diff options
| author | Julian Andres Klode <jak@debian.org> | 2025-03-14 08:29:50 +0000 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2025-03-14 08:29:50 +0000 |
| commit | d010239daab81ca027be332f1b5372eaf9dbbeb6 (patch) | |
| tree | 7e85a693b39feb8a58c0232d7920c1e0eed1b598 | |
| parent | db5267cc17b3b2e6ded25da60adc030124950ae4 (diff) | |
| parent | f866dac363c6a22fe1b35baddf126b39a405410e (diff) | |
Merge branch 'indextargets-signed-by' into 'main'
apt-pkg/solver3.h: avoid static_assert(false) and signed-by in apt-get indextargets
See merge request apt-team/apt!464
| -rw-r--r-- | apt-pkg/solver3.h | 4 | ||||
| -rw-r--r-- | cmdline/apt-get.cc | 2 | ||||
| -rw-r--r-- | doc/acquire-additional-files.md | 9 | ||||
| -rwxr-xr-x | test/integration/test-signed-by-option | 19 |
4 files changed, 21 insertions, 13 deletions
diff --git a/apt-pkg/solver3.h b/apt-pkg/solver3.h index 1bdc13559..c2d6e035e 100644 --- a/apt-pkg/solver3.h +++ b/apt-pkg/solver3.h @@ -19,6 +19,8 @@ #include <apt-pkg/pkgcache.h> #include <apt-pkg/policy.h> +template <typename T> struct always_false : std::false_type {}; + namespace APT { @@ -49,7 +51,7 @@ class ContiguousCacheMap else if constexpr (std::is_same_v<K, pkgCache::Package>) size = cache.Head().PackageCount; else - static_assert(false, "Cannot construct map for key type"); + static_assert(always_false<K>::value, "Cannot construct map for key type"); data_ = new V[size]{}; } diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 2828ad68a..ae2356325 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -263,6 +263,8 @@ static bool DoIndexTargets(CommandLine &CmdL) if (ReleaseInfo) { AddOptions.insert(std::make_pair("TRUSTED", ((*S)->IsTrusted() ? "yes" : "no"))); + if (not (*S)->GetSignedBy().empty()) + AddOptions.insert(std::make_pair("SIGNED_BY", SubstVar(SubstVar(APT::String::Strip((*S)->GetSignedBy()), "\n\n", "\n.\n"), "\n", "\n "))); pkgCache::RlsFileIterator const RlsFile = (*S)->FindInCache(*Cache, false); if (RlsFile.end()) continue; diff --git a/doc/acquire-additional-files.md b/doc/acquire-additional-files.md index 5b0335bc2..5253e37de 100644 --- a/doc/acquire-additional-files.md +++ b/doc/acquire-additional-files.md @@ -214,7 +214,8 @@ information about all files downloaded (aka: you will see *Packages*, default output format as parameter to filter out all entries which do not have such a line. With `--format`, you can further more define your own output style. The variables are what you see in the output, just all -uppercase and wrapped in `$()`, as in the configuration file. +uppercase, hyphens replaced with underscores and wrapped in `$()`, as in +the configuration file. To get all the filenames of all *Translation-en* files you can e.g. call: @@ -235,8 +236,8 @@ creates and calling `GetIndexTargets()` on them. See the source code of Note that by default targets are not listed if they weren't downloaded. If you want to see all targets, you can use the `--no-release-info`, which -also removes the *Codename*, *Suite*, *Version*, *Origin*, *Label* and *Trusted* -fields from the output as these also display data which needs to be +also removes the *Codename*, *Suite*, *Version*, *Origin*, *Label*, *Trusted*, +and *Signed-By* fields from the output as these also display data which needs to be downloaded first and could hence be inaccurate [on the pro-side: This mode is faster as it doesn't require a valid binary cache to operate]. The most notable difference perhaps is in the *Filename* field through: By @@ -251,6 +252,8 @@ Remarks on fields only available in (default) `--release-info mode`: * `Trusted`: Denotes with a *yes* or *no* if the data in this file is authenticated by a trust chain rooted in a trusted gpg key. You should be careful with untrusted data and warn the user if you use it. +* `Signed-By`: The path to the OpenPGP keyring or an ASCII-armored embedded + OpenPGP certificate. The latter is DEB822-multi-line encoded. * `Codename`, `Suite`, `Version`, `Origin` and `Label` are fields from the *Release* file, are only present if they are present in the *Release* file and contain the same data. diff --git a/test/integration/test-signed-by-option b/test/integration/test-signed-by-option index e6a3fbb86..62081eb06 100755 --- a/test/integration/test-signed-by-option +++ b/test/integration/test-signed-by-option @@ -40,13 +40,7 @@ setupaptarchive --no-update rm -f rootdir/etc/apt/sources.list.d/* rootdir/etc/apt/sources.list rm -f rootdir/etc/apt/trusted.gpg.d/* rootdir/etc/apt/trusted.gpg -cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF -Types: deb -URIs: file://$PWD/aptarchive -Suites: stable -Components: main -xSigned-By: - -----BEGIN PGP PUBLIC KEY BLOCK----- +GPGKEYBLOCK='-----BEGIN PGP PUBLIC KEY BLOCK----- . mQENBExsGNYBCADNVx+TQ6h1tEyUP11f7ihfta3ZePkW1rIdkdHgA3Fw/TeLnTEq mWuhMw2pL4zy1vQhU8efNrRaNUrUS7kV3LIdSjd5K4Aizqtsdy/gLKFoTcO8LFIm @@ -63,15 +57,22 @@ xSigned-By: xNHhRHzEPTYZ4PCCyaRX4YRAwsEMFsscsghpQgqRDhGSWq+jUVI+Aay7FTnd+1UA 1snsGpB0o9qxx8JpGMXI =c/k4 - -----END PGP PUBLIC KEY BLOCK----- + -----END PGP PUBLIC KEY BLOCK-----' +cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF +Types: deb +URIs: file://$PWD/aptarchive +Suites: stable +Components: main +xSigned-By: + $GPGKEYBLOCK EOF testfailure apt update -o Debug::Acquire::gpgv=1 testsuccess grep -E "(NO_PUBKEY 5A90D141DBAC8DAE|no keyring is specified)" rootdir/tmp/testfailure.output sed -i s/^xSigned-By/Signed-By/ rootdir/etc/apt/sources.list.d/deb822.sources testsuccess apt update -o Debug::Acquire::gpgv=1 +testsuccessequal "$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')\n$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')" aptget indextargets --format '$(SIGNED_BY)' # make sure we did not leave leftover files (LP: #1995247) testsuccessequal "" ls "${TMPDIR}" - rm -f rootdir/etc/apt/sources.list.d/* msgtest 'Check that a repository with' 'only the fisrt entry has no Signed-By value works' |
