search

aptly-dev / aptly

aptly - Debian repository management tool
https://www.aptly.info/
MIT License
2.56k stars 374 forks source link

functional tests fail because pagerduty key expired #1262

Closed colincoghill closed 5 months ago

colincoghill commented 5 months ago

Detailed Description

While trying to build aptly (and run the system tests), the part that uses the pagerduty package repository fails.

This worked fine last time I tried about a month ago, and failed today. I believe the break happened on 21 March (see why below)

t04_mirror:UpdateMirror17Test... OK
t04_mirror:UpdateMirror18Test... OK
t04_mirror:UpdateMirror19Test... Traceback (most recent call last):
  File "/home/runner/git/aptly/system/run.py", line 102, in run
    t.test()
  File "/home/runner/git/aptly/system/lib.py", line 178, in test
    self.check()
  File "/home/runner/git/aptly/system/lib.py", line 343, in check_output
    self.verify_match(self.get_gold(), self.output,
  File "/home/runner/git/aptly/system/lib.py", line 466, in verify_match
    raise Exception("content doesn't match:\n" + diff + "\n")
Exception: content doesn't match:

Closer investigation shows that the key pagerduty use to sign the repository expired on March 21st, 2024.

I've tried replacing the key included in the tests (aptly/system/files/pagerduty.key) with the newer one, fetched from pagerduty with 

wget -O - https://packages.pagerduty.com/GPG-KEY-pagerduty > system/files/pagerduty.key

and this seems to work, as far as it goes, but the tests fetch a signed Release from an aptly run repo:

http://repo.aptly.info/system-tests/packages.pagerduty.com/pdagent/deb/Release.gpg

And this is signed with the old expired key. I don't have access to fix this one.

Context

There's no indication that aptly is broken here, but the build system/tests are.

This makes it hard to test for actual bugs.

Possible Implementation

Check the pagerduty package related parts of the test suite, around the GPG keys used.

  1. replace the key in aptly/system/files/pagerduty.key with the new one. wget -O - https://packages.pagerduty.com/GPG-KEY-pagerduty > system/files/pagerduty.key
  2. replace the signed file(s) on http://repo.aptly.info/system-tests/packages.pagerduty.com/* with ones signed with the new keys (or perhaps re-mirror pagerduty, I'm not sure how it's set up)

Check that the system-tests now pass (t04_mirror:UpdateMirror21Test and t04_mirror:UpdateMirror19Test)

Your Environment

Ubuntu 22.04 (Jammy)

colincoghill commented 5 months ago

link to the fail in CI: https://github.com/aptly-dev/aptly/actions/runs/8535446588/job/23381869130#step:10:2673

neolynx commented 5 months ago

thanks for reporting, should be fixed in master:

https://github.com/aptly-dev/aptly/pull/1265/commits/9d9dda79e273183eb80c75c8af3b6112fb0f775b

somehow exporting the full key for openpgp worked as well, no new key needed I assume...

could you check if this works for you ?

colincoghill commented 5 months ago

Yes, thank you, works perfectly now!