summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2016-05-12 10:04:19 +0200
committerJulian Andres Klode <jak@debian.org>2016-05-15 19:42:13 +0200
commit71203dbf00cbb259fb59e8daf0543a45394b6623 (patch)
tree756f953f53e8e536527f12f0c77f36cfe0861c54
parenta9fd02dec56bcb3d7485ae286fad665aeed7cda4 (diff)
Normalize Signed-By values by removing trailing commas everywhere
This fixes comparisons where either the stored or the input string have a trailing comma.
-rw-r--r--apt-pkg/deb/debmetaindex.cc15
-rwxr-xr-xtest/integration/test-releasefile-verification-noflat25
2 files changed, 36 insertions, 4 deletions
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 71aee3f72..f756cdb1f 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -687,12 +687,19 @@ bool debReleaseIndex::SetSignedBy(std::string const &pSignedBy)
std::stringstream os;
std::copy(fingers.begin(), fingers.end(), std::ostream_iterator<std::string>(os, ","));
SignedBy = os.str();
- while (SignedBy[SignedBy.size() - 1] == ',')
- SignedBy.resize(SignedBy.size() - 1);
}
+ // Normalize the string: Remove trailing commas
+ while (SignedBy[SignedBy.size() - 1] == ',')
+ SignedBy.resize(SignedBy.size() - 1);
+ }
+ else {
+ // Only compare normalized strings
+ auto pSignedByView = APT::StringView(pSignedBy);
+ while (pSignedByView[pSignedByView.size() - 1] == ',')
+ pSignedByView = pSignedByView.substr(0, pSignedByView.size() - 1);
+ if (pSignedByView != SignedBy)
+ return _error->Error(_("Conflicting values set for option %s regarding source %s %s: %s != %s"), "Signed-By", URI.c_str(), Dist.c_str(), SignedBy.c_str(), pSignedByView.to_string().c_str());
}
- else if (SignedBy != pSignedBy)
- return _error->Error(_("Conflicting values set for option %s regarding source %s %s: %s != %s"), "Signed-By", URI.c_str(), Dist.c_str(), SignedBy.c_str(), pSignedBy.c_str());
return true;
}
/*}}}*/
diff --git a/test/integration/test-releasefile-verification-noflat b/test/integration/test-releasefile-verification-noflat
new file mode 100755
index 000000000..3953c6492
--- /dev/null
+++ b/test/integration/test-releasefile-verification-noflat
@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture "i386"
+
+export APT_DONT_SIGN='Release.gpg'
+insertpackage 'unstable' 'foo' 'i386' '1.0'
+setupaptarchive "now" "now + 1 year"
+changetowebserver
+
+SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')"
+
+testsuccess aptget update
+
+msgmsg 'Warm archive with signed-by' 'Joe Sixpack'
+sed -i "/^Valid-Until: / a\
+Signed-By: ${SIXPACK}" rootdir/var/lib/apt/lists/*Release
+touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release
+testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} unstable InRelease [$(stat -c '%s' 'aptarchive/dists/unstable/InRelease') B]
+Reading package lists..." aptget update
+testsuccess aptcache show foo