From d30036922c6963846db4ab633b13fb87c1b5b462 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 18 Jun 2016 15:15:27 +0200 Subject: add [weak] tag to hash errors to indicate insufficiency For "Hash Sum mismatch" that info doesn't make a whole lot of difference, but for the new insufficient info message an indicator that while this hashes are there and even match, they aren't enough from a security standpoint. --- apt-pkg/acquire-item.cc | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 862867932..63b3c9a1f 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -762,7 +762,12 @@ void pkgAcquire::Item::Failed(string const &Message,pkgAcquire::MethodConfig con { out << "Hashes of expected file:" << std::endl; for (auto const &hs: ExpectedHashes) - out << " - " << hs.toStr() << std::endl; + { + out << " - " << hs.toStr(); + if (hs.usable() == false) + out << " [weak]"; + out << std::endl; + } } if (failreason == HASHSUM_MISMATCH) { @@ -772,7 +777,13 @@ void pkgAcquire::Item::Failed(string const &Message,pkgAcquire::MethodConfig con std::string const tagname = std::string(*type) + "-Hash"; std::string const hashsum = LookupTag(Message, tagname.c_str()); if (hashsum.empty() == false) - out << " - " << HashString(*type, hashsum).toStr() << std::endl; + { + auto const hs = HashString(*type, hashsum); + out << " - " << hs.toStr(); + if (hs.usable() == false) + out << " [weak]"; + out << std::endl; + } } out << "Last modification reported: " << LookupTag(Message, "Last-Modified", "") << std::endl; } -- cgit v1.2.3