summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/acquire-item.cc15
-rw-r--r--apt-pkg/acquire-item.h1
-rw-r--r--apt-pkg/contrib/gpgv.cc17
-rw-r--r--apt-pkg/contrib/gpgv.h5
-rw-r--r--apt-pkg/deb/debmetaindex.cc35
-rw-r--r--apt-pkg/deb/debmetaindex.h1
-rw-r--r--apt-pkg/metaindex.cc4
-rw-r--r--apt-pkg/metaindex.h4
-rw-r--r--apt-pkg/sourcelist.cc28
9 files changed, 91 insertions, 19 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index a30a5d154..01a679fe0 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -808,7 +808,6 @@ string pkgAcqMetaBase::Custom600Headers() const
Header += MaximumSize;
string const FinalFile = GetFinalFilename();
-
struct stat Buf;
if (stat(FinalFile.c_str(),&Buf) == 0)
Header += "\nLast-Modified: " + TimeRFC1123(Buf.st_mtime);
@@ -1132,6 +1131,10 @@ string pkgAcqMetaClearSig::Custom600Headers() const
{
string Header = pkgAcqMetaBase::Custom600Headers();
Header += "\nFail-Ignore: true";
+ std::string const key = TransactionManager->MetaIndexParser->GetSignedBy();
+ if (key.empty() == false)
+ Header += "\nSigned-By: " + key;
+
return Header;
}
/*}}}*/
@@ -1374,6 +1377,16 @@ pkgAcqMetaSig::~pkgAcqMetaSig() /*{{{*/
{
}
/*}}}*/
+// pkgAcqMetaSig::Custom600Headers - Insert custom request headers /*{{{*/
+std::string pkgAcqMetaSig::Custom600Headers() const
+{
+ std::string Header = pkgAcqTransactionItem::Custom600Headers();
+ std::string const key = TransactionManager->MetaIndexParser->GetSignedBy();
+ if (key.empty() == false)
+ Header += "\nSigned-By: " + key;
+ return Header;
+}
+ /*}}}*/
// AcqMetaSig::Done - The signature was downloaded/verified /*{{{*/
void pkgAcqMetaSig::Done(string const &Message, HashStringList const &Hashes,
pkgAcquire::MethodConfig const * const Cfg)
diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h
index 10ece76c9..1cd2a6d03 100644
--- a/apt-pkg/acquire-item.h
+++ b/apt-pkg/acquire-item.h
@@ -541,6 +541,7 @@ class APT_HIDDEN pkgAcqMetaSig : public pkgAcqTransactionItem
virtual void Failed(std::string const &Message,pkgAcquire::MethodConfig const * const Cnf);
virtual void Done(std::string const &Message, HashStringList const &Hashes,
pkgAcquire::MethodConfig const * const Cnf);
+ virtual std::string Custom600Headers() const;
/** \brief Create a new pkgAcqMetaSig. */
pkgAcqMetaSig(pkgAcquire * const Owner, pkgAcqMetaClearSig * const TransactionManager,
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index a01e319eb..ef84da0d8 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -16,6 +16,8 @@
#include <sys/wait.h>
#include <unistd.h>
#include <stddef.h>
+
+#include <algorithm>
#include <iostream>
#include <string>
#include <vector>
@@ -42,7 +44,7 @@ static char * GenerateTemporaryFileTemplate(const char *basename) /*{{{*/
of the lifting in regards to merging keyrings. Fun for the whole family.
