Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.9.0 2024-04-09T17:59:52Z 2024-04-09T17:59:52Z Julian Andres Klode julian.klode@canonical.com 2024-04-09T17:56:26Z urn:sha1:81c65f7e86b8f16eaaa91d9c205a594b0ebde159 We temporarily downgraded the errors to warnings to give the launchpad PPAs time to be fixed, but warnings are not safe: Untrusted keys could be hiding on your system, but just not used at the moment. Hence revert this so we get the errors we want. This reverts commit 66998ed3d299bede651ad40368bdb270f5f5b0f9. LP: #2060721 Gbp-Dch: full 2024-02-28T17:22:01Z Julian Andres Klode julian.klode@canonical.com 2024-02-28T16:04:05Z urn:sha1:66998ed3d299bede651ad40368bdb270f5f5b0f9 This will only issue warnings instead of errors while we continue cleaning up our repositories. 2024-02-28T17:22:01Z Julian Andres Klode julian.klode@canonical.com 2024-02-28T15:52:33Z urn:sha1:8a14c18c5b487139948dcb22abd37bffdd9cf5f4 This allows us to render public key algorithms as weak as well. 2024-02-28T17:22:01Z Julian Andres Klode julian.klode@canonical.com 2024-02-28T14:14:43Z urn:sha1:50e3fee26ae843a812b1c9ec8531946931773fd3 The assertion can be overriden using apt::key::assert-pubkey-algo, the default is the most opinionated one. This will inform the user during apt-cdrom add as we do not pass --quiet to user, so adjust test case. Add a simple test case for it to test-method-gpgv. LP: #2055193 2024-02-28T17:21:01Z Julian Andres Klode julian.klode@canonical.com 2024-02-28T13:49:48Z urn:sha1:60d653634f889abe09c0f4d88f2559eab9202635 2019-01-23T21:48:16Z David Kalnischkies david@kalnischkies.de 2019-01-23T19:50:29Z urn:sha1:e2965b0b6bdd68ffcad0e06d11755412a7e16e50 The exploit for CVE-2019-3462 uses the fact that a Release.gpg file can contain additional content beside the expected detached signature(s). We were passing the file unchecked to gpgv which ignores these extras without complains, so we reuse the same line-reading implementation we use for InRelease splitting to detect if a Release.gpg file contains unexpected data and fail in this case given that we in the previous commit we established that we fail in the similar InRelease case now. 2019-01-22T11:24:22Z David Kalnischkies david@kalnischkies.de 2018-09-11T23:44:18Z urn:sha1:7bf533967fb385b9625a1ee4dd7c6542a84b489c Telling the acquire system which keys caused the gpgv method to succeed allows us for now just a casual check if the gpgv method really executed catching bugs like CVE-2018-0501, but we will make use of the information for better features in the following commits. 2019-01-22T11:24:22Z David Kalnischkies david@kalnischkies.de 2018-09-11T14:45:06Z urn:sha1:6b01cd087e6f92c5511fe6eea73699e075aa699a Having a method take a bunch of string vectors is bad style, so we change this to a wrapping struct and adapt the rest of the code brushing it up slightly in the process, which results even in a slightly "better" debug output, no practical change otherwise. Gbp-Dch: Ignore 2018-09-11T11:16:11Z David Kalnischkies david@kalnischkies.de 2018-08-17T14:33:41Z urn:sha1:8375d5b58038fc026098dcccc3de87cd9d740334 A user can specify multiple fingerprints for a while now, so its seems counter-intuitive to support only one keyring, especially if this isn't really checked or enforced and while unlikely mixtures of both should work properly, too, instead of a kinda random behaviour. 2018-09-11T11:16:11Z David Kalnischkies david@kalnischkies.de 2018-08-17T09:59:45Z urn:sha1:ff8fa4ab4b80384a9240f0df63181f71077a8d83 If we limit a file to be signed by a certain key it should usually accept also being signed by any of this keys subkeys instead of requiring each subkey to be listed explicitly. If the later is really wanted we support now also the same syntax as gpg does with appending an exclamation mark at the end of the fingerprint to force no mapping.