diff options
| -rw-r--r-- | cmdline/apt-key.in | 15 | ||||
| -rw-r--r-- | methods/gpgv.cc | 3 | ||||
| -rwxr-xr-x | test/integration/test-releasefile-verification | 13 |
3 files changed, 31 insertions, 0 deletions
diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index e231d6f61..eab5805b0 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -466,8 +466,23 @@ if [ -z "$command" ]; then fi shift +find_gpgv_status_fd() { + while [ -n "$1" ]; do + if [ "$1" = '--status-fd' ]; then + shift + echo "$1" + break + fi + shift + done +} +GPGSTATUSFD="$(find_gpgv_status_fd "$@")" + warn() { echo >&2 'W:' "$@" + if [ -n "$GPGSTATUSFD" ]; then + echo >&${GPGSTATUSFD} '[APTKEY:] WARNING' "$@" + fi } create_gpg_home() { diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 473465ba6..3f16ac0e0 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -39,6 +39,7 @@ using std::vector; #define GNUPGKEYEXPIRED "[GNUPG:] KEYEXPIRED" #define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG" #define GNUPGNODATA "[GNUPG:] NODATA" +#define APTKEYWARNING "[APTKEY:] WARNING" struct Digest { enum class State { @@ -243,6 +244,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, ValidSigners.push_back(string(sig)); } + else if (strncmp(buffer, APTKEYWARNING, sizeof(APTKEYWARNING)-1) == 0) + Warning("%s", buffer + sizeof(APTKEYWARNING)); } fclose(pipein); free(buffer); diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 1b9b9512f..0510d6744 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -109,6 +109,19 @@ runtest() { " aptcache show apt installaptold + if [ "$(id -u)" != '0' ]; then + msgmsg 'Cold archive signed by' 'Joe Sixpack + unreadable key' + rm -rf rootdir/var/lib/apt/lists + echo 'foobar' > rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg + chmod 000 rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg + updatewithwarnings '^W: .* is not readable by user' + chmod 644 rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg + rm -f rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg + testsuccessequal "$(cat "${PKGFILE}") +" aptcache show apt + installaptold + fi + msgmsg 'Good warm archive signed by' 'Joe Sixpack' prepare "${PKGFILE}-new" signreleasefiles 'Joe Sixpack' |