*/
void ExecGPGV(std::string const &File, std::string const &FileGPG,
- int const &statusfd, int fd[2])
+ int const &statusfd, int fd[2], std::string const &key)
{
#define EINTERNAL 111
std::string const aptkey = _config->FindFile("Dir::Bin::apt-key", "/usr/bin/apt-key");
@@ -55,6 +57,19 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
Args.push_back(aptkey.c_str());
Args.push_back("--quiet");
Args.push_back("--readonly");
+ if (key.empty() == false)
+ {
+ if (key[0] == '/')
+ {
+ Args.push_back("--keyring");
+ Args.push_back(key.c_str());
+ }
+ else
+ {
+ Args.push_back("--keyid");
+ Args.push_back(key.c_str());
+ }
+ }
Args.push_back("verify");
char statusfdstr[10];
diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h
index f018893fd..2a4cdad72 100644
--- a/apt-pkg/contrib/gpgv.h
+++ b/apt-pkg/contrib/gpgv.h
@@ -38,9 +38,12 @@ class FileFd;
*
* @param File is the message (unsigned or clear-signed)
* @param FileSig is the signature (detached or clear-signed)
+ * @param statusfd is the fd given to gpgv as --status-fd
+ * @param fd is used as a pipe for the standard output of gpgv
+ * @param key is the specific one to be used instead of using all
*/
void ExecGPGV(std::string const &File, std::string const &FileSig,
- int const &statusfd, int fd[2]) APT_NORETURN;
+ int const &statusfd, int fd[2], std::string const &Key = "") APT_NORETURN;
inline APT_NORETURN void ExecGPGV(std::string const &File, std::string const &FileSig,
int const &statusfd = -1) {
int fd[2];
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 5d7e539c7..4bb03a942 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -462,6 +462,29 @@ bool debReleaseIndex::SetValidUntilMax(time_t const Valid)
return _error->Error(_("Conflicting values set for option %s concerning source %s %s"), "Max-ValidTime", URI.c_str(), Dist.c_str());
return true;
}
+bool debReleaseIndex::SetSignedBy(std::string const &pSignedBy)
+{
+ if (SignedBy.empty() == true && pSignedBy.empty() == false)
+ {
+ if (pSignedBy[0] == '/') // no check for existence as we could be chrooting later or such things
+ ; // absolute path to a keyring file
+ else
+ {
+ // we could go all fancy and allow short/long/string matches as gpgv/apt-key does,
+ // but fingerprints are harder to fake than the others and this option is set once,
+ // not interactively all the time so easy to type is not really a concern.
+ std::string finger = pSignedBy;
+ finger.erase(std::remove(finger.begin(), finger.end(), ' '), finger.end());
+ std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper);
+ if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos)
+ return _error->Error(_("Invalid value set for option %s concerning source %s %s (%s)"), "Signed-By", URI.c_str(), Dist.c_str(), "not a fingerprint");
+ }
+ SignedBy = pSignedBy;
+ }
+ else if (SignedBy != pSignedBy)
+ return _error->Error(_("Conflicting values set for option %s concerning source %s %s"), "Signed-By", URI.c_str(), Dist.c_str());
+ return true;
+}
/*}}}*/
// ReleaseIndex::IsTrusted /*{{{*/
bool debReleaseIndex::IsTrusted() const
@@ -706,6 +729,18 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/
Deb->SetValidUntilMin(GetTimeOption(Options, "valid-until-min")) == false)
return false;
+ std::map<std::string, std::string>::const_iterator const signedby = Options.find("signed-by");
+ if (signedby == Options.end())
+ {
+ if (Deb->SetSignedBy("") == false)
+ return false;
+ }
+ else
+ {
+ if (Deb->SetSignedBy(signedby->second) == false)
+ return false;
+ }
+
return true;
}
diff --git a/apt-pkg/deb/debmetaindex.h b/apt-pkg/deb/debmetaindex.h
index 879eb3bfc..bf5b7c1ce 100644
--- a/apt-pkg/deb/debmetaindex.h
+++ b/apt-pkg/deb/debmetaindex.h
@@ -56,6 +56,7 @@ class APT_HIDDEN debReleaseIndex : public metaIndex
bool SetCheckValidUntil(TriState const Trusted);
bool SetValidUntilMin(time_t const Valid);
bool SetValidUntilMax(time_t const Valid);
+ bool SetSignedBy(std::string const &SignedBy);
virtual bool IsTrusted() const;
diff --git a/apt-pkg/metaindex.cc b/apt-pkg/metaindex.cc
index 8bd13bb18..baf695f16 100644
--- a/apt-pkg/metaindex.cc
+++ b/apt-pkg/metaindex.cc
@@ -27,8 +27,7 @@ bool metaIndex::Merge(pkgCacheGenerator &Gen,OpProgress *) const
