diff options
| author | Julian Andres Klode <jak@debian.org> | 2016-05-12 10:04:19 +0200 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2016-05-15 19:42:13 +0200 |
| commit | 71203dbf00cbb259fb59e8daf0543a45394b6623 (patch) | |
| tree | 756f953f53e8e536527f12f0c77f36cfe0861c54 | |
| parent | a9fd02dec56bcb3d7485ae286fad665aeed7cda4 (diff) | |
Normalize Signed-By values by removing trailing commas everywhere
This fixes comparisons where either the stored or the input string
have a trailing comma.
| -rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 15 | ||||
| -rwxr-xr-x | test/integration/test-releasefile-verification-noflat | 25 |
2 files changed, 36 insertions, 4 deletions
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 71aee3f72..f756cdb1f 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -687,12 +687,19 @@ bool debReleaseIndex::SetSignedBy(std::string const &pSignedBy) std::stringstream os; std::copy(fingers.begin(), fingers.end(), std::ostream_iterator<std::string>(os, ",")); SignedBy = os.str(); - while (SignedBy[SignedBy.size() - 1] == ',') - SignedBy.resize(SignedBy.size() - 1); } + // Normalize the string: Remove trailing commas + while (SignedBy[SignedBy.size() - 1] == ',') + SignedBy.resize(SignedBy.size() - 1); + } + else { + // Only compare normalized strings + auto pSignedByView = APT::StringView(pSignedBy); + while (pSignedByView[pSignedByView.size() - 1] == ',') + pSignedByView = pSignedByView.substr(0, pSignedByView.size() - 1); + if (pSignedByView != SignedBy) + return _error->Error(_("Conflicting values set for option %s regarding source %s %s: %s != %s"), "Signed-By", URI.c_str(), Dist.c_str(), SignedBy.c_str(), pSignedByView.to_string().c_str()); } - else if (SignedBy != pSignedBy) - return _error->Error(_("Conflicting values set for option %s regarding source %s %s: %s != %s"), "Signed-By", URI.c_str(), Dist.c_str(), SignedBy.c_str(), pSignedBy.c_str()); return true; } /*}}}*/ diff --git a/test/integration/test-releasefile-verification-noflat b/test/integration/test-releasefile-verification-noflat new file mode 100755 index 000000000..3953c6492 --- /dev/null +++ b/test/integration/test-releasefile-verification-noflat @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture "i386" + +export APT_DONT_SIGN='Release.gpg' +insertpackage 'unstable' 'foo' 'i386' '1.0' +setupaptarchive "now" "now + 1 year" +changetowebserver + +SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + +testsuccess aptget update + +msgmsg 'Warm archive with signed-by' 'Joe Sixpack' +sed -i "/^Valid-Until: / a\ +Signed-By: ${SIXPACK}" rootdir/var/lib/apt/lists/*Release +touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release +testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} unstable InRelease [$(stat -c '%s' 'aptarchive/dists/unstable/InRelease') B] +Reading package lists..." aptget update +testsuccess aptcache show foo |