summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmdline/apt-key.in15
-rw-r--r--methods/gpgv.cc3
-rwxr-xr-xtest/integration/test-releasefile-verification13
3 files changed, 31 insertions, 0 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index e231d6f61..eab5805b0 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -466,8 +466,23 @@ if [ -z "$command" ]; then
fi
shift
+find_gpgv_status_fd() {
+ while [ -n "$1" ]; do
+ if [ "$1" = '--status-fd' ]; then
+ shift
+ echo "$1"
+ break
+ fi
+ shift
+ done
+}
+GPGSTATUSFD="$(find_gpgv_status_fd "$@")"
+
warn() {
echo >&2 'W:' "$@"
+ if [ -n "$GPGSTATUSFD" ]; then
+ echo >&${GPGSTATUSFD} '[APTKEY:] WARNING' "$@"
+ fi
}
create_gpg_home() {
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 473465ba6..3f16ac0e0 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -39,6 +39,7 @@ using std::vector;
#define GNUPGKEYEXPIRED "[GNUPG:] KEYEXPIRED"
#define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG"
#define GNUPGNODATA "[GNUPG:] NODATA"
+#define APTKEYWARNING "[APTKEY:] WARNING"
struct Digest {
enum class State {
@@ -243,6 +244,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
ValidSigners.push_back(string(sig));
}
+ else if (strncmp(buffer, APTKEYWARNING, sizeof(APTKEYWARNING)-1) == 0)
+ Warning("%s", buffer + sizeof(APTKEYWARNING));
}
fclose(pipein);
free(buffer);
diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index 1b9b9512f..0510d6744 100755
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -109,6 +109,19 @@ runtest() {
" aptcache show apt
installaptold
+ if [ "$(id -u)" != '0' ]; then
+ msgmsg 'Cold archive signed by' 'Joe Sixpack + unreadable key'
+ rm -rf rootdir/var/lib/apt/lists
+ echo 'foobar' > rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg
+ chmod 000 rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg
+ updatewithwarnings '^W: .* is not readable by user'
+ chmod 644 rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg
+ rm -f rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg
+ testsuccessequal "$(cat "${PKGFILE}")
+" aptcache show apt
+ installaptold
+ fi
+
msgmsg 'Good warm archive signed by' 'Joe Sixpack'
prepare "${PKGFILE}-new"
signreleasefiles 'Joe Sixpack'