apt/methods/gpgv.cc, branch 1.2.7Debians commandline package managerhttps://git.kalnischkies.de/apt/atom?h=1.2.72016-03-15T11:33:21Zmethods/gpgv: Warn about SHA1 (and RIPEMD-160)2016-03-15T11:33:21ZJulian Andres Klodejak@debian.org2016-03-15T11:30:37Zurn:sha1:07ea3af0fe55fdfe976ab847c5c88efd703d1282
We will drop support for those in the future.
Also adjust the std::array to be a std::vector, as that's easier to
maintain.
methods/gpgv: Correctly handle weak signatures with multiple keys2016-03-15T11:33:21ZJulian Andres Klodejak@debian.org2016-03-15T09:56:05Zurn:sha1:08fd77e83528fd03795524adf76e359ae2b56e06
We added weak signatures to BadSigners, meaning that a Release file
signed by both a weak signature and a strong signature would be
rejected; preventing people from migrating from DSA to RSA keys
in a sane way.
Instead of using BadSigners, treat weak signatures like expired
keys: They are no good signatures, and they are worthless.
Gbp-Dch: ignore
methods/gpgv: Reject weak digest algorithms2016-03-14T14:37:05ZJulian Andres Klodejak@debian.org2016-03-14T14:35:14Zurn:sha1:d91051242d10ada198b4ed59d59ad4aa8f59bcaf
This keeps a list of weak digest algorithms. For now, only MD5
is disabled, as SHA1 breaks to many repos.
Revert "Handle ERRSIG in the gpgv method like BADSIG"2016-03-14T13:44:38ZJulian Andres Klodejak@debian.org2016-03-14T13:44:33Zurn:sha1:0d80586a67622d4d58908fee41c3be8a6813d426
This reverts commit 76a71a1237d22c1990efbc19ce0e02aacf572576.
That commit broke the test suite.
Gbp-Dch: ignore
Handle ERRSIG in the gpgv method like BADSIG2016-03-14T13:23:50ZJulian Andres Klodejak@debian.org2016-03-14T13:23:50Zurn:sha1:76a71a1237d22c1990efbc19ce0e02aacf572576
ERRSIG is created whenever a key uses an unknown/weak digest
algorithm, for example. This allows us to report a more useful
error than just "unknown apt-key error.":
The following signatures were invalid: ERRSIG 13B00F1FD2C19886 1 2 01 1457609403 5
While still not being the best reportable error message, it's
better than unknown apt-key error and hopefully redirects users
to complain to their repository owners.
allow acquire method specific options via Binary scope2015-11-05T11:21:33ZDavid Kalnischkiesdavid@kalnischkies.de2015-11-04T13:48:36Zurn:sha1:23e64f6d0facf9610c1042326ad9850e071e8349
Allows users who know what they are getting themselves into with this
trick to e.g. disable privilege dropping for e.g. file:// until they can
fix up the permissions on those repositories. It helps also the test
framework and people with a similar setup (= me) to run in less modified
environments.
add c++11 override marker to overridden methods2015-08-10T15:27:17ZDavid Kalnischkiesdavid@kalnischkies.de2015-07-08T22:35:40Zurn:sha1:3b3028467ceccca0b73a8f53051c0fa4de313111
C++11 adds the 'override' specifier to mark that a method is overriding
a base class method and error out if not. We hide it in the APT_OVERRIDE
macro to ensure that we keep compiling in pre-c++11 standards.
Reported-By: clang-modernize -add-override -override-macros
Git-Dch: Ignore
implement Signed-By without using gpg for verification2015-08-10T15:25:26ZDavid Kalnischkiesdavid@kalnischkies.de2015-07-07T20:11:20Zurn:sha1:4e03c47de15164f2656d9655edab6fb3570cb2f2
The previous commit returns to the possibility of using just gpgv for
verification proposes. There is one problem through: We can't enforce a
specific keyid without using gpg, but our acquire method can as it
parses gpgv output anyway, so it can deal with good signatures from not
expected signatures and treats them as unknown keys instead.
Git-Dch: Ignore
implement Signed-By option for sources.list2015-08-10T15:25:26ZDavid Kalnischkiesdavid@kalnischkies.de2015-06-24T17:31:22Zurn:sha1:b0d408547734100bf86781615f546487ecf390d9
Limits which key(s) can be used to sign a repository. Not immensely useful
from a security perspective all by itself, but if the user has
additional measures in place to confine a repository (like pinning) an
attacker who gets the key for such a repository is limited to its
potential and can't use the key to sign its attacks for an other (maybe
less limited) repository… (yes, this is as weak as it sounds, but having
the capability might come in handy for implementing other stuff later).
use getline() instead of rolling our own2014-11-09T20:45:55ZDavid Kalnischkiesdavid@kalnischkies.de2014-11-09T14:57:43Zurn:sha1:bf6ac7ca615922c23d1f3cf1963efc5be9c23e32
We use it in other places already as well even though it is farly new
addition to the POSIX family with 2008, but rolling our own here is
really something which should be avoided in such a important method.
Git-Dch: Ignore