From 2d3fe9cfadb33556b7563a98bb5a4698888e6c40 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 18:53:53 +0100 Subject: - if ExecGPGV deals with a clear-signed file it will split this file into data and signatures, pass it to gpgv for verification and recombines it after that in a known-good way without unsigned blocks and whitespaces resulting usually in more or less the same file as before, but later code can be sure about the format * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default --- apt-pkg/contrib/gpgv.h | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) (limited to 'apt-pkg/contrib/gpgv.h') diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h index 8aeea2fb3..8e04855e4 100644 --- a/apt-pkg/contrib/gpgv.h +++ b/apt-pkg/contrib/gpgv.h @@ -10,6 +10,7 @@ #define CONTRIB_GPGV_H #include +#include #if __GNUC__ >= 4 #define APT_noreturn __attribute__ ((noreturn)) @@ -20,7 +21,9 @@ /** \brief generates and run the command to verify a file with gpgv * * If File and FileSig specify the same file it is assumed that we - * deal with a clear-signed message. + * deal with a clear-signed message. In that case the file will be + * rewritten to be in a good-known format without uneeded whitespaces + * and additional messages (unsigned or signed). * * @param File is the message (unsigned or clear-signed) * @param FileSig is the signature (detached or clear-signed) @@ -35,4 +38,40 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig, #undef APT_noreturn +/** \brief Split an inline signature into message and signature + * + * Takes a clear-signed message and puts the first signed message + * in the content file and all signatures following it into the + * second. Unsigned messages, additional messages as well as + * whitespaces are discarded. The resulting files are suitable to + * be checked with gpgv. + * + * If one or all Fds are -1 they will not be used and the content + * which would have been written to them is discarded. + * + * The code doesn't support dash-encoded lines as these are not + * expected to be present in files we have to deal with. + * + * @param InFile is the clear-signed file + * @param ContentFile is the Fd the message will be written to + * @param ContentHeader is a list of all required Amored Headers for the message + * @param SignatureFile is the Fd all signatures will be written to + */ +bool SplitClearSignedFile(std::string const &InFile, int const ContentFile, + std::vector * const ContentHeader, int const SignatureFile); + +/** \brief recombines message and signature to an inline signature + * + * Reverses the splitting down by #SplitClearSignedFile by writing + * a well-formed clear-signed message without unsigned messages, + * additional signed messages or just trailing whitespaces + * + * @param OutFile will be clear-signed file + * @param ContentFile is the Fd the message will be read from + * @param ContentHeader is a list of all required Amored Headers for the message + * @param SignatureFile is the Fd all signatures will be read from + */ +bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile, + std::vector const &ContentHeader, int const SignatureFile); + #endif -- cgit v1.2.3