diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2016-04-29 10:16:42 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2016-05-01 10:50:24 +0200 |
| commit | 46e00c9062d09a642973e83a334483db1f310397 (patch) | |
| tree | 6c498258c3e0ffb7e330c82506bb94e9f749b41a /apt-pkg/deb/debmetaindex.cc | |
| parent | 5419a6ce20967902102358a07632ae3688788d62 (diff) | |
support multiple fingerprints in signed-by
A keyring file can include multiple keys, so its only fair for
transitions and such to support multiple fingerprints as well.
Diffstat (limited to 'apt-pkg/deb/debmetaindex.cc')
| -rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 71b208622..5b84ea5e8 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -627,19 +627,26 @@ bool debReleaseIndex::SetSignedBy(std::string const &pSignedBy) if (SignedBy.empty() == true && pSignedBy.empty() == false) { if (pSignedBy[0] == '/') // no check for existence as we could be chrooting later or such things - ; // absolute path to a keyring file + SignedBy = pSignedBy; // absolute path to a keyring file else { // we could go all fancy and allow short/long/string matches as gpgv/apt-key does, // but fingerprints are harder to fake than the others and this option is set once, // not interactively all the time so easy to type is not really a concern. - std::string finger = pSignedBy; - finger.erase(std::remove(finger.begin(), finger.end(), ' '), finger.end()); - std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper); - if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos) - return _error->Error(_("Invalid value set for option %s regarding source %s %s (%s)"), "Signed-By", URI.c_str(), Dist.c_str(), "not a fingerprint"); + auto fingers = VectorizeString(pSignedBy, ','); + std::transform(fingers.begin(), fingers.end(), fingers.begin(), [&](std::string finger) { + std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper); + if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos) + { + _error->Error(_("Invalid value set for option %s regarding source %s %s (%s)"), "Signed-By", URI.c_str(), Dist.c_str(), "not a fingerprint"); + return std::string(); + } + return finger; + }); + std::stringstream os; + std::copy(fingers.begin(), fingers.end(), std::ostream_iterator<std::string>(os, ",")); + SignedBy = os.str(); } - SignedBy = pSignedBy; } else if (SignedBy != pSignedBy) return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), "Signed-By", URI.c_str(), Dist.c_str()); |