Merge remote-tracking branch 'upstream/master' into bugfix/autopkgtest-yakkety

7 files changed, 59 insertions, 70 deletions

diff --git a/asserts/account_key.go b/asserts/account_key.go
index 3e01b4ad12..8987331a23 100644
--- a/asserts/account_key.go
+++ b/asserts/account_key.go
@@ -108,27 +108,26 @@ func (ak *AccountKey) checkConsistency(db RODatabase, acck *AccountKey) error {
	if err != nil {
	return err
	}
-	// XXX: Make this unconditional once account-key assertions are required to have a name.
-	if ak.Name() != "" {
-	// Check that we don't end up with multiple keys with
-	// different IDs but the same account-id and name.
-	// Note that this is a non-transactional check-then-add, so
-	// is not a hard guarantee. Backstores that can implement a
-	// unique constraint should do so.
-	assertions, err := db.FindMany(AccountKeyType, map[string]string{
-	"account-id": ak.AccountID(),
-	"name": ak.Name(),
-	})
-	if err != nil && err != ErrNotFound {
-	return err
-	}
-	for _, assertion := range assertions {
-	existingAccKey := assertion.(*AccountKey)
-	if ak.PublicKeyID() != existingAccKey.PublicKeyID() {
-	return fmt.Errorf("account-key assertion for %q with ID %q has the same name %q as existing ID %q", ak.AccountID(), ak.PublicKeyID(), ak.Name(), existingAccKey.PublicKeyID())
-	}
+
+	// Check that we don't end up with multiple keys with
+	// different IDs but the same account-id and name.
+	// Note that this is a non-transactional check-then-add, so
+	// is not a hard guarantee. Backstores that can implement a
+	// unique constraint should do so.
+	assertions, err := db.FindMany(AccountKeyType, map[string]string{
+	"account-id": ak.AccountID(),
+	"name": ak.Name(),
+	})
+	if err != nil && err != ErrNotFound {
+	return err
+	}
+	for _, assertion := range assertions {
+	existingAccKey := assertion.(*AccountKey)
+	if ak.PublicKeyID() != existingAccKey.PublicKeyID() {
+	return fmt.Errorf("account-key assertion for %q with ID %q has the same name %q as existing ID %q", ak.AccountID(), ak.PublicKeyID(), ak.Name(), existingAccKey.PublicKeyID())
	}
	}
+
	return nil
 }
 
@@ -148,13 +147,9 @@ func assembleAccountKey(assert assertionBase) (Assertion, error) {
	return nil, err
	}
 
-	// XXX: We should require name to be present after backfilling existing assertions.
-	_, ok := assert.headers["name"]
-	if ok {
-	_, err = checkStringMatches(assert.headers, "name", validAccountKeyName)
-	if err != nil {
-	return nil, err
-	}
+	_, err = checkStringMatches(assert.headers, "name", validAccountKeyName)
+	if err != nil {
+	return nil, err
	}
 
	since, err := checkRFC3339Date(assert.headers, "since")
diff --git a/asserts/account_key_test.go b/asserts/account_key_test.go
index 37887ce183..366bffcc52 100644
--- a/asserts/account_key_test.go
+++ b/asserts/account_key_test.go
@@ -85,27 +85,6 @@ func (aks *accountKeySuite) TestDecodeOK(c *C) {
	c.Check(accKey.Since(), Equals, aks.since)
 }
 
