From 76a71a1237d22c1990efbc19ce0e02aacf572576 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 14 Mar 2016 14:23:50 +0100 Subject: Handle ERRSIG in the gpgv method like BADSIG ERRSIG is created whenever a key uses an unknown/weak digest algorithm, for example. This allows us to report a more useful error than just "unknown apt-key error.": The following signatures were invalid: ERRSIG 13B00F1FD2C19886 1 2 01 1457609403 5 While still not being the best reportable error message, it's better than unknown apt-key error and hopefully redirects users to complain to their repository owners. --- methods/gpgv.cc | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'methods') diff --git a/methods/gpgv.cc b/methods/gpgv.cc index f17990245..5800a04f0 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -29,6 +29,7 @@ using std::vector; #define GNUPGPREFIX "[GNUPG:]" #define GNUPGBADSIG "[GNUPG:] BADSIG" +#define GNUPGERRSIG "[GNUPG:] ERRSIG" #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY" #define GNUPGVALIDSIG "[GNUPG:] VALIDSIG" #define GNUPGGOODSIG "[GNUPG:] GOODSIG" @@ -101,6 +102,12 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, std::clog << "Got BADSIG! " << std::endl; BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX))); } + else if (strncmp(buffer, GNUPGERRSIG, sizeof(GNUPGERRSIG)-1) == 0) + { + if (Debug == true) + std::clog << "Got ERRSIG! " << std::endl; + BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX))); + } else if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0) { if (Debug == true) -- cgit v1.2.3