diff -Nru weboob-1.0/debian/changelog weboob-1.0/debian/changelog --- weboob-1.0/debian/changelog 2014-12-10 10:05:31.000000000 +0100 +++ weboob-1.0/debian/changelog 2015-01-18 19:56:20.000000000 +0100 @@ -1,3 +1,11 @@ +weboob (1.0-3) unstable; urgency=medium + + *debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch: + prompt user to accept an untrusted keyring when updating repositories + (Closes: #774838). + + -- Romain Bignon Sun, 18 Jan 2015 16:07:58 +0100 + weboob (1.0-2) unstable; urgency=low * debian/patches/0003-fix-compatibility-with-a-patch-introduced-by-768611.patch: diff -Nru weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch --- weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch 1970-01-01 01:00:00.000000000 +0100 +++ weboob-1.0/debian/patches/0004-prompt-user-to-accept-an-untrusted-keyring.patch 2015-01-18 19:56:20.000000000 +0100 @@ -0,0 +1,183 @@ +From: Romain Bignon +Date: Fri, 16 Jan 2015 12:21:51 +0100 +Subject: prompt user to accept an untrusted keyring + +--- + weboob/applications/weboobcfg/weboobcfg.py | 3 ++- + weboob/core/repositories.py | 25 ++++++++++++++++--------- + weboob/tools/application/console.py | 20 +++++++++++++++++--- + weboob/tools/application/qt/backendcfg.py | 5 +++++ + 4 files changed, 40 insertions(+), 13 deletions(-) + +diff --git a/weboob/applications/weboobcfg/weboobcfg.py b/weboob/applications/weboobcfg/weboobcfg.py +index 822325c..3c4e96b 100644 +--- a/weboob/applications/weboobcfg/weboobcfg.py ++++ b/weboob/applications/weboobcfg/weboobcfg.py +@@ -25,6 +25,7 @@ import re + from weboob.capabilities.account import CapAccount + from weboob.core.modules import ModuleLoadError + from weboob.tools.application.repl import ReplApplication ++from weboob.tools.application.console import ConsoleProgress + from weboob.tools.ordereddict import OrderedDict + + +@@ -261,4 +262,4 @@ class WeboobCfg(ReplApplication): + + Update weboob. + """ +- self.weboob.update() ++ self.weboob.update(ConsoleProgress(self)) +diff --git a/weboob/core/repositories.py b/weboob/core/repositories.py +index dbf7448..89ff23f 100644 +--- a/weboob/core/repositories.py ++++ b/weboob/core/repositories.py +@@ -26,6 +26,7 @@ import re + import sys + import os + import subprocess ++import hashlib + from datetime import datetime + from contextlib import closing + from compileall import compile_dir +@@ -180,7 +181,7 @@ class Repository(object): + # Save the repository index in ~/.weboob/repositories/ + self.save(repo_path, private=True) + +- def retrieve_keyring(self, browser, keyring_path): ++ def retrieve_keyring(self, browser, keyring_path, progress): + # ignore local + if self.local: + return +@@ -202,11 +203,11 @@ class Repository(object): + if keyring.exists(): + if not keyring.is_valid(keyring_data, sig_data): + raise InvalidSignature('the keyring itself') +- print('The keyring was updated (and validated by the previous one).') +- else: +- print('First time saving the keyring, blindly accepted.') ++ progress.progress(0.0, 'The keyring was updated (and validated by the previous one).') ++ elif not progress.prompt('The repository %s isn\'t trusted yet.\nFingerprint of keyring is %s\nAre you sure you want to continue?' % (self.url, hashlib.sha1(keyring_data).hexdigest())): ++ raise RepositoryUnavailable('Repository not trusted') + keyring.save(keyring_data, self.key_update) +- print(keyring) ++ progress.progress(0.0, str(keyring)) + + def parse_index(self, fp): + """ +@@ -378,6 +379,9 @@ class IProgress(object): + def error(self, message): + raise NotImplementedError() + ++ def prompt(self, message): ++ raise NotImplementedError() ++ + def __repr__(self): + return '<%s>' % self.__class__.__name__ + +@@ -389,6 +393,10 @@ class PrintProgress(IProgress): + def error(self, message): + print('ERROR: %s' % message, file=sys.stderr) + ++ def prompt(self, message): ++ print('%s (Y/n): *** ASSUMING YES ***' % message) ++ return True ++ + + class ModuleInstallError(Exception): + pass +@@ -579,7 +587,7 @@ class Repositories(object): + try: + repository.retrieve_index(self.browser, repo_path) + if gpgv: +- repository.retrieve_keyring(self.browser, keyring_path) ++ repository.retrieve_keyring(self.browser, keyring_path, progress) + else: + progress.error('Cannot find gpgv to check for repository authenticity.