From d30036922c6963846db4ab633b13fb87c1b5b462 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Sat, 18 Jun 2016 15:15:27 +0200
Subject: add [weak] tag to hash errors to indicate insufficiency

For "Hash Sum mismatch" that info doesn't make a whole lot of
difference, but for the new insufficient info message an indicator that
while this hashes are there and even match, they aren't enough from a
security standpoint.
---
 apt-pkg/acquire-item.cc | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'apt-pkg')

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 862867932..63b3c9a1f 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -762,7 +762,12 @@ void pkgAcquire::Item::Failed(string const &Message,pkgAcquire::MethodConfig con
 	 {
 	    out << "Hashes of expected file:" << std::endl;
 	    for (auto const &hs: ExpectedHashes)
-	       out << " - " << hs.toStr() << std::endl;
+	    {
+	       out << " - " << hs.toStr();
+	       if (hs.usable() == false)
+		  out << " [weak]";
+	       out << std::endl;
+	    }
 	 }
 	 if (failreason == HASHSUM_MISMATCH)
 	 {
@@ -772,7 +777,13 @@ void pkgAcquire::Item::Failed(string const &Message,pkgAcquire::MethodConfig con
 	       std::string const tagname = std::string(*type) + "-Hash";
 	       std::string const hashsum = LookupTag(Message, tagname.c_str());
 	       if (hashsum.empty() == false)
-		  out << " - " << HashString(*type, hashsum).toStr() << std::endl;
+	       {
+		  auto const hs = HashString(*type, hashsum);
+		  out << " - " << hs.toStr();
+		  if (hs.usable() == false)
+		     out << " [weak]";
+		  out << std::endl;
+	       }
 	    }
 	    out << "Last modification reported: " << LookupTag(Message, "Last-Modified", "<none>") << std::endl;
 	 }
-- 
cgit v1.2.3