metaIndex::metaIndex(std::string const &URI, std::string const &Dist,
char const * const Type)
: d(NULL), Indexes(NULL), Type(Type), URI(URI), Dist(Dist), Trusted(TRI_UNSET),
- LoadedSuccessfully(TRI_UNSET),
- Date(0), ValidUntil(0), SupportsAcquireByHash(false)
+ Date(0), ValidUntil(0), SupportsAcquireByHash(false), LoadedSuccessfully(TRI_UNSET)
{
/* nothing */
}
@@ -48,6 +47,7 @@ APT_PURE std::string metaIndex::GetURI() const { return URI; }
APT_PURE std::string metaIndex::GetDist() const { return Dist; }
APT_PURE const char* metaIndex::GetType() const { return Type; }
APT_PURE metaIndex::TriState metaIndex::GetTrusted() const { return Trusted; }
+APT_PURE std::string metaIndex::GetSignedBy() const { return SignedBy; }
APT_PURE std::string metaIndex::GetCodename() const { return Codename; }
APT_PURE std::string metaIndex::GetSuite() const { return Suite; }
APT_PURE bool metaIndex::GetSupportsAcquireByHash() const { return SupportsAcquireByHash; }
diff --git a/apt-pkg/metaindex.h b/apt-pkg/metaindex.h
index 5be7397ae..d284655bf 100644
--- a/apt-pkg/metaindex.h
+++ b/apt-pkg/metaindex.h
@@ -52,7 +52,7 @@ protected:
std::string URI;
std::string Dist;
TriState Trusted;
- TriState LoadedSuccessfully;
+ std::string SignedBy;
// parsed from a file
std::string Suite;
@@ -61,6 +61,7 @@ protected:
time_t ValidUntil;
bool SupportsAcquireByHash;
std::map<std::string, checkSum *> Entries;
+ TriState LoadedSuccessfully;
public:
// Various accessors
@@ -68,6 +69,7 @@ public:
std::string GetDist() const;
const char* GetType() const;
TriState GetTrusted() const;
+ std::string GetSignedBy() const;
std::string GetCodename() const;
std::string GetSuite() const;
diff --git a/apt-pkg/sourcelist.cc b/apt-pkg/sourcelist.cc
index 0d65558ed..eef0ee709 100644
--- a/apt-pkg/sourcelist.cc
+++ b/apt-pkg/sourcelist.cc
@@ -93,27 +93,29 @@ bool pkgSourceList::Type::ParseStanza(vector<metaIndex *> &List, /*{{{*/
if (Enabled.empty() == false && StringToBool(Enabled) == false)
return true;
- std::map<char const * const, char const * const> mapping;
+ std::map<char const * const, std::pair<char const * const, bool> > mapping;
#define APT_PLUSMINUS(X, Y) \
- mapping.insert(std::make_pair(X, Y)); \
- mapping.insert(std::make_pair(X "Add", Y "+")); \
- mapping.insert(std::make_pair(X "Remove", Y "-"))
+ mapping.insert(std::make_pair(X, std::make_pair(Y, true))); \
+ mapping.insert(std::make_pair(X "Add", std::make_pair(Y "+", true))); \
+ mapping.insert(std::make_pair(X "Remove", std::make_pair(Y "-", true)))
APT_PLUSMINUS("Architectures", "arch");
APT_PLUSMINUS("Languages", "lang");
APT_PLUSMINUS("Targets", "target");
#undef APT_PLUSMINUS
- mapping.insert(std::make_pair("Trusted", "trusted"));
- mapping.insert(std::make_pair("Check-Valid-Until", "check-valid-until"));
- mapping.insert(std::make_pair("Valid-Until-Min", "valid-until-min"));
- mapping.insert(std::make_pair("Valid-Until-Max", "valid-until-max"));
+ mapping.insert(std::make_pair("Trusted", std::make_pair("trusted", false)));
+ mapping.insert(std::make_pair("Check-Valid-Until", std::make_pair("check-valid-until", false)));
+ mapping.insert(std::make_pair("Valid-Until-Min", std::make_pair("valid-until-min", false)));
+ mapping.insert(std::make_pair("Valid-Until-Max", std::make_pair("valid-until-max", false)));
+ mapping.insert(std::make_pair("Signed-By", std::make_pair("signed-by", false)));
- for (std::map<char const * const, char const * const>::const_iterator m = mapping.begin(); m != mapping.end(); ++m)
+ for (std::map<char const * const, std::pair<char const * const, bool> >::const_iterator m = mapping.begin(); m != mapping.end(); ++m)
if (Tags.Exists(m->first))
{
- // for deb822 the " " is the delimiter, but the backend expects ","
- std::string option = Tags.FindS(m->first);
- std::replace(option.begin(), option.end(), ' ', ',');
- Options[m->second] = option;
+ std::string option = Tags.FindS(m->first);
+ // for deb822 the " " is the delimiter, but the backend expects ","
+ if (m->second.second == true)
+ std::replace(option.begin(), option.end(), ' ', ',');
+ Options[m->second.first] = option;
}
// now create one item per suite/section
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 13:01:43 +0000