Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package obnam The NMU uploaded to unstable fixes an RC bug. The patch is taken from the upstream bazaar repository. There are no other changes beside this bugfix and upstream test case verifying the bugfix passes. Thanks Gaudenz unblock obnam/1.1-1.1 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (800, 'testing'), (700, 'unstable'), (50, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.5-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
only in patch2: unchanged: --- obnam-1.1.orig/tests/encryption-replaces-key.script +++ obnam-1.1/tests/encryption-replaces-key.script @@ -0,0 +1,41 @@ +#!/bin/sh +# Copyright 2011 Lars Wirzenius +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -eu + +gpgkey='3B1802F81B321347' +fingerprint='4E2AF28A3D824CF2B3F1FE733B1802F81B321347' +gpgkey2='DF3D13AA11E69900' + +# Make a backup with the default key ($gpgkey). +$SRCDIR/tests/backup --encrypt-with="$gpgkey" + +# Add new key. "rainyday" is the name of the client. +$SRCDIR/tests/obnam --encrypt-with="$gpgkey" add-key --keyid="$gpgkey2" \ + rainyday + +# Remove the old key. +$SRCDIR/tests/obnam --encrypt-with="$gpgkey2" remove-key --keyid="$gpgkey" \ + rainyday + +# Remove the old key from the gpg keyring. +export GNUPGHOME="$DATADIR/gpg" +gpg --batch --delete-secret-key "$fingerprint" + +# Verify that the backup is still readable, now with the new key. +$SRCDIR/tests/restore --encrypt-with="$gpgkey2" +$SRCDIR/tests/verify + only in patch2: unchanged: --- obnam-1.1.orig/obnamlib/plugins/encryption_plugin.py +++ obnam-1.1/obnamlib/plugins/encryption_plugin.py @@ -161,6 +161,12 @@ logging.debug('unable to remove key %s from %s (not there)' % (keyid, toplevel)) + def rewrite_symmetric_key(self, repo, toplevel): + symmetric_key = self.get_symmetric_key(repo, toplevel) + userkeys = self.read_keyring(repo, toplevel) + encrypted = obnamlib.encrypt_with_keyring(symmetric_key, userkeys) + self._overwrite_file(repo, os.path.join(toplevel, 'key'), encrypted) + def add_client(self, clientlist, client_name): clientlist.set_client_keyid(client_name, self.keyid) @@ -233,6 +239,7 @@ clients = self._find_clientdirs(repo, args) for toplevel in self._shared + clients: self.add_to_userkeys(repo, toplevel, key) + self.rewrite_symmetric_key(repo, toplevel) def remove_key(self, args): '''Remove a key from the repository.''' @@ -244,6 +251,7 @@ clients = self._find_clientdirs(repo, args) for toplevel in self._shared + clients: self.remove_from_userkeys(repo, toplevel, keyid) + self.rewrite_symmetric_key(repo, toplevel) def remove_client(self, args): '''Remove client and its key from repository.''' only in patch2: unchanged: --- obnam-1.1.orig/debian/changelog +++ obnam-1.1/debian/changelog @@ -1,3 +1,10 @@ +obnam (1.1-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix encription key handling (Closes: #680670) + + -- Gaudenz Steinlin <gaud...@debian.org> Thu, 20 Sep 2012 16:22:16 +0200 + obnam (1.1-1) unstable; urgency=low * New upstream version. only in patch2: unchanged: --- obnam-1.1.orig/debian/rules +++ obnam-1.1/debian/rules @@ -3,6 +3,8 @@ dh $@ --with=python2 --with-buildsystem=python_distutils override_dh_auto_test: + # fix test permission due to diff not representing permissions + chmod 755 tests/encryption-replaces-key.script python setup.py build_ext -i rm -rf build cp -a test-gpghome temp.gpghome