* apt-pkg/deb/debindexfile.cc,

  apt-pkg/deb/deblistparser.cc:
  - use OpenMaybeClearSignedFile to be free from detecting and
    skipping clearsigning metadata in dsc and Release files

We can't write a "clean" file to disk as not all acquire methods copy
Release files before checking them (e.g. cdrom), so this reverts recombining,
but uses the method we use for dsc files also in the two places we
deal with Release files

5 files changed, 15 insertions, 69 deletions

diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index fc16dd32c..7e244c623 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -215,7 +215,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
 	 UNLINK_EXIT(EINTERNAL);
       }
 #undef UNLINK_EXIT
-      // we don't need the files any longer as we have the filedescriptors still open
+      // we don't need the files any longer
       unlink(sig);
       unlink(data);
       free(sig);
@@ -235,52 +235,12 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
 	 exit(WEXITSTATUS(Status));
       }
 
-      /* looks like its fine. Our caller will check the status fd,
-	 but we construct a good-known clear-signed file without garbage
-	 and other non-sense. In a perfect world, we get the same file,
-	 but empty lines, trailing whitespaces and stuff makes it inperfect … */
-      if (RecombineToClearSignedFile(File, dataFd, dataHeader, sigFd) == false)
-      {
-	 _error->DumpErrors(std::cerr);
-	 exit(EINTERNAL);
-      }
-
-      // everything fine, we have a clean file now!
+      // everything fine
       exit(0);
    }
    exit(EINTERNAL); // unreachable safe-guard
 }
 									/*}}}*/
-// RecombineToClearSignedFile - combine data/signature to message	/*{{{*/
-bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile,
-      std::vector<std::string> const &ContentHeader, int const SignatureFile)
-{
-   FILE *clean_file = fopen(OutFile.c_str(), "w");
-   fputs("-----BEGIN PGP SIGNED MESSAGE-----\n", clean_file);
-   for (std::vector<std::string>::const_iterator h = ContentHeader.begin(); h != ContentHeader.end(); ++h)
-      fprintf(clean_file, "%s\n", h->c_str());
-   fputs("\n", clean_file);
-
-   FILE *data_file = fdopen(ContentFile, "r");
-   FILE *sig_file = fdopen(SignatureFile, "r");
-   if (data_file == NULL || sig_file == NULL)
-   {
-      fclose(clean_file);
-      return _error->Error("Couldn't open splitfiles to recombine them into %s", OutFile.c_str());
-   }
-   char *buf = NULL;
-   size_t buf_size = 0;
-   while (getline(&buf, &buf_size, data_file) != -1)
-      fputs(buf, clean_file);
-   fclose(data_file);
-   fputs("\n", clean_file);
-   while (getline(&buf, &buf_size, sig_file) != -1)
-      fputs(buf, clean_file);
-   fclose(sig_file);
-   fclose(clean_file);
-   return true;
-}
-									/*}}}*/
 // SplitClearSignedFile - split message into data/signature		/*{{{*/
 bool SplitClearSignedFile(std::string const &InFile, int const ContentFile,
       std::vector<std::string> * const ContentHeader, int const SignatureFile)
diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h
index ab7d35ab1..8cbe553bc 100644
--- a/apt-pkg/contrib/gpgv.h
+++ b/apt-pkg/contrib/gpgv.h
@@ -69,20 +69,6 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig,
 bool SplitClearSignedFile(std::string const &InFile, int const ContentFile,
       std::vector<std::string> * const ContentHeader, int const SignatureFile);
 
-/** \brief recombines message and signature to an inline signature
- *
- *  Reverses the splitting down by #SplitClearSignedFile by writing
- *  a well-formed clear-signed message without unsigned messages,
- *  additional signed messages or just trailing whitespaces
- *
- *  @param OutFile will be clear-signed file
- *  @param ContentFile is the Fd the message will be read from
- *  @param ContentHeader is a list of all required Amored Headers for the message
- *  @param SignatureFile is the Fd all signatures will be read from
- */
-bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile,
-      std::vector<std::string> const &ContentHeader, int const SignatureFile);
-
 /** \brief open a file which might be clear-signed
  *
  * This method tries to extract the (signed) message of a file.
diff --git a/apt-pkg/deb/debindexfile.cc b/apt-pkg/deb/debindexfile.cc
index de645bb6e..909dfcf47 100644
--- a/apt-pkg/deb/debindexfile.cc
+++ b/apt-pkg/deb/debindexfile.cc
@@ -22,6 +22,7 @@
 #include <apt-pkg/strutl.h>
 #include <apt-pkg/acquire-item.h>
 #include <apt-pkg/debmetaindex.h>
+#include <apt-pkg/gpgv.h>
 
 #include <sys/stat.h>
 									/*}}}*/
@@ -337,7 +338,12 @@ bool debPackagesIndex::Merge(pkgCacheGenerator &Gen,OpProgress *Prog) const
 
    if (releaseExists == true || FileExists(ReleaseFile) == true)
    {
-      FileFd Rel(ReleaseFile,FileFd::ReadOnly);
+      FileFd Rel;
+      // Beware: The 'Release' file might be clearsigned in case the
+      // signature for an 'InRelease' file couldn't be checked
+      if (OpenMaybeClearSignedFile(ReleaseFile, Rel) == false)
+	 return false;
+
       if (_error->PendingError() == true)
 	 return false;
       Parser.LoadReleaseInfo(File,Rel,Section);
diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
index b84bd6fdd..2c014a734 100644
--- a/apt-pkg/deb/deblistparser.cc
+++ b/apt-pkg/deb/deblistparser.cc
@@ -800,13 +800,12 @@ bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator &FileI,
    map_ptrloc const storage = WriteUniqString(component);
    FileI->Component = storage;
 
-   // FIXME: Code depends on the fact that Release files aren't compressed
+   // FIXME: should use FileFd and TagSection
    FILE* release = fdopen(dup(File.Fd()), "r");
    if (release == NULL)
       return false;
 
    char buffer[101];
-   bool gpgClose = false;
    while (fgets(buffer, sizeof(buffer), release) != NULL)
    {
       size_t len = 0;
@@ -818,15 +817,6 @@ bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator &FileI,
       if (buffer[len] == '\0')
 	 continue;
 
-      // only evalute the first GPG section
-      if (strncmp("-----", buffer, 5) == 0)
-      {
-	 if (gpgClose == true)
-	    break;
-	 gpgClose = true;
-	 continue;
-      }
-
       // seperate the tag from the data
       const char* dataStart = strchr(buffer + len, ':');
       if (dataStart == NULL)
diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc
index af2639beb..1461a24bb 100644
--- a/apt-pkg/indexrecords.cc
+++ b/apt-pkg/indexrecords.cc
@@ -12,6 +12,7 @@
 #include <apt-pkg/configuration.h>
 #include <apt-pkg/fileutl.h>
 #include <apt-pkg/hashes.h>
+#include <apt-pkg/gpgv.h>
 
 #include <sys/stat.h>
 #include <clocale>
@@ -57,7 +58,10 @@ bool indexRecords::Exists(string const &MetaKey) const
 
 bool indexRecords::Load(const string Filename)				/*{{{*/
 {
-   FileFd Fd(Filename, FileFd::ReadOnly);
+   FileFd Fd;
+   if (OpenMaybeClearSignedFile(Filename, Fd) == false)
+      return false;
+
    pkgTagFile TagFile(&Fd, Fd.Size() + 256); // XXX
    if (_error->PendingError() == true)
    {