-func (aks *accountKeySuite) TestDecodeNoName(c *C) {
-	// XXX: remove this test once name is mandatory
-	encoded := "type: account-key\n" +
-	"authority-id: canonical\n" +
-	"account-id: acc-id1\n" +
-	"public-key-sha3-384: " + aks.keyID + "\n" +
-	aks.sinceLine +
-	fmt.Sprintf("body-length: %v", len(aks.pubKeyBody)) + "\n" +
-	"sign-key-sha3-384: Jv8_JiHiIzJVcO9M55pPdqSDWUvuhfDIBJUS-3VW7F_idjix7Ffn5qMxB21ZQuij" + "\n\n" +
-	aks.pubKeyBody + "\n\n" +
-	"AXNpZw=="
-	a, err := asserts.Decode([]byte(encoded))
-	c.Assert(err, IsNil)
-	c.Check(a.Type(), Equals, asserts.AccountKeyType)
-	accKey := a.(*asserts.AccountKey)
-	c.Check(accKey.AccountID(), Equals, "acc-id1")
-	c.Check(accKey.Name(), Equals, "")
-	c.Check(accKey.PublicKeyID(), Equals, aks.keyID)
-	c.Check(accKey.Since(), Equals, aks.since)
-}
-
 func (aks *accountKeySuite) TestUntil(c *C) {
 
	untilSinceLine := "until: " + aks.since.Format(time.RFC3339) + "\n"
@@ -164,8 +143,7 @@ func (aks *accountKeySuite) TestDecodeInvalidHeaders(c *C) {
	invalidHeaderTests := []struct{ original, invalid, expectedErr string }{
	{"account-id: acc-id1\n", "", `"account-id" header is mandatory`},
	{"account-id: acc-id1\n", "account-id: \n", `"account-id" header should not be empty`},
-	// XXX: enable this once name is mandatory
-	// {"name: default\n", "", `"name" header is mandatory`},
+	{"name: default\n", "", `"name" header is mandatory`},
	{"name: default\n", "name: \n", `"name" header should not be empty`},
	{"name: default\n", "name: a b\n", `"name" header contains invalid characters: "a b"`},
	{"name: default\n", "name: -default\n", `"name" header contains invalid characters: "-default"`},
diff --git a/asserts/assertstest/assertstest.go b/asserts/assertstest/assertstest.go
index 45a7d69d3b..45d605200c 100644
--- a/asserts/assertstest/assertstest.go
+++ b/asserts/assertstest/assertstest.go
@@ -192,6 +192,9 @@ func NewAccountKey(db SignerDB, acct *asserts.Account, otherHeaders map[string]i
	}
	otherHeaders["account-id"] = acct.AccountID()
	otherHeaders["public-key-sha3-384"] = pubKey.ID()
+	if otherHeaders["name"] == nil {
+	otherHeaders["name"] = "default"
+	}
	if otherHeaders["since"] == nil {
	otherHeaders["since"] = time.Now().Format(time.RFC3339)
	}
@@ -272,6 +275,7 @@ func NewStoreStack(authorityID string, rootPrivKey, storePrivKey asserts.Private
	"timestamp": ts,
	}, "")
	trustedKey := NewAccountKey(rootSigning, trustedAcct, map[string]interface{}{
+	"name": "root",
	"since": ts,
	}, rootPrivKey.PublicKey(), "")
	trusted := []asserts.Assertion{trustedAcct, trustedKey}
@@ -287,7 +291,9 @@ func NewStoreStack(authorityID string, rootPrivKey, storePrivKey asserts.Private
	if err != nil {
	panic(err)
	}
-	storeKey := NewAccountKey(rootSigning, trustedAcct, nil, storePrivKey.PublicKey(), "")
+	storeKey := NewAccountKey(rootSigning, trustedAcct, map[string]interface{}{
+	"name": "store",
+	}, storePrivKey.PublicKey(), "")
	err = db.Add(storeKey)
	if err != nil {
	panic(err)
diff --git a/asserts/assertstest/assertstest_test.go b/asserts/assertstest/assertstest_test.go
index 1cdb33dacf..3c1b0c9b18 100644
--- a/asserts/assertstest/assertstest_test.go
+++ b/asserts/assertstest/assertstest_test.go
@@ -84,6 +84,7 @@ func (s *helperSuite) TestStoreStack(c *C) {
	c.Check(store.TrustedAccount.IsCertified(), Equals, true)
 
	c.Check(store.TrustedKey.AccountID(), Equals, "super")
+	c.Check(store.TrustedKey.Name(), Equals, "root")
 
