From 0854ad8b8016d0132741a267492d72cfa0d3bd8e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 21 Jun 2012 12:32:56 +0200 Subject: check when finished downloading the InRelease file if it has the expected gpg clearsign signature and if not download Release/Release.gpg instead --- apt-pkg/indexcopy.cc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'apt-pkg/indexcopy.cc') diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index e29e2819c..db3d10ecd 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -648,16 +648,12 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG, { if (File == FileGPG) { - #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n" - char buffer[sizeof(SIGMSG)]; FILE* gpg = fopen(File.c_str(), "r"); if (gpg == NULL) return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str()); - char const * const test = fgets(buffer, sizeof(buffer), gpg); fclose(gpg); - if (test == NULL || strcmp(buffer, SIGMSG) != 0) + if (!IsPgpClearTextSignature(File)) return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str()); - #undef SIGMSG } -- cgit v1.2.3 From fe5804fc5010dd8f2e9406187bfc1f6afeb29c5a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Jul 2012 15:19:09 +0200 Subject: cherry pick -r1847 from bzr+ssh://bazaar.launchpad.net/~mvo/apt/lp346386/ --- apt-pkg/indexcopy.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-pkg/indexcopy.cc') diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index db3d10ecd..ddf1909b7 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -652,7 +652,7 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG, if (gpg == NULL) return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str()); fclose(gpg); - if (!IsPgpClearTextSignature(File)) + if (!StartsWithGPGClearTextSignature(File)) return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str()); } -- cgit v1.2.3