diff options
| -rw-r--r-- | cmdline/apt-key.in | 15 | ||||
| -rw-r--r-- | methods/gpgv.cc | 3 | ||||
| -rwxr-xr-x | test/integration/test-releasefile-verification | 13 |
3 files changed, 31 insertions, 0 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index d34f59497..199903d61 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -474,12 +474,27 @@ if [ -z "$command" ]; then fi shift +find_gpgv_status_fd() { + while [ -n "$1" ]; do + if [ "$1" = '--status-fd' ]; then + shift + echo "$1" + break + fi + shift + done +} +GPGSTATUSFD="$(find_gpgv_status_fd "$@")" + warn() { if [ -z "$GPGHOMEDIR" ]; then echo >&2 'W:' "$@" else echo 'W:' "$@" > "${GPGHOMEDIR}/aptwarnings.log" fi + if [ -n "$GPGSTATUSFD" ]; then + echo >&${GPGSTATUSFD} '[APTKEY:] WARNING' "$@" + fi } cleanup_gpg_home() { diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 2fed53a39..f2ef6b76e 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -39,6 +39,7 @@ using std::vector; #define GNUPGEXPSIG "[GNUPG:] EXPSIG" #define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG" #define GNUPGNODATA "[GNUPG:] NODATA" +#define APTKEYWARNING "[APTKEY:] WARNING" struct Digest { enum class State { @@ -238,6 +239,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, ValidSigners.push_back(sig); } + else if (strncmp(buffer, APTKEYWARNING, sizeof(APTKEYWARNING)-1) == 0) + Warning("%s", buffer + sizeof(APTKEYWARNING)); } fclose(pipein); free(buffer); diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 20ca613da..e043fa8b5 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -107,6 +107,19 @@ runtest() { " aptcache show apt installaptold + if [ "$(id -u)" != '0' ]; then + msgmsg 'Cold archive signed by' 'Joe Sixpack + unreadable key' + rm -rf rootdir/var/lib/apt/lists + echo 'foobar' > rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg + chmod 000 rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg + updatewithwarnings '^W: .* is not readable by user' + chmod 644 rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg + rm -f rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg + testsuccessequal "$(cat "${PKGFILE}") +" aptcache show apt + installaptold + fi + msgmsg 'Good warm archive signed by' 'Joe Sixpack' prepare "${PKGFILE}-new" signreleasefiles 'Joe Sixpack' |