	db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
	Backstore: asserts.NewMemoryBackstore(),
@@ -97,6 +98,7 @@ func (s *helperSuite) TestStoreStack(c *C) {
	c.Check(storeAccKey.AccountID(), Equals, "super")
	c.Check(storeAccKey.AccountID(), Equals, store.AuthorityID)
	c.Check(storeAccKey.PublicKeyID(), Equals, store.KeyID)
+	c.Check(storeAccKey.Name(), Equals, "store")
 
	acct := assertstest.NewAccount(store, "devel1", nil, "")
	c.Check(acct.Username(), Equals, "devel1")
@@ -115,4 +117,6 @@ func (s *helperSuite) TestStoreStack(c *C) {
 
	err = db.Add(acctKey)
	c.Assert(err, IsNil)
+
+	c.Check(acctKey.Name(), Equals, "default")
 }
diff --git a/asserts/database_test.go b/asserts/database_test.go
index e78b5d9104..20a2de22cc 100644
--- a/asserts/database_test.go
+++ b/asserts/database_test.go
@@ -671,6 +671,7 @@ func (safs *signAddFindSuite) TestDontLetAddConfusinglyAssertionClashingWithTrus
	"authority-id": "canonical",
	"account-id": "canonical",
	"public-key-sha3-384": safs.signingKeyID,
+	"name": "default",
	"since": now.Format(time.RFC3339),
	"until": now.AddDate(1, 0, 0).Format(time.RFC3339),
	}
diff --git a/asserts/gpgkeypairmgr.go b/asserts/gpgkeypairmgr.go
index f048f538e3..9024975172 100644
--- a/asserts/gpgkeypairmgr.go
+++ b/asserts/gpgkeypairmgr.go
@@ -200,6 +200,8 @@ func (gkm *GPGKeypairManager) Walk(consider func(privk PrivateKey, fingerprint s
	switch {
	case strings.HasPrefix(lines[k], "fpr:"):
	fprFields := strings.Split(lines[k], ":")
+	// extract "Field 10 - User-ID"
+	// A FPR record stores the fingerprint here.
	if len(fprFields) < 10 {
	break Loop
	}
@@ -213,6 +215,7 @@ func (gkm *GPGKeypairManager) Walk(consider func(privk PrivateKey, fingerprint s
	}
	case strings.HasPrefix(lines[k], "uid:"):
	uidFields := strings.Split(lines[k], ":")
+	// extract "*** Field 10 - User-ID"
	if len(uidFields) < 10 {
	break Loop
	}
diff --git a/asserts/systestkeys/trusted.go b/asserts/systestkeys/trusted.go
index 72390457de..90834f6823 100644
--- a/asserts/systestkeys/trusted.go
+++ b/asserts/systestkeys/trusted.go
@@ -113,6 +113,7 @@ C0QC8xuHSvOv3YRtzKna3smAfRlB
 authority-id: testrootorg
 public-key-sha3-384: hIedp1AvrWlcDI4uS_qjoFLzjKl5enu4G2FYJpgB3Pj-tUzGlTQBxMBsBmi-tnJR
 account-id: testrootorg
+name: test-root
 since: 2016-08-11T18:30:57+02:00
 body-length: 717
 sign-key-sha3-384: hIedp1AvrWlcDI4uS_qjoFLzjKl5enu4G2FYJpgB3Pj-tUzGlTQBxMBsBmi-tnJR
@@ -128,16 +129,16 @@ a1zzJoTKTqYWX9B+ZfENGKJUnhTP0x7Cm6lg3EUGay/b5hsA4DBoqShuf/N0jVLojdhxi3Ck/DBN
 lqCD0zy4uzvinjX+b4ay+LKBE3N15AsfEkWIwzI+1OdDlOWWqOxJkM6lrQ5hRQ1fHZoCiGjHbjeE
 1RIFO2TAw2tpyUcAEQEAAQ==
 
