summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/contrib/gpgv.cc44
-rw-r--r--apt-pkg/contrib/gpgv.h14
-rw-r--r--apt-pkg/deb/debindexfile.cc8
-rw-r--r--apt-pkg/deb/deblistparser.cc12
-rw-r--r--apt-pkg/indexrecords.cc6
5 files changed, 15 insertions, 69 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index fc16dd32c..7e244c623 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -215,7 +215,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
UNLINK_EXIT(EINTERNAL);
}
#undef UNLINK_EXIT
- // we don't need the files any longer as we have the filedescriptors still open
+ // we don't need the files any longer
unlink(sig);
unlink(data);
free(sig);
@@ -235,52 +235,12 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
exit(WEXITSTATUS(Status));
}
- /* looks like its fine. Our caller will check the status fd,
- but we construct a good-known clear-signed file without garbage
- and other non-sense. In a perfect world, we get the same file,
- but empty lines, trailing whitespaces and stuff makes it inperfect … */
- if (RecombineToClearSignedFile(File, dataFd, dataHeader, sigFd) == false)
- {
- _error->DumpErrors(std::cerr);
- exit(EINTERNAL);
- }
-
- // everything fine, we have a clean file now!
+ // everything fine
exit(0);
}
exit(EINTERNAL); // unreachable safe-guard
}
/*}}}*/
-// RecombineToClearSignedFile - combine data/signature to message /*{{{*/
-bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile,
- std::vector<std::string> const &ContentHeader, int const SignatureFile)
-{
- FILE *clean_file = fopen(OutFile.c_str(), "w");
- fputs("-----BEGIN PGP SIGNED MESSAGE-----\n", clean_file);
- for (std::vector<std::string>::const_iterator h = ContentHeader.begin(); h != ContentHeader.end(); ++h)
- fprintf(clean_file, "%s\n", h->c_str());
- fputs("\n", clean_file);
-
- FILE *data_file = fdopen(ContentFile, "r");
- FILE *sig_file = fdopen(SignatureFile, "r");
- if (data_file == NULL || sig_file == NULL)
- {
- fclose(clean_file);
- return _error->Error("Couldn't open splitfiles to recombine them into %s", OutFile.c_str());
- }
- char *buf = NULL;
- size_t buf_size = 0;
- while (getline(&buf, &buf_size, data_file) != -1)
- fputs(buf, clean_file);
- fclose(data_file);
- fputs("\n", clean_file);
- while (getline(&buf, &buf_size, sig_file) != -1)
- fputs(buf, clean_file);
- fclose(sig_file);
- fclose(clean_file);
- return true;
-}
- /*}}}*/
// SplitClearSignedFile - split message into data/signature /*{{{*/
bool SplitClearSignedFile(std::string const &InFile, int const ContentFile,
std::vector<std::string> * const ContentHeader, int const SignatureFile)
diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h
index ab7d35ab1..8cbe553bc 100644
--- a/apt-pkg/contrib/gpgv.h
+++ b/apt-pkg/contrib/gpgv.h
@@ -69,20 +69,6 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig,
bool SplitClearSignedFile(std::string const &InFile, int const ContentFile,
std::vector<std::string> * const ContentHeader, int const SignatureFile);
-/** \brief recombines message and signature to an inline signature
- *
- * Reverses the splitting down by #SplitClearSignedFile by writing
- * a well-formed clear-signed message without unsigned messages,
- * additional signed messages or just trailing whitespaces
- *
- * @param OutFile will be clear-signed file
- * @param ContentFile is the Fd the message will be read from
- * @param ContentHeader is a list of all required Amored Headers for the message
- * @param SignatureFile is the Fd all signatures will be read from
- */
-bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile,
- std::vector<std::string> const &ContentHeader, int const SignatureFile);
-
/** \brief open a file which might be clear-signed
*
* This method tries to extract the (signed) message of a file.
diff --git a/apt-pkg/deb/debindexfile.cc b/apt-pkg/deb/debindexfile.cc
index de645bb6e..909dfcf47 100644
--- a/apt-pkg/deb/debindexfile.cc
+++ b/apt-pkg/deb/debindexfile.cc
@@ -22,6 +22,7 @@
#include <apt-pkg/strutl.h>
#include <apt-pkg/acquire-item.h>
#include <apt-pkg/debmetaindex.h>
+#include <apt-pkg/gpgv.h>
#include <sys/stat.h>
/*}}}*/
@@ -337,7 +338,12 @@ bool debPackagesIndex::Merge(pkgCacheGenerator &Gen,OpProgress *Prog) const
if (releaseExists == true || FileExists(ReleaseFile) == true)
{
- FileFd Rel(ReleaseFile,FileFd::ReadOnly);
+ FileFd Rel;
+ // Beware: The 'Release' file might be clearsigned in case the
+ // signature for an 'InRelease' file couldn't be checked
+ if (OpenMaybeClearSignedFile(ReleaseFile, Rel) == false)
+ return false;
+
if (_error->PendingError() == true)
return false;
Parser.LoadReleaseInfo(File,Rel,Section);
diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
index b84bd6fdd..2c014a734 100644
--- a/apt-pkg/deb/deblistparser.cc
+++ b/apt-pkg/deb/deblistparser.cc
@@ -800,13 +800,12 @@ bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator &FileI,
map_ptrloc const storage = WriteUniqString(component);
FileI->Component = storage;
- // FIXME: Code depends on the fact that Release files aren't compressed
+ // FIXME: should use FileFd and TagSection
FILE* release = fdopen(dup(File.Fd()), "r");
if (release == NULL)
return false;
char buffer[101];
- bool gpgClose = false;
while (fgets(buffer, sizeof(buffer), release) != NULL)
{
size_t len = 0;
@@ -818,15 +817,6 @@ bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator &FileI,
if (buffer[len] == '\0')
continue;
- // only evalute the first GPG section
- if (strncmp("-----", buffer, 5) == 0)
- {
- if (gpgClose == true)
- break;
- gpgClose = true;
- continue;
- }
-
// seperate the tag from the data
const char* dataStart = strchr(buffer + len, ':');
if (dataStart == NULL)
diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc
index af2639beb..1461a24bb 100644
--- a/apt-pkg/indexrecords.cc
+++ b/apt-pkg/indexrecords.cc
@@ -12,6 +12,7 @@
#include <apt-pkg/configuration.h>
#include <apt-pkg/fileutl.h>
#include <apt-pkg/hashes.h>
+#include <apt-pkg/gpgv.h>
#include <sys/stat.h>
#include <clocale>
@@ -57,7 +58,10 @@ bool indexRecords::Exists(string const &MetaKey) const
bool indexRecords::Load(const string Filename) /*{{{*/
{
- FileFd Fd(Filename, FileFd::ReadOnly);
+ FileFd Fd;
+ if (OpenMaybeClearSignedFile(Filename, Fd) == false)
+ return false;
+
pkgTagFile TagFile(&Fd, Fd.Size() + 256); // XXX
if (_error->PendingError() == true)
{