpg_key_name = 'debexpo testing'
 test_gpg_key_email = 'debexpo@example.org'
 
@@ -105,10 +108,8 @@ class TestGnuPGController(TestCase):
         """
         gnupg = self._get_gnupg()
         self.assertFalse(gnupg.is_unusable())
-        (_, gpg_key_uids) = gnupg.parse_key_id(test_gpg_key)
-        (gpg_key_name, gpg_key_email) = gpg_key_uids[0]
-        self.assertEqual(gpg_key_name, test_gpg_key_name)
-        self.assertEqual(gpg_key_email, test_gpg_key_email)
+        (_, uids) = gnupg.parse_key_id(test_gpg_key)
+        self.assertTrue((test_gpg_key_name, test_gpg_key_email) in uids)
 
     def testSignatureVerification(self):
         """
@@ -136,7 +137,7 @@ class TestGnuPGController(TestCase):
         assert os.path.exists(pubring)
         (out, uids, status) = gnupg.verify_sig_full(signed_file, pubring)
         self.assertEquals(status, 0)
-        self.assertTrue(('debexpo testing', 'debexpo@example.org') in uids)
+        self.assertTrue((test_gpg_key_name, test_gpg_key_email) in uids)
 
     def testInvalidSignature(self):
         """
-- 
GitLab