diff options
| author | Johannes Schauer Marin Rodrigues <josch@mister-muffin.de> | 2025-03-12 19:45:18 +0100 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2025-03-14 08:29:23 +0000 |
| commit | f866dac363c6a22fe1b35baddf126b39a405410e (patch) | |
| tree | 7e85a693b39feb8a58c0232d7920c1e0eed1b598 | |
| parent | 8be7a10b43804fc4ebef712892e45bba26647d1f (diff) | |
cmdline/apt-get.cc: emit Signed-By field and support $(SIGNED_BY) in apt-get indextargets --format
| -rw-r--r-- | cmdline/apt-get.cc | 2 | ||||
| -rw-r--r-- | doc/acquire-additional-files.md | 9 | ||||
| -rwxr-xr-x | test/integration/test-signed-by-option | 19 |
3 files changed, 18 insertions, 12 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 2828ad68a..ae2356325 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -263,6 +263,8 @@ static bool DoIndexTargets(CommandLine &CmdL) if (ReleaseInfo) { AddOptions.insert(std::make_pair("TRUSTED", ((*S)->IsTrusted() ? "yes" : "no"))); + if (not (*S)->GetSignedBy().empty()) + AddOptions.insert(std::make_pair("SIGNED_BY", SubstVar(SubstVar(APT::String::Strip((*S)->GetSignedBy()), "\n\n", "\n.\n"), "\n", "\n "))); pkgCache::RlsFileIterator const RlsFile = (*S)->FindInCache(*Cache, false); if (RlsFile.end()) continue; diff --git a/doc/acquire-additional-files.md b/doc/acquire-additional-files.md index 5b0335bc2..5253e37de 100644 --- a/doc/acquire-additional-files.md +++ b/doc/acquire-additional-files.md @@ -214,7 +214,8 @@ information about all files downloaded (aka: you will see *Packages*, default output format as parameter to filter out all entries which do not have such a line. With `--format`, you can further more define your own output style. The variables are what you see in the output, just all -uppercase and wrapped in `$()`, as in the configuration file. +uppercase, hyphens replaced with underscores and wrapped in `$()`, as in +the configuration file. To get all the filenames of all *Translation-en* files you can e.g. call: @@ -235,8 +236,8 @@ creates and calling `GetIndexTargets()` on them. See the source code of Note that by default targets are not listed if they weren't downloaded. If you want to see all targets, you can use the `--no-release-info`, which -also removes the *Codename*, *Suite*, *Version*, *Origin*, *Label* and *Trusted* -fields from the output as these also display data which needs to be +also removes the *Codename*, *Suite*, *Version*, *Origin*, *Label*, *Trusted*, +and *Signed-By* fields from the output as these also display data which needs to be downloaded first and could hence be inaccurate [on the pro-side: This mode is faster as it doesn't require a valid binary cache to operate]. The most notable difference perhaps is in the *Filename* field through: By @@ -251,6 +252,8 @@ Remarks on fields only available in (default) `--release-info mode`: * `Trusted`: Denotes with a *yes* or *no* if the data in this file is authenticated by a trust chain rooted in a trusted gpg key. You should be careful with untrusted data and warn the user if you use it. +* `Signed-By`: The path to the OpenPGP keyring or an ASCII-armored embedded + OpenPGP certificate. The latter is DEB822-multi-line encoded. * `Codename`, `Suite`, `Version`, `Origin` and `Label` are fields from the *Release* file, are only present if they are present in the *Release* file and contain the same data. diff --git a/test/integration/test-signed-by-option b/test/integration/test-signed-by-option index e6a3fbb86..62081eb06 100755 --- a/test/integration/test-signed-by-option +++ b/test/integration/test-signed-by-option @@ -40,13 +40,7 @@ setupaptarchive --no-update rm -f rootdir/etc/apt/sources.list.d/* rootdir/etc/apt/sources.list rm -f rootdir/etc/apt/trusted.gpg.d/* rootdir/etc/apt/trusted.gpg -cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF -Types: deb -URIs: file://$PWD/aptarchive -Suites: stable -Components: main -xSigned-By: - -----BEGIN PGP PUBLIC KEY BLOCK----- +GPGKEYBLOCK='-----BEGIN PGP PUBLIC KEY BLOCK----- . mQENBExsGNYBCADNVx+TQ6h1tEyUP11f7ihfta3ZePkW1rIdkdHgA3Fw/TeLnTEq mWuhMw2pL4zy1vQhU8efNrRaNUrUS7kV3LIdSjd5K4Aizqtsdy/gLKFoTcO8LFIm @@ -63,15 +57,22 @@ xSigned-By: xNHhRHzEPTYZ4PCCyaRX4YRAwsEMFsscsghpQgqRDhGSWq+jUVI+Aay7FTnd+1UA 1snsGpB0o9qxx8JpGMXI =c/k4 - -----END PGP PUBLIC KEY BLOCK----- + -----END PGP PUBLIC KEY BLOCK-----' +cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF +Types: deb +URIs: file://$PWD/aptarchive +Suites: stable +Components: main +xSigned-By: + $GPGKEYBLOCK EOF testfailure apt update -o Debug::Acquire::gpgv=1 testsuccess grep -E "(NO_PUBKEY 5A90D141DBAC8DAE|no keyring is specified)" rootdir/tmp/testfailure.output sed -i s/^xSigned-By/Signed-By/ rootdir/etc/apt/sources.list.d/deb822.sources testsuccess apt update -o Debug::Acquire::gpgv=1 +testsuccessequal "$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')\n$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')" aptget indextargets --format '$(SIGNED_BY)' # make sure we did not leave leftover files (LP: #1995247) testsuccessequal "" ls "${TMPDIR}" - rm -f rootdir/etc/apt/sources.list.d/* msgtest 'Check that a repository with' 'only the fisrt entry has no Signed-By value works' |
