Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.2.9 2016-03-22T00:58:45Z 2016-03-22T00:58:45Z David Kalnischkies david@kalnischkies.de 2016-03-22T00:26:29Z urn:sha1:08b7761a251a36fa65cbe022a86c51d7f091a88d Our own gpgv method can declare a digest algorithm as untrusted and handles these as worthless signatures. If gpgv comes with inbuilt untrusted (which is called weak in official terminology) which it e.g. does for MD5 in recent versions we should handle it in the same way. To check this we use the most uncommon still fully trusted hash as a configureable one via a hidden config option to toggle through all of the three states a hash can be in. 2016-03-21T21:47:17Z David Kalnischkies david@kalnischkies.de 2016-03-21T17:47:10Z urn:sha1:8fa99570816d3a644a9c4386c6a8f2ca21480329 Using erase(pos) is invalid in our case here as pos must be a valid and derefenceable iterator, which isn't the case for an end-iterator (like if we had no good signature). The problem runs deeper still through as VALIDSIG is a keyid while GOODSIG is just a longid so comparing them will always fail. Closes: 818910 2016-03-16T19:37:42Z Julian Andres Klode jak@debian.org 2016-03-16T19:02:53Z urn:sha1:5f060c2776606f3166bd6c64119c31be8ba5d857 There was a complaint that, in the previous message, the key fingerprint could be mistaken for a SHA1 digest due to the (SHA1) after it. Gbp-Dch: ignore 2016-03-16T16:56:50Z Julian Andres Klode jak@debian.org 2016-03-16T15:54:05Z urn:sha1:349c5c89454ff344e4cf693492e7cb62ff549886 This should be easy to extend in the future and allow us to simplify the error handling cases somewhat. Thanks: Ron Lee for wording suggestions 2016-03-15T11:33:21Z Julian Andres Klode jak@debian.org 2016-03-15T11:30:37Z urn:sha1:07ea3af0fe55fdfe976ab847c5c88efd703d1282 We will drop support for those in the future. Also adjust the std::array to be a std::vector, as that's easier to maintain. 2016-03-15T11:33:21Z Julian Andres Klode jak@debian.org 2016-03-15T10:40:10Z urn:sha1:8c9b7725c3d89461e78061aff4bc644cdb237fe7 This can be used by workers to send warnings to the main program. The messages will be passed to _error->Warning() by APT with the URI prepended. We are not going to make that really public now, as the interface might change a bit. 2016-03-15T11:33:21Z Julian Andres Klode jak@debian.org 2016-03-15T09:56:05Z urn:sha1:08fd77e83528fd03795524adf76e359ae2b56e06 We added weak signatures to BadSigners, meaning that a Release file signed by both a weak signature and a strong signature would be rejected; preventing people from migrating from DSA to RSA keys in a sane way. Instead of using BadSigners, treat weak signatures like expired keys: They are no good signatures, and they are worthless. Gbp-Dch: ignore 2016-03-14T14:37:05Z Julian Andres Klode jak@debian.org 2016-03-14T14:35:14Z urn:sha1:d91051242d10ada198b4ed59d59ad4aa8f59bcaf This keeps a list of weak digest algorithms. For now, only MD5 is disabled, as SHA1 breaks to many repos. 2016-03-14T13:44:38Z Julian Andres Klode jak@debian.org 2016-03-14T13:44:33Z urn:sha1:0d80586a67622d4d58908fee41c3be8a6813d426 This reverts commit 76a71a1237d22c1990efbc19ce0e02aacf572576. That commit broke the test suite. Gbp-Dch: ignore 2016-03-14T13:23:50Z Julian Andres Klode jak@debian.org 2016-03-14T13:23:50Z urn:sha1:76a71a1237d22c1990efbc19ce0e02aacf572576 ERRSIG is created whenever a key uses an unknown/weak digest algorithm, for example. This allows us to report a more useful error than just "unknown apt-key error.": The following signatures were invalid: ERRSIG 13B00F1FD2C19886 1 2 01 1457609403 5 While still not being the best reportable error message, it's better than unknown apt-key error and hopefully redirects users to complain to their repository owners.