summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Schauer Marin Rodrigues <josch@mister-muffin.de>2025-03-12 19:45:18 +0100
committerJulian Andres Klode <jak@debian.org>2025-03-14 08:29:23 +0000
commitf866dac363c6a22fe1b35baddf126b39a405410e (patch)
tree7e85a693b39feb8a58c0232d7920c1e0eed1b598
parent8be7a10b43804fc4ebef712892e45bba26647d1f (diff)
cmdline/apt-get.cc: emit Signed-By field and support $(SIGNED_BY) in apt-get indextargets --format
-rw-r--r--cmdline/apt-get.cc2
-rw-r--r--doc/acquire-additional-files.md9
-rwxr-xr-xtest/integration/test-signed-by-option19
3 files changed, 18 insertions, 12 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index 2828ad68a..ae2356325 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -263,6 +263,8 @@ static bool DoIndexTargets(CommandLine &CmdL)
if (ReleaseInfo)
{
AddOptions.insert(std::make_pair("TRUSTED", ((*S)->IsTrusted() ? "yes" : "no")));
+ if (not (*S)->GetSignedBy().empty())
+ AddOptions.insert(std::make_pair("SIGNED_BY", SubstVar(SubstVar(APT::String::Strip((*S)->GetSignedBy()), "\n\n", "\n.\n"), "\n", "\n ")));
pkgCache::RlsFileIterator const RlsFile = (*S)->FindInCache(*Cache, false);
if (RlsFile.end())
continue;
diff --git a/doc/acquire-additional-files.md b/doc/acquire-additional-files.md
index 5b0335bc2..5253e37de 100644
--- a/doc/acquire-additional-files.md
+++ b/doc/acquire-additional-files.md
@@ -214,7 +214,8 @@ information about all files downloaded (aka: you will see *Packages*,
default output format as parameter to filter out all entries which do
not have such a line. With `--format`, you can further more define your
own output style. The variables are what you see in the output, just all
-uppercase and wrapped in `$()`, as in the configuration file.
+uppercase, hyphens replaced with underscores and wrapped in `$()`, as in
+the configuration file.
To get all the filenames of all *Translation-en* files you can e.g. call:
@@ -235,8 +236,8 @@ creates and calling `GetIndexTargets()` on them. See the source code of
Note that by default targets are not listed if they weren't downloaded.
If you want to see all targets, you can use the `--no-release-info`, which
-also removes the *Codename*, *Suite*, *Version*, *Origin*, *Label* and *Trusted*
-fields from the output as these also display data which needs to be
+also removes the *Codename*, *Suite*, *Version*, *Origin*, *Label*, *Trusted*,
+and *Signed-By* fields from the output as these also display data which needs to be
downloaded first and could hence be inaccurate [on the pro-side: This
mode is faster as it doesn't require a valid binary cache to operate].
The most notable difference perhaps is in the *Filename* field through: By
@@ -251,6 +252,8 @@ Remarks on fields only available in (default) `--release-info mode`:
* `Trusted`: Denotes with a *yes* or *no* if the data in this file is
authenticated by a trust chain rooted in a trusted gpg key. You should
be careful with untrusted data and warn the user if you use it.
+* `Signed-By`: The path to the OpenPGP keyring or an ASCII-armored embedded
+ OpenPGP certificate. The latter is DEB822-multi-line encoded.
* `Codename`, `Suite`, `Version`, `Origin` and `Label` are fields from the
*Release* file, are only present if they are present in the *Release* file
and contain the same data.
diff --git a/test/integration/test-signed-by-option b/test/integration/test-signed-by-option
index e6a3fbb86..62081eb06 100755
--- a/test/integration/test-signed-by-option
+++ b/test/integration/test-signed-by-option
@@ -40,13 +40,7 @@ setupaptarchive --no-update
rm -f rootdir/etc/apt/sources.list.d/* rootdir/etc/apt/sources.list
rm -f rootdir/etc/apt/trusted.gpg.d/* rootdir/etc/apt/trusted.gpg
-cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF
-Types: deb
-URIs: file://$PWD/aptarchive
-Suites: stable
-Components: main
-xSigned-By:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
+GPGKEYBLOCK='-----BEGIN PGP PUBLIC KEY BLOCK-----
.
mQENBExsGNYBCADNVx+TQ6h1tEyUP11f7ihfta3ZePkW1rIdkdHgA3Fw/TeLnTEq
mWuhMw2pL4zy1vQhU8efNrRaNUrUS7kV3LIdSjd5K4Aizqtsdy/gLKFoTcO8LFIm
@@ -63,15 +57,22 @@ xSigned-By:
xNHhRHzEPTYZ4PCCyaRX4YRAwsEMFsscsghpQgqRDhGSWq+jUVI+Aay7FTnd+1UA
1snsGpB0o9qxx8JpGMXI
=c/k4
- -----END PGP PUBLIC KEY BLOCK-----
+ -----END PGP PUBLIC KEY BLOCK-----'
+cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF
+Types: deb
+URIs: file://$PWD/aptarchive
+Suites: stable
+Components: main
+xSigned-By:
+ $GPGKEYBLOCK
EOF
testfailure apt update -o Debug::Acquire::gpgv=1
testsuccess grep -E "(NO_PUBKEY 5A90D141DBAC8DAE|no keyring is specified)" rootdir/tmp/testfailure.output
sed -i s/^xSigned-By/Signed-By/ rootdir/etc/apt/sources.list.d/deb822.sources
testsuccess apt update -o Debug::Acquire::gpgv=1
+testsuccessequal "$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')\n$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')" aptget indextargets --format '$(SIGNED_BY)'
# make sure we did not leave leftover files (LP: #1995247)
testsuccessequal "" ls "${TMPDIR}"
-
rm -f rootdir/etc/apt/sources.list.d/*
msgtest 'Check that a repository with' 'only the fisrt entry has no Signed-By value works'