summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Vogt <michael.vogt@ubuntu.com>2011-07-13 19:01:22 +0200
committerMichael Vogt <michael.vogt@ubuntu.com>2011-07-13 19:01:22 +0200
commitefd1da06d60b7ce4192fd3ca1fad55e018b7185e (patch)
treef053dc4d69583e36db1b5a210458439e7a49c13c
parent22ff82ff00da247da37fbaa136f34a9dc020e08b (diff)
fix from David Kalnischkies for the InRelease gpg verification
code (LP: #784473)
-rw-r--r--apt-pkg/indexcopy.cc21
-rw-r--r--debian/changelog9
-rw-r--r--methods/gpgv.cc13
3 files changed, 35 insertions, 8 deletions
diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc
index 064fb007c..31c577705 100644
--- a/apt-pkg/indexcopy.cc
+++ b/apt-pkg/indexcopy.cc
@@ -664,6 +664,21 @@ bool SigVerify::CopyAndVerify(string CDROM,string Name,vector<string> &SigList,
bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG,
int const &statusfd, int fd[2])
{
+ if (File == FileGPG)
+ {
+ #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n"
+ char buffer[sizeof(SIGMSG)];
+ FILE* gpg = fopen(File.c_str(), "r");
+ if (gpg == NULL)
+ return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str());
+ char const * const test = fgets(buffer, sizeof(buffer), gpg);
+ fclose(gpg);
+ if (test == NULL || strcmp(buffer, SIGMSG) != 0)
+ return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str());
+ #undef SIGMSG
+ }
+
+
string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
// FIXME: remove support for deprecated APT::GPGV setting
string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted"));
@@ -688,7 +703,11 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG,
Args.reserve(30);
if (keyrings.empty() == true)
- return false;
+ {
+ // TRANSLATOR: %s is the trusted keyring parts directory
+ return _error->Error(_("No keyring installed in %s."),
+ _config->FindDir("Dir::Etc::TrustedParts").c_str());
+ }
Args.push_back(gpgvpath.c_str());
Args.push_back("--ignore-time-conflict");
diff --git a/debian/changelog b/debian/changelog
index f337f734c..c1d76a5be 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,14 @@
-apt (0.8.15.1ubuntu2) UNRELEASED; urgency=low
+apt (0.8.15.1ubuntu2) oneiric; urgency=low
+ [ Brian Murray ]
* apt-pkg/deb/dpkgpm.cc:
- do not report errors encountered when decompressing packages
+
+ [ Michael Vogt ]
+ * fix from David Kalnischkies for the InRelease gpg verification
+ code (LP: #784473)
- -- Brian Murray <brian@ubuntu.com> Tue, 12 Jul 2011 16:05:37 -0700
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 13 Jul 2011 14:42:02 +0200
apt (0.8.15.1ubuntu1) oneiric; urgency=low
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index efe1f73f7..960c06180 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -65,13 +65,16 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
return string("Couldn't spawn new process") + strerror(errno);
else if (pid == 0)
{
- if (SigVerify::RunGPGV(outfile, file, 3, fd) == false)
+ _error->PushToStack();
+ bool const success = SigVerify::RunGPGV(outfile, file, 3, fd);
+ if (success == false)
{
- // TRANSLATOR: %s is the trusted keyring parts directory
- ioprintf(ret, _("No keyring installed in %s."),
- _config->FindDir("Dir::Etc::TrustedParts").c_str());
- return ret.str();
+ string errmsg;
+ _error->PopMessage(errmsg);
+ _error->RevertToStack();
+ return errmsg;
}
+ _error->RevertToStack();
exit(111);
}
close(fd[1]);