fix from David Kalnischkies for the InRelease gpg verification

code (LP: #784473)

3 files changed, 35 insertions, 8 deletions

diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc
index 064fb007c..31c577705 100644
--- a/apt-pkg/indexcopy.cc
+++ b/apt-pkg/indexcopy.cc
@@ -664,6 +664,21 @@ bool SigVerify::CopyAndVerify(string CDROM,string Name,vector<string> &SigList,
 bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG,
 			int const &statusfd, int fd[2])
 {
+   if (File == FileGPG)
+   {
+      #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n"
+      char buffer[sizeof(SIGMSG)];
+      FILE* gpg = fopen(File.c_str(), "r");
+      if (gpg == NULL)
+	 return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str());
+      char const * const test = fgets(buffer, sizeof(buffer), gpg);
+      fclose(gpg);
+      if (test == NULL || strcmp(buffer, SIGMSG) != 0)
+	 return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str());
+      #undef SIGMSG
+   }
+
+
    string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
    // FIXME: remove support for deprecated APT::GPGV setting
    string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted"));
@@ -688,7 +703,11 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG,
    Args.reserve(30);
 
    if (keyrings.empty() == true)
-      return false;
+   {
+      // TRANSLATOR: %s is the trusted keyring parts directory
+      return _error->Error(_("No keyring installed in %s."),
+			   _config->FindDir("Dir::Etc::TrustedParts").c_str());
+   }
 
    Args.push_back(gpgvpath.c_str());
    Args.push_back("--ignore-time-conflict");
diff --git a/debian/changelog b/debian/changelog
index f337f734c..c1d76a5be 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,14 @@
-apt (0.8.15.1ubuntu2) UNRELEASED; urgency=low
+apt (0.8.15.1ubuntu2) oneiric; urgency=low
 
+  [ Brian Murray ]
   * apt-pkg/deb/dpkgpm.cc:
    - do not report errors encountered when decompressing packages
+  
+  [ Michael Vogt ]
+  * fix from David Kalnischkies for the InRelease gpg verification 
+    code (LP: #784473)
 
- -- Brian Murray <brian@ubuntu.com>  Tue, 12 Jul 2011 16:05:37 -0700
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 13 Jul 2011 14:42:02 +0200
 
 apt (0.8.15.1ubuntu1) oneiric; urgency=low
 
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index efe1f73f7..960c06180 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -65,13 +65,16 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
       return string("Couldn't spawn new process") + strerror(errno);
    else if (pid == 0)
    {
-      if (SigVerify::RunGPGV(outfile, file, 3, fd) == false)
+      _error->PushToStack();
+      bool const success = SigVerify::RunGPGV(outfile, file, 3, fd);
+      if (success == false)
       {
-	 // TRANSLATOR: %s is the trusted keyring parts directory
-	 ioprintf(ret, _("No keyring installed in %s."),
-		  _config->FindDir("Dir::Etc::TrustedParts").c_str());
-	 return ret.str();
+	 string errmsg;
+	 _error->PopMessage(errmsg);
+	 _error->RevertToStack();
+	 return errmsg;
       }
+      _error->RevertToStack();
       exit(111);
    }
    close(fd[1]);