implement Signed-By option for sources.list

Limits which key(s) can be used to sign a repository. Not immensely useful from a security perspective all by itself, but if the user has additional measures in place to confine a repository (like pinning) an attacker who gets the key for such a repository is limited to its potential and can't use the key to sign its attacks for an other (maybe less limited) repository… (yes, this is as weak as it sounds, but having the capability might come in handy for implementing other stuff later).
author: David Kalnischkies <david@kalnischkies.de> 2015-06-24 19:31:22 +0200
committer: David Kalnischkies <david@kalnischkies.de> 2015-08-10 17:25:26 +0200
commit: b0d408547734100bf86781615f546487ecf390d9 (patch)
tree: 8e88e2394ce15a4ac5a070b59a0cf4b74d748859 /apt-pkg/metaindex.h
parent: 0741daeb7ab870b4dd62a93fa12a1cf6330f9a72 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/apt-pkg/metaindex.h b/apt-pkg/metaindex.h
index 5be7397ae..d284655bf 100644
--- a/apt-pkg/metaindex.h
+++ b/apt-pkg/metaindex.h
@@ -52,7 +52,7 @@ protected:
    std::string URI;
    std::string Dist;
    TriState Trusted;
-   TriState LoadedSuccessfully;
+   std::string SignedBy;
 
    // parsed from a file
    std::string Suite;
@@ -61,6 +61,7 @@ protected:
    time_t ValidUntil;
    bool SupportsAcquireByHash;
    std::map<std::string, checkSum *> Entries;
+   TriState LoadedSuccessfully;
 
 public:
    // Various accessors
@@ -68,6 +69,7 @@ public:
    std::string GetDist() const;
    const char* GetType() const;
    TriState GetTrusted() const;
+   std::string GetSignedBy() const;
 
    std::string GetCodename() const;
    std::string GetSuite() const;
author	David Kalnischkies <david@kalnischkies.de>	2015-06-24 19:31:22 +0200
committer	David Kalnischkies <david@kalnischkies.de>	2015-08-10 17:25:26 +0200
commit	b0d408547734100bf86781615f546487ecf390d9 (patch)
tree	8e88e2394ce15a4ac5a070b59a0cf4b74d748859 /apt-pkg/metaindex.h
parent	0741daeb7ab870b4dd62a93fa12a1cf6330f9a72 (diff)