diff options
| author | Julian Andres Klode <jak@debian.org> | 2022-03-07 13:00:07 +0000 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2022-03-07 13:00:07 +0000 |
| commit | 3e57dc07fac417ff7007745510f0b35715045f70 (patch) | |
| tree | 5606cbe824edbdb6dec96332bd4f60daa122e060 | |
| parent | d9ceab20a05e0d02ecd1038161965a7eaf8e4c06 (diff) | |
| parent | 55452afa1e8eb3b252f76e455b49df5883e0b811 (diff) | |
Merge branch 'pu/regression-2.4.0' into 'main'
gpgv: Fix legacy fallback on unavailable keys
See merge request apt-team/apt!228
| -rw-r--r-- | methods/gpgv.cc | 14 | ||||
| -rwxr-xr-x | test/integration/test-method-gpgv-legacy-keyring | 8 |
2 files changed, 18 insertions, 4 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc index fdd8586b4..b8d348484 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -429,7 +429,14 @@ string GPGVMethod::VerifyGetSignersWithLegacy(const char *file, const char *outf string const msg = VerifyGetSigners(file, outfile, keyFpts, keyFiles, Signers); if (_error->PendingError()) return msg; - if (keyFiles.empty() && (Signers.Good.empty() || !Signers.Bad.empty() || !Signers.NoPubKey.empty())) + + // Bad signature always remains bad, no need to retry against trusted.gpg + if (!Signers.Bad.empty()) + return msg; + + // We do not have a key file pinned, did not find a good signature, but found + // missing keys - let's retry with trusted.gpg + if (keyFiles.empty() && Signers.Valid.empty() && !Signers.NoPubKey.empty()) { std::vector<std::string> legacyKeyFiles{_config->FindFile("Dir::Etc::trusted")}; if (legacyKeyFiles[0].empty()) @@ -437,14 +444,13 @@ string GPGVMethod::VerifyGetSignersWithLegacy(const char *file, const char *outf if (DebugEnabled()) std::clog << "Retrying against " << legacyKeyFiles[0] << "\n"; - // Retry against trusted.gpg SignersStorage legacySigners; string const legacyMsg = VerifyGetSigners(file, outfile, keyFpts, legacyKeyFiles, legacySigners); if (_error->PendingError()) return legacyMsg; - // Hooray, we found the key now - if (not(legacySigners.Good.empty() || !legacySigners.Bad.empty() || !legacySigners.NoPubKey.empty())) + // Hooray, we found a key apparently, something verified as good or bad + if (!legacySigners.Valid.empty() || !legacySigners.Bad.empty()) { std::string warning; strprintf(warning, diff --git a/test/integration/test-method-gpgv-legacy-keyring b/test/integration/test-method-gpgv-legacy-keyring index 37a86529a..5af955cdf 100755 --- a/test/integration/test-method-gpgv-legacy-keyring +++ b/test/integration/test-method-gpgv-legacy-keyring @@ -25,3 +25,11 @@ testwarningequal "Get:1 file:${TMPWORKINGDIRECTORY}/aptarchive unstable InReleas Get:1 file:${TMPWORKINGDIRECTORY}/aptarchive unstable InRelease [1420 B] Reading package lists... W: file:${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/InRelease: Key is stored in legacy trusted.gpg keyring (${TMPWORKINGDIRECTORY}/rootdir/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details." aptget update -q + +# 2.4.0 regression: If the InRelease file was signed with two keys, fallback to trusted.gpg did not +# work: It ran the fallback, but then ignored the result, as keys were still missing. +signreleasefiles 'Joe Sixpack,Marvin Paranoid' +testwarningequal "Get:1 file:${TMPWORKINGDIRECTORY}/aptarchive unstable InRelease [1867 B] +Get:1 file:${TMPWORKINGDIRECTORY}/aptarchive unstable InRelease [1867 B] +Reading package lists... +W: file:${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/InRelease: Key is stored in legacy trusted.gpg keyring (${TMPWORKINGDIRECTORY}/rootdir/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details." aptget update -q -omsg=with-two-signatures |