apt/methods, branch 1.2.10 Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.2.10 2016-03-28T12:59:33Z Allow lowering trust level of a hash via config 2016-03-28T12:59:33Z Julian Andres Klode jak@debian.org 2016-03-28T01:34:54Z urn:sha1:6a4958d3134a3a61c036bc9ccaccc393c2bb99f2 Introduces APT::Hashes::<NAME> with entries Untrusted and Weak which can be set to true to cause the hash to be treated as untrusted and/or weak. handle gpgv's weak-digests ERRSIG 2016-03-22T00:58:45Z David Kalnischkies david@kalnischkies.de 2016-03-22T00:26:29Z urn:sha1:08b7761a251a36fa65cbe022a86c51d7f091a88d Our own gpgv method can declare a digest algorithm as untrusted and handles these as worthless signatures. If gpgv comes with inbuilt untrusted (which is called weak in official terminology) which it e.g. does for MD5 in recent versions we should handle it in the same way. To check this we use the most uncommon still fully trusted hash as a configureable one via a hidden config option to toggle through all of the three states a hash can be in. properly check for "all good sigs are weak" 2016-03-21T21:47:17Z David Kalnischkies david@kalnischkies.de 2016-03-21T17:47:10Z urn:sha1:8fa99570816d3a644a9c4386c6a8f2ca21480329 Using erase(pos) is invalid in our case here as pos must be a valid and derefenceable iterator, which isn't the case for an end-iterator (like if we had no good signature). The problem runs deeper still through as VALIDSIG is a keyid while GOODSIG is just a longid so comparing them will always fail. Closes: 818910 Make the weak signature message less ambigious 2016-03-16T19:37:42Z Julian Andres Klode jak@debian.org 2016-03-16T19:02:53Z urn:sha1:5f060c2776606f3166bd6c64119c31be8ba5d857 There was a complaint that, in the previous message, the key fingerprint could be mistaken for a SHA1 digest due to the (SHA1) after it. Gbp-Dch: ignore methods/gpgv: Rewrite error handling and message 2016-03-16T16:56:50Z Julian Andres Klode jak@debian.org 2016-03-16T15:54:05Z urn:sha1:349c5c89454ff344e4cf693492e7cb62ff549886 This should be easy to extend in the future and allow us to simplify the error handling cases somewhat. Thanks: Ron Lee for wording suggestions methods/gpgv: Warn about SHA1 (and RIPEMD-160) 2016-03-15T11:33:21Z Julian Andres Klode jak@debian.org 2016-03-15T11:30:37Z urn:sha1:07ea3af0fe55fdfe976ab847c5c88efd703d1282 We will drop support for those in the future. Also adjust the std::array to be a std::vector, as that's easier to maintain. apt-pkg/acquire-worker.cc: Introduce 104 Warning message 2016-03-15T11:33:21Z Julian Andres Klode jak@debian.org 2016-03-15T10:40:10Z urn:sha1:8c9b7725c3d89461e78061aff4bc644cdb237fe7 This can be used by workers to send warnings to the main program. The messages will be passed to _error->Warning() by APT with the URI prepended. We are not going to make that really public now, as the interface might change a bit. methods/gpgv: Correctly handle weak signatures with multiple keys 2016-03-15T11:33:21Z Julian Andres Klode jak@debian.org 2016-03-15T09:56:05Z urn:sha1:08fd77e83528fd03795524adf76e359ae2b56e06 We added weak signatures to BadSigners, meaning that a Release file signed by both a weak signature and a strong signature would be rejected; preventing people from migrating from DSA to RSA keys in a sane way. Instead of using BadSigners, treat weak signatures like expired keys: They are no good signatures, and they are worthless. Gbp-Dch: ignore methods/gpgv: Reject weak digest algorithms 2016-03-14T14:37:05Z Julian Andres Klode jak@debian.org 2016-03-14T14:35:14Z urn:sha1:d91051242d10ada198b4ed59d59ad4aa8f59bcaf This keeps a list of weak digest algorithms. For now, only MD5 is disabled, as SHA1 breaks to many repos. Revert "Handle ERRSIG in the gpgv method like BADSIG" 2016-03-14T13:44:38Z Julian Andres Klode jak@debian.org 2016-03-14T13:44:33Z urn:sha1:0d80586a67622d4d58908fee41c3be8a6813d426 This reverts commit 76a71a1237d22c1990efbc19ce0e02aacf572576. That commit broke the test suite. Gbp-Dch: ignore