From b0d408547734100bf86781615f546487ecf390d9 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Wed, 24 Jun 2015 19:31:22 +0200
Subject: implement Signed-By option for sources.list
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Limits which key(s) can be used to sign a repository. Not immensely useful
from a security perspective all by itself, but if the user has
additional measures in place to confine a repository (like pinning) an
attacker who gets the key for such a repository is limited to its
potential and can't use the key to sign its attacks for an other (maybe
less limited) repository… (yes, this is as weak as it sounds, but having
the capability might come in handy for implementing other stuff later).
---
 apt-pkg/metaindex.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'apt-pkg/metaindex.h')

diff --git a/apt-pkg/metaindex.h b/apt-pkg/metaindex.h
index 5be7397ae..d284655bf 100644
--- a/apt-pkg/metaindex.h
+++ b/apt-pkg/metaindex.h
@@ -52,7 +52,7 @@ protected:
    std::string URI;
    std::string Dist;
    TriState Trusted;
-   TriState LoadedSuccessfully;
+   std::string SignedBy;
 
    // parsed from a file
    std::string Suite;
@@ -61,6 +61,7 @@ protected:
    time_t ValidUntil;
    bool SupportsAcquireByHash;
    std::map<std::string, checkSum *> Entries;
+   TriState LoadedSuccessfully;
 
 public:
    // Various accessors
@@ -68,6 +69,7 @@ public:
    std::string GetDist() const;
    const char* GetType() const;
    TriState GetTrusted() const;
+   std::string GetSignedBy() const;
 
    std::string GetCodename() const;
    std::string GetSuite() const;
-- 
cgit v1.2.3