Revert "Treat SHA1 as Weak rather than untrusted. Add hardcoded exceptions for Modmyi/Zodttd/Bigboss to silence errors"

This reverts commit 0a4d0898091e9a6ff584f14d310a13f61fb3d9a3.

4 files changed, 7 insertions, 19 deletions

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index fb47bc676..bb3bc1b56 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -257,7 +257,7 @@ static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType const ms
 
    if (TargetIsAllowedToBe(TransactionManager->Target, msg) == true)
    {
-      //MessageInsecureRepository(false, msgstr, repo);
+      MessageInsecureRepository(false, msgstr, repo);
       return true;
    }
 
@@ -1608,7 +1608,7 @@ void pkgAcqMetaClearSig::QueueIndexes(bool const verify)			/*{{{*/
 	    }
 
 	    // optional targets that we do not have in the Release file are skipped
-	    if (Target.IsOptional)
+	    if (hasHashes == true && Target.IsOptional)
 	    {
 	       new CleanupItem(Owner, TransactionManager, Target);
 	       continue;
@@ -1724,12 +1724,6 @@ void pkgAcqMetaClearSig::QueueIndexes(bool const verify)			/*{{{*/
       }
       else
       {
-
-         if (Target.IsOptional){
-            new CleanupItem(Owner, TransactionManager, Target);
-            continue;
-         }
-
 	 // if we have no file to patch, no point in trying
 	 trypdiff &= (GetExistingFilename(GetFinalFileNameFromURI(Target.URI)).empty() == false);
       }
diff --git a/apt-pkg/contrib/hashes.cc b/apt-pkg/contrib/hashes.cc
index fd8b12355..98b92cc81 100644
--- a/apt-pkg/contrib/hashes.cc
+++ b/apt-pkg/contrib/hashes.cc
@@ -140,6 +140,8 @@ APT_PURE bool HashString::usable() const				/*{{{*/
 {
    return (
       (Type != "Checksum-FileSize") &&
+      (Type != "MD5Sum") &&
+      (Type != "SHA1") &&
       !IsConfigured(Type.c_str(), "Untrusted")
    );
 }
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 2039f8308..98bac7a70 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -523,12 +523,11 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
    }
 
    bool AuthPossible = false;
-   /*if(FoundHashSum == false)
+   if(FoundHashSum == false)
       _error->Warning(_("No Hash entry in Release file %s"), Filename.c_str());
    else if(FoundStrongHashSum == false)
       _error->Warning(_("No Hash entry in Release file %s which is considered strong enough for security purposes"), Filename.c_str());
-   else*/
-   if (FoundHashSum && FoundStrongHashSum)
+   else
       AuthPossible = true;
 
    std::string const StrDate = Section.FindS("Date");
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index e9f3c9d07..f66e3356f 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -68,7 +68,7 @@ struct Digest {
 static constexpr Digest Digests[] = {
    {Digest::State::Untrusted, "Invalid digest"},
    {Digest::State::Untrusted, "MD5"},
-   {Digest::State::Weak, "SHA1"},
+   {Digest::State::Untrusted, "SHA1"},
    {Digest::State::Untrusted, "RIPE-MD/160"},
    {Digest::State::Trusted, "Reserved digest"},
    {Digest::State::Trusted, "Reserved digest"},
@@ -233,13 +233,6 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
          auto const sig = tokens[0];
          // Reject weak digest algorithms
          Digest digest = FindDigest(tokens[7]);
-         if (sig == "CFC100B9AA5CDC6430F2E9B5AA011AC1718BABDF" || //ZodTTD
-            sig == "EB22AD483B83E9A7460D86F387F92E166197E890" || //ModMyi
-            sig == "A9C96A37115894A23B894107694D17D38764B4F4"){ //BigBoss
-            if (tokens[7] == "2"){
-               digest = {Digest::State::Trusted, "SHA1"};
-            }
-         }
          switch (digest.getState()) {
          case Digest::State::Weak:
             // Treat them like an expired key: For that a message about expiry