From 46e00c9062d09a642973e83a334483db1f310397 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 29 Apr 2016 10:16:42 +0200 Subject: support multiple fingerprints in signed-by A keyring file can include multiple keys, so its only fair for transitions and such to support multiple fingerprints as well. --- apt-pkg/deb/debmetaindex.cc | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'apt-pkg/deb/debmetaindex.cc') diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 71b208622..5b84ea5e8 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -627,19 +627,26 @@ bool debReleaseIndex::SetSignedBy(std::string const &pSignedBy) if (SignedBy.empty() == true && pSignedBy.empty() == false) { if (pSignedBy[0] == '/') // no check for existence as we could be chrooting later or such things - ; // absolute path to a keyring file + SignedBy = pSignedBy; // absolute path to a keyring file else { // we could go all fancy and allow short/long/string matches as gpgv/apt-key does, // but fingerprints are harder to fake than the others and this option is set once, // not interactively all the time so easy to type is not really a concern. - std::string finger = pSignedBy; - finger.erase(std::remove(finger.begin(), finger.end(), ' '), finger.end()); - std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper); - if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos) - return _error->Error(_("Invalid value set for option %s regarding source %s %s (%s)"), "Signed-By", URI.c_str(), Dist.c_str(), "not a fingerprint"); + auto fingers = VectorizeString(pSignedBy, ','); + std::transform(fingers.begin(), fingers.end(), fingers.begin(), [&](std::string finger) { + std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper); + if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos) + { + _error->Error(_("Invalid value set for option %s regarding source %s %s (%s)"), "Signed-By", URI.c_str(), Dist.c_str(), "not a fingerprint"); + return std::string(); + } + return finger; + }); + std::stringstream os; + std::copy(fingers.begin(), fingers.end(), std::ostream_iterator(os, ",")); + SignedBy = os.str(); } - SignedBy = pSignedBy; } else if (SignedBy != pSignedBy) return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), "Signed-By", URI.c_str(), Dist.c_str()); -- cgit v1.2.3