Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.1.17 2020-12-18T18:31:19Z 2020-12-18T18:31:19Z David Kalnischkies david@kalnischkies.de 2020-07-09T22:02:25Z urn:sha1:97d6c3b2d05fe0d965657197adf56cc78f9edf81 Every method opts in to getting the encoded URI passed along while keeping compat in case we are operated by an older acquire system. Effectively this is just a change for the http-based methods as the others just decode the URI as they work with files directly. 2020-08-04T10:12:11Z Julian Andres Klode julian.klode@canonical.com 2020-07-14T14:19:08Z urn:sha1:9cb5a81168307e15f209173ad9286835bff2df65 2020-01-07T21:51:41Z Julian Andres Klode julian.klode@canonical.com 2020-01-07T21:37:36Z urn:sha1:df4b92bd1df204e7fb0d22e73e143d205d74aea6 2019-11-26T11:36:46Z David Kalnischkies david@kalnischkies.de 2019-09-13T10:01:47Z urn:sha1:35012abf30ec1cfc9b5ee29647d4b1e25d98e99f Unused variable, std::algorithms instead of raw for-loops. There should be no observeable difference in behaviour. Reported-By: cppcheck Gbp-Dch: Ignore 2019-04-30T15:43:56Z Julian Andres Klode julian.klode@canonical.com 2019-04-30T10:32:54Z urn:sha1:af74a9e2d55d6a9532eb3fbb9b96c65b7ddc1e4d This needs a fair amount of changes elsewhere in the code, hence this is separate from the previous commits. 2019-01-22T11:24:22Z David Kalnischkies david@kalnischkies.de 2018-09-11T23:44:18Z urn:sha1:7bf533967fb385b9625a1ee4dd7c6542a84b489c Telling the acquire system which keys caused the gpgv method to succeed allows us for now just a casual check if the gpgv method really executed catching bugs like CVE-2018-0501, but we will make use of the information for better features in the following commits. 2019-01-22T11:24:22Z David Kalnischkies david@kalnischkies.de 2018-09-11T14:45:06Z urn:sha1:6b01cd087e6f92c5511fe6eea73699e075aa699a Having a method take a bunch of string vectors is bad style, so we change this to a wrapping struct and adapt the rest of the code brushing it up slightly in the process, which results even in a slightly "better" debug output, no practical change otherwise. Gbp-Dch: Ignore 2018-09-11T11:16:11Z David Kalnischkies david@kalnischkies.de 2018-08-17T14:33:41Z urn:sha1:8375d5b58038fc026098dcccc3de87cd9d740334 A user can specify multiple fingerprints for a while now, so its seems counter-intuitive to support only one keyring, especially if this isn't really checked or enforced and while unlikely mixtures of both should work properly, too, instead of a kinda random behaviour. 2018-09-11T11:16:11Z David Kalnischkies david@kalnischkies.de 2018-08-17T09:59:45Z urn:sha1:ff8fa4ab4b80384a9240f0df63181f71077a8d83 If we limit a file to be signed by a certain key it should usually accept also being signed by any of this keys subkeys instead of requiring each subkey to be listed explicitly. If the later is really wanted we support now also the same syntax as gpg does with appending an exclamation mark at the end of the fingerprint to force no mapping. 2018-08-19T15:30:31Z David Kalnischkies david@kalnischkies.de 2018-08-16T21:36:41Z urn:sha1:b934870c4f893be28eb1537910c0aadce6dd6e09 gpgs DETAILS documentation file declares that GOODSIG could report keyid or fingerprint since gpg2, but for the time being it is still keyid only. Who knows if that will ever change as that feels like an interface break with dangerous security implications, but lets be better safe than sorry especially as the code dealing with signed-by keyids is prepared for this already. This code is rewritten still to have them all use the same code for this type of problem.