apt/methods/gpgv.cc, branch 1.1.1Debians commandline package managerhttps://git.kalnischkies.de/apt/atom?h=1.1.12015-11-05T11:21:33Zallow acquire method specific options via Binary scope2015-11-05T11:21:33ZDavid Kalnischkiesdavid@kalnischkies.de2015-11-04T13:48:36Zurn:sha1:23e64f6d0facf9610c1042326ad9850e071e8349
Allows users who know what they are getting themselves into with this
trick to e.g. disable privilege dropping for e.g. file:// until they can
fix up the permissions on those repositories. It helps also the test
framework and people with a similar setup (= me) to run in less modified
environments.
add c++11 override marker to overridden methods2015-08-10T15:27:17ZDavid Kalnischkiesdavid@kalnischkies.de2015-07-08T22:35:40Zurn:sha1:3b3028467ceccca0b73a8f53051c0fa4de313111
C++11 adds the 'override' specifier to mark that a method is overriding
a base class method and error out if not. We hide it in the APT_OVERRIDE
macro to ensure that we keep compiling in pre-c++11 standards.
Reported-By: clang-modernize -add-override -override-macros
Git-Dch: Ignore
implement Signed-By without using gpg for verification2015-08-10T15:25:26ZDavid Kalnischkiesdavid@kalnischkies.de2015-07-07T20:11:20Zurn:sha1:4e03c47de15164f2656d9655edab6fb3570cb2f2
The previous commit returns to the possibility of using just gpgv for
verification proposes. There is one problem through: We can't enforce a
specific keyid without using gpg, but our acquire method can as it
parses gpgv output anyway, so it can deal with good signatures from not
expected signatures and treats them as unknown keys instead.
Git-Dch: Ignore
implement Signed-By option for sources.list2015-08-10T15:25:26ZDavid Kalnischkiesdavid@kalnischkies.de2015-06-24T17:31:22Zurn:sha1:b0d408547734100bf86781615f546487ecf390d9
Limits which key(s) can be used to sign a repository. Not immensely useful
from a security perspective all by itself, but if the user has
additional measures in place to confine a repository (like pinning) an
attacker who gets the key for such a repository is limited to its
potential and can't use the key to sign its attacks for an other (maybe
less limited) repository… (yes, this is as weak as it sounds, but having
the capability might come in handy for implementing other stuff later).
use getline() instead of rolling our own2014-11-09T20:45:55ZDavid Kalnischkiesdavid@kalnischkies.de2014-11-09T14:57:43Zurn:sha1:bf6ac7ca615922c23d1f3cf1963efc5be9c23e32
We use it in other places already as well even though it is farly new
addition to the POSIX family with 2008, but rolling our own here is
really something which should be avoided in such a important method.
Git-Dch: Ignore
Fix backward compatiblity of the new pkgAcquireMethod::DropPrivsOrDie()2014-10-13T09:29:47ZMichael Vogtmvo@ubuntu.com2014-10-13T08:57:30Zurn:sha1:9983999d294887046abf386adc31190700d89b61
Do not drop privileges in the methods when using a older version of
libapt that does not support the chown magic in partial/ yet. To
do this DropPrivileges() now will ignore a empty Apt::Sandbox::User.
Cleanup all hardcoded _apt along the way.
Merge remote-tracking branch 'upstream/debian/experimental' into feature/acq-trans2014-09-29T07:58:38ZMichael Vogtmvo@debian.org2014-09-29T07:58:38Zurn:sha1:4c333a25a88b1afac2ed50bf1b9af61dc5b09343
Conflicts:
apt-pkg/acquire-item.cc
apt-pkg/acquire-item.h
methods/gpgv.cc
correct the error messages to refer to apt-key instead of gpgv2014-09-26T22:12:14ZDavid Kalnischkiesdavid@kalnischkies.de2014-01-26T16:23:50Zurn:sha1:b39bb552f8de65cea13dc5f1fae6fbeb198605c6
Git-Dch: Ignore
Merge remote-tracking branch 'upstream/debian/experimental' into feature/acq-trans2014-09-25T10:33:26ZMichael Vogtmvo@ubuntu.com2014-09-25T10:33:26Zurn:sha1:e31a89e668596ea86c8f3a08429cd2f48286e734methods: Fail if we cannot drop privileges2014-09-24T19:49:19ZJulian Andres Klodejak@debian.org2014-09-24T19:49:19Zurn:sha1:7b18d5592fd5e0bb173e193d1e6693a66065f971