summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2025-01-22 09:17:23 +0000
committerJulian Andres Klode <jak@debian.org>2025-01-22 09:17:23 +0000
commit0c07c8f38e320e8f8b303011813018f8f02beed8 (patch)
tree9414ac9ba3395e04a55c1ebb99405f36e48ed500
parent61f8f40f921cde13c5b97abbdf900646745e8e30 (diff)
parent09c76cb29b61e1d523a30287f8a9bf0cb0b608e7 (diff)
Merge branch 'no-fail-missing-parts' into 'main'
sqv, gpgv: Do not fail if Dir::Etc::Trusted is set and trusted.gpg.d is missing See merge request apt-team/apt!433
-rw-r--r--apt-pkg/contrib/gpgv.cc12
-rw-r--r--methods/sqv.cc11
-rwxr-xr-xtest/integration/test-method-gpgv-legacy-keyring48
3 files changed, 69 insertions, 2 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index 173bfdf22..c6eabc690 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -395,12 +395,20 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
}
}
- std::vector<std::string> Parts;
if (not FoundKeyring)
{
- Parts = GetListOfFilesInDir(_config->FindDir("Dir::Etc::TrustedParts"), std::vector<std::string>{"gpg", "asc"}, true);
+ // Either trusted or trustedparts must exist
+ _error->PushToStack();
+ auto Parts = GetListOfFilesInDir(_config->FindDir("Dir::Etc::TrustedParts"), std::vector<std::string>{"gpg", "asc"}, true);
if (auto trusted = _config->FindFile("Dir::Etc::Trusted"); not trusted.empty())
+ {
+ apt_warning(std::cerr, statusfd, fd, "Loading %s from deprecated option Dir::Etc::Trusted\n", trusted.c_str());
Parts.push_back(trusted);
+ }
+ if (Parts.empty())
+ _error->MergeWithStack();
+ else
+ _error->RevertToStack();
for (auto &Part : Parts)
{
if (Debug)
diff --git a/methods/sqv.cc b/methods/sqv.cc
index 9dbe75994..3191752cc 100644
--- a/methods/sqv.cc
+++ b/methods/sqv.cc
@@ -132,9 +132,20 @@ bool SQVMethod::VerifyGetSigners(const char *file, const char *outfile,
};
if (keyFiles.empty())
{
+ // Either trusted or trustedparts must exist
+ _error->PushToStack();
auto Parts = GetListOfFilesInDir(_config->FindDir("Dir::Etc::TrustedParts"), std::vector<std::string>{"gpg", "asc"}, true);
if (auto trusted = _config->FindFile("Dir::Etc::Trusted"); not trusted.empty())
+ {
+ std::string s;
+ strprintf(s, "Loading %s from deprecated option Dir::Etc::Trusted\n", trusted.c_str());
+ Warning(std::move(s));
Parts.push_back(trusted);
+ }
+ if (Parts.empty())
+ _error->MergeWithStack();
+ else
+ _error->RevertToStack();
for (auto &Part : Parts)
{
if (Debug)
diff --git a/test/integration/test-method-gpgv-legacy-keyring b/test/integration/test-method-gpgv-legacy-keyring
new file mode 100755
index 000000000..55ad2463d
--- /dev/null
+++ b/test/integration/test-method-gpgv-legacy-keyring
@@ -0,0 +1,48 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture "amd64"
+
+insertpackage 'testing' 'foo' 'all' '1'
+
+buildaptarchive
+setupaptarchive --no-update
+changetowebserver
+
+alias inrelease_size="stat -c %s aptarchive/dists/testing/InRelease"
+
+testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} testing InRelease [$(inrelease_size) B]
+Get:2 http://localhost:${APTHTTPPORT} testing/main all Packages [248 B]
+Get:3 http://localhost:${APTHTTPPORT} testing/main Translation-en [225 B]
+Reading package lists..." aptget update -q
+
+mv rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg rootdir/etc/apt/trusted.gpg
+
+if test -e "${METHODSDIR}/sqv"; then
+ missing_key="The signatures couldn't be verified because no keyring is specified"
+else
+ missing_key="The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A90D141DBAC8DAE"
+fi
+
+testwarningequal "Hit:1 http://localhost:${APTHTTPPORT} testing InRelease
+Reading package lists...
+W: http://localhost:${APTHTTPPORT}/dists/testing/InRelease: Loading ${TMPWORKINGDIRECTORY}/rootdir/etc/apt/trusted.gpg from deprecated option Dir::Etc::Trusted" aptget update -q -o Dir::Etc::trusted=trusted.gpg
+
+testwarningequal "Hit:1 http://localhost:${APTHTTPPORT} testing InRelease
+Err:1 http://localhost:${APTHTTPPORT} testing InRelease
+ $missing_key
+Reading package lists...
+W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://localhost:${APTHTTPPORT} testing InRelease: $missing_key
+W: Failed to fetch http://localhost:${APTHTTPPORT}/dists/testing/InRelease $missing_key
+W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -q
+
+rmdir rootdir/etc/apt/trusted.gpg.d
+
+testwarningequal "Hit:1 http://localhost:${APTHTTPPORT} testing InRelease
+Reading package lists...
+W: http://localhost:${APTHTTPPORT}/dists/testing/InRelease: Loading ${TMPWORKINGDIRECTORY}/rootdir/etc/apt/trusted.gpg from deprecated option Dir::Etc::Trusted" aptget update -q -o Dir::Etc::trusted=trusted.gpg
+