-AcLBUgQAAQoABgUCV6yoQQAAAaQQAJ+6saqG2DElfKZBbmthhlN8fHXSR8RX5LnbfE5zd4vTbthC
-//MjJtpUwq5vpM1/XB9p8cGZD1UlEdUa8l9N8oGSfJARZ+rAsPLlguzSoV4p6ph16HPlvBVt5npB
-DqK/Oxw+mtx2cnxn8X9Zw3wyz4mXp3cuu7PwSQvFSvcrxoNIOVkaHYEytQqqvZp8Lq1AirllGEL8
-EocRLOiG0O99P3BJytLWLYePRJ6qToiz58WuZEVj2lkC+HqrIoVrjgFAUlq100R15xgc4WtNFdWr
-hInauQxco+/vwHvCgxa/Ky+dABY/W+D9fuM7kjrhh/zqQiiIRGhfAndoi9I7Q/FISrECckZEN0yb
-N3ntOkTJpCnonTfGW6S0VDfGjQreekEU4nwYk3ewdCDY9n9N4zOPmylqU3u2lLJJNsi9rHWWYTOM
-9tXI1yocgrbKaQ8WQQeBQx0SVFdWOl+NvsGcKvs/7qm7SWr/pXo4F+MabqIzX1bb/WvgarpDiGYB
-p+ELFp1KRq+vS0qtP1fggrhyGmuQFeSf411cXKa21h870GcaBlmbZZMB/C1lD5fPG1WsrT7DO2Yu
-Uhf1Q4y+kAgxqL7zZUqJogpxNgw3He66uB7V7hf/UpOfFNeQZaZDCfSzbz/fNzNvNaqiMh6OUrbd
-k9v1ImHrPI6+o+xjCbMc2xdRcvM+
+AcLBXAQAAQoABgUCV8656QAKCRBMcZp594FxpNWlEADQgBlROdBTHpdZ3/9BbasxenUC3VXusMeK
+0DmnsHrsAsyVk6xiHQQ3hWxvXKWoDkDsOhUqcQTsDBcIaZ18+qwpQciyItd+w3d7SSJ+MKSUpwsB
+NOdgw1ykj7l1M/W7xAAPscFoV1xVSk9+rsLYFYDe23R+ecyotSmF+4QHj5b+hXeVIOUaqQTl5xPC
+h0zVYNIUWv42q4Z+hiBS8+8UJ0G+7z/27XORkGHY6TXCt0aph7s5egr8Lm+/jq7c95HVsa7DwSpv
+SqPajRnlyLiHFXUYAUPEU9oDgPwtLsqUkFfrv1WZ3ja1rDexgKBta+8BRyCAq3gPcMAjhiHXdjoW
+90p893l9N6K82RiEOO9ic0pEezjQldg97oU+ajXNm3ryns+HX6hRd39rpzIsrbVdbCqun4RwMbCM
+EVxgC/cuxMGcS40Co3O8wG3H/WIWOqcRQfolQTexmyzQljYt9WyWJdXmtPtaMzQGbOqE/dIjOK9j
+xvrghVU4kX6fJFwPi+azMrluHV+WGSVxPCuLW8o2aipjOd1/bUQCL5OwRuaEWuLCiV01J8H/JjWV
+hL4gGVqEM2KEPIDwY2yqX36jE7uN9O+mIPnS4Tdj0JQ5ZD1qh34wv+4QvhgNeyP120nuS1ykO9X0
+A806uPC5QK1+cgRMUz8zJ0afDNwE/DvpBQvE5CIi9A==
 `
 
	TestStorePrivKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
@@ -204,6 +205,7 @@ o7ZSZ/h/bUY1EjE2
 authority-id: testrootorg
 public-key-sha3-384: XCIC_Wvj9_hiAt0b10sDon74oGr3a6xGODkMZqrj63ZzNYUD5N87-ojjPoeN7f1Y
 account-id: testrootorg
+name: test-store
 since: 2016-08-11T18:42:22+02:00
 body-length: 717
 sign-key-sha3-384: hIedp1AvrWlcDI4uS_qjoFLzjKl5enu4G2FYJpgB3Pj-tUzGlTQBxMBsBmi-tnJR
@@ -219,16 +221,16 @@ iAIwA4DpGMmFJ26maqVzJuiLvicri2FR/sJaSA24N8HbGne3gSS7WrSQS+jKe3IZPVy64NCoGvrW
 o/HvTeqsIfihKPEpXm8QVtjNhtkVn3RdIUgOaNWyAfnZ4dW1TVIATe+OHDw2TNyImTjE0x75nL6B
 1/Rrn+9VP9Swhv8AEQEAAQ==
 