\n' + 'You should install GPG for better security.') +@@ -610,7 +618,7 @@ class Repositories(object): + :param progress: observer object. + :type progress: :class:`IProgress` + """ +- self.update_repositories() ++ self.update_repositories(progress) + + to_update = [] + for name, info in self.get_all_modules_info().iteritems(): +@@ -792,8 +800,7 @@ class Keyring(object): + + def __str__(self): + if self.exists(): +- with open(self.vpath, 'r') as f: +- import hashlib ++ with open(self.path, 'r') as f: + h = hashlib.sha1(f.read()).hexdigest() + return 'Keyring version %s, checksum %s' % (self.version, h) + return 'NO KEYRING' +diff --git a/weboob/tools/application/console.py b/weboob/tools/application/console.py +index 35c9cf9..5e9e892 100644 +--- a/weboob/tools/application/console.py ++++ b/weboob/tools/application/console.py +@@ -31,7 +31,7 @@ from weboob.capabilities import UserError + from weboob.capabilities.account import CapAccount, Account, AccountRegisterError + from weboob.core.backendscfg import BackendAlreadyExists + from weboob.core.modules import ModuleLoadError +-from weboob.core.repositories import ModuleInstallError ++from weboob.core.repositories import ModuleInstallError, IProgress + from weboob.exceptions import BrowserUnavailable, BrowserIncorrectPassword, BrowserForbidden, BrowserSSLError + from weboob.tools.value import Value, ValueBool, ValueFloat, ValueInt, ValueBackendPassword + from weboob.tools.misc import to_unicode +@@ -55,6 +55,20 @@ class BackendNotFound(Exception): + pass + + ++class ConsoleProgress(IProgress): ++ def __init__(self, app): ++ self.app = app ++ ++ def progress(self, percent, message): ++ self.app.stdout.write('=== [%3.0f%%] %s\n' % (percent*100, message)) ++ ++ def error(self, message): ++ self.app.stderr.write('ERROR: %s\n' % message) ++ ++ def prompt(self, message): ++ return self.app.ask(message, default=True) ++ ++ + class ConsoleApplication(Application): + """ + Base application class for CLI applications. +@@ -288,7 +302,7 @@ class ConsoleApplication(Application): + + def install_module(self, name): + try: +- self.weboob.repositories.install(name) ++ self.weboob.repositories.install(name, ConsoleProgress(self)) + except ModuleInstallError as e: + print('Unable to install module "%s": %s' % (name, e), file=self.stderr) + return False +@@ -562,7 +576,7 @@ class ConsoleApplication(Application): + + minfo = self.weboob.repositories.get_module_info(backend.NAME) + if minfo and not minfo.is_local(): +- self.weboob.repositories.update_repositories() ++ self.weboob.repositories.update_repositories(ConsoleProgress(self)) + + # minfo of the new available module + minfo = self.weboob.repositories.get_module_info(backend.NAME) +diff --git a/weboob/tools/application/qt/backendcfg.py b/weboob/tools/application/qt/backendcfg.py +index fc5531a..0b8db78 100644 +--- a/weboob/tools/application/qt/backendcfg.py ++++ b/weboob/tools/application/qt/backendcfg.py +@@ -80,6 +80,11 @@ class ProgressDialog(IProgress, QProgressDialog): + def error(self, message): + QMessageBox.critical(self, self.tr('Error'), '%s' % message, QMessageBox.Ok) + ++ def prompt(self, message): ++ reply = QMessageBox.question(self, '', unicode(message), QMessageBox.Yes|QMessageBox.No) ++ ++ return reply == QMessageBox.Yes ++ + + class BackendCfg(QDialog): + def __init__(self, weboob, caps=None, parent=None): diff -Nru weboob-1.0/debian/patches/series weboob-1.0/debian/patches/series --- weboob-1.0/debian/patches/series 2014-12-10 10:05:31.000000000 +0100 +++ weboob-1.0/debian/patches/series 2015-01-18 19:56:20.000000000 +0100 @@ -1,3 +1,4 @@ 0001-Set-copyright-in-applications.patch 0002-fix-StatusField-to-be-a-BaseObject.patch 0003-fix-compatibility-with-a-patch-introduced-by-768611.patch +0004-prompt-user-to-accept-an-untrusted-keyring.patch