-AcLBUgQAAQoABgUCV6yq7gAAhaYQAMIVYhta2uUvm5PXApdXmZFWr+iZYfkAZW8PEMOsuYVHbDoH
-oA7dpO0EwZXl/mCgGjNNc4nUmqQLBiIwwrcnmcYSRl2Xz+u+ssou4YMueXOD2tHo1N2J39SKpS72
-VqQsnF77Qylgdp2j7Q9lJrU0qHz0M195OJXNSppfdHYeWptfsO02cApPobU9s6KT5VggVg1ushNM
-1u97A+uvoClfJ53PPafC0kr1+vwFVPj+mko4gc7sIB42xwz+YeR47CgSaT8i8K1u5ouaHCNxe61+
-siQxAdIOv+hOAWAOMoOWZjxh5K7J9A1Dc18EMyggf716IUCBtkvDKfwcXFcoic1X6EVPO5kNhlh7
-aLFS8UVsBPaZKnJm3ZFudhYQUmZt22ntslgGrq9+NBeh9i6nswUPKdj2idHkyQsjnYgYyTpEH/xh
-sBqkqkedPkUtn+tP5dS4TP/L3Xq/q2tQbA4+gNVbZXIo8g8wfpsP8+sIOnEV5UcoxaO3oI3YUJrN
-oFGmC7No802XKG1ZNHhBtMSaan0pafWrBrHn+axT9Jbl/1B73TYg3zQWOpDuSpH3SU+gXJ/eukUb
-LvC8UWZM9YEhu/ZINSvSDQzvobV/NVrHWEJBXxrc3CwseFDgQq+Yz/CFGud79z2mS8lNHKSqQdFK
-3Bd0HG1HheYcX0nGIva0KIG0Sgf/
+AcLBXAQAAQoABgUCV866kwAKCRBMcZp594FxpHWHD/9AaZXqyT/Zsmq/VzmAMpd9JvCH4PHQKtAP
+bXfP2Dnpa2wk2wuzQuSWunR8NDRyVh/aNVeTEZ9dFm/B8LR+U2O4rsHmFSeicmsTmo9u/HouRdEU
+zeSc6cbAxMPpfNSjr5J+URLjGRT6oX5fEBmRPx/OC9pEIScMx7uKmTKEnuyMzLRNN/6HiGWKrFCo
+nJdKkwRXrkCHyXWAOv1GumT7NDuyFcjAqt/UdHliTZkDBImKOsBmBVXMUjg7HCSS2uq/5WjStJ+B
+JHQ4GSsXBvVINs6BncNWcvV6mCQ73D57MzGhqo997Zb4tSrn7UNGWK7GLCzV3e/pFlG7pw6HbgnQ
++rxU2Oj/TPVw0tcnUiRl2ttKpm+nua0Cl+MD+Gx0KXLAVp0ZGOQ9yGyP9AePFzcOR8SlRIgxi0EI
+iJkSeYilqoKo3AJhnICRiqvAca2TGJoiJUryEgZ8jbTOElfaF2p+y0xvXGlWbKZm1gzGyvFM5fV5
+hJTlp/am+2uVn6U8wPACir4PrbuXYo7L4MIXww2OEO0ruBIaLARbc5IutSWmw6AEYQUxtsa9bdHV
+Zin7LGbEj6lZm8GycWQwh4B6Vnt6dJRIyPc/9G7uM8Ds/2Wa7+yAxhiPqm8DwlbOYh1npw4X4TLD
+IMGnTv5N3zllI+Xz4rqJzNTzEbvOIcrqWxCedQe79A==
 `
 )