summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Vogt <mvo@debian.org>2006-01-06 00:02:14 +0000
committerMichael Vogt <mvo@debian.org>2006-01-06 00:02:14 +0000
commitce424cd4464ce46706046d581e05fbf292a54881 (patch)
tree9a7947bff875e32633b423c8d5a3448ef451e766
parentd4ef73fbc21241252917c551f60f686dcd5c2e1f (diff)
* support multiple signatures
-rw-r--r--apt-pkg/acquire-item.cc22
-rw-r--r--apt-pkg/acquire-item.h5
-rw-r--r--debian/changelog3
-rw-r--r--methods/gpgv.cc6
4 files changed, 29 insertions, 7 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index b9fc74456..11a449e91 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -554,7 +554,7 @@ void pkgAcqMetaIndex::AuthDone(string Message)
return;
}
- if (!VerifyVendor())
+ if (!VerifyVendor(Message))
{
return;
}
@@ -612,7 +612,7 @@ void pkgAcqMetaIndex::QueueIndexes(bool verify)
}
}
-bool pkgAcqMetaIndex::VerifyVendor()
+bool pkgAcqMetaIndex::VerifyVendor(string Message)
{
// // Maybe this should be made available from above so we don't have
// // to read and parse it every time?
@@ -637,6 +637,22 @@ bool pkgAcqMetaIndex::VerifyVendor()
// break;
// }
// }
+ string::size_type pos;
+
+ // check for missing sigs (that where not fatal because otherwise we had
+ // bombed earlier)
+ string missingkeys;
+ string msg = _("There was no public key available for the "
+ "following key IDs:\n");
+ pos = Message.find("NO_PUBKEY ");
+ if (pos != std::string::npos)
+ {
+ string::size_type start = pos+strlen("NO_PUBKEY ");
+ string Fingerprint = Message.substr(start, Message.find("\n")-start);
+ missingkeys += (Fingerprint);
+ }
+ if(!missingkeys.empty())
+ _error->Warning("%s", string(msg+missingkeys).c_str());
string Transformed = MetaIndexParser->GetExpectedDist();
@@ -645,7 +661,7 @@ bool pkgAcqMetaIndex::VerifyVendor()
Transformed = "experimental";
}
- string::size_type pos = Transformed.rfind('/');
+ pos = Transformed.rfind('/');
if (pos != string::npos)
{
Transformed = Transformed.substr(0, pos);
diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h
index e6fc7fc47..da1bea801 100644
--- a/apt-pkg/acquire-item.h
+++ b/apt-pkg/acquire-item.h
@@ -151,9 +151,10 @@ class pkgAcqMetaIndex : public pkgAcquire::Item
const vector<struct IndexTarget*>* IndexTargets;
indexRecords* MetaIndexParser;
bool AuthPass;
- bool IMSHit; // required to fail gracefully on failures
+ // required to deal gracefully with problems caused by incorrect ims hits
+ bool IMSHit;
- bool VerifyVendor();
+ bool VerifyVendor(string Message);
void RetrievalDone(string Message);
void AuthDone(string Message);
void QueueIndexes(bool verify);
diff --git a/debian/changelog b/debian/changelog
index 5c1b1347e..8bcb42566 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,8 +16,9 @@ apt (0.6.43.1) unstable; urgency=low
(closes: #79277)
* share/debian-archive.gpg: new 2006 ftp-archive signing key added
* redownload the Release file if IMS-Hit and gpg failure
+ * deal with multiple signatures
- --
+ -- Michael Vogt <mvo@debian.org> Thu, 5 Jan 2006 23:47:40 +0100
apt (0.6.43) unstable; urgency=medium
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 5cb154f66..a114ad797 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -247,7 +247,11 @@ bool GPGVMethod::Fetch(FetchItem *Itm)
errmsg += (*I + "\n");
}
}
- return _error->Error(errmsg.c_str());
+ // this is only fatal if we have no good sigs or if we have at
+ // least one bad signature. good signatures and NoPubKey signatures
+ // happen easily when a file is signed with multiple signatures
+ if(GoodSigners.empty() or !BadSigners.empty())
+ return _error->Error(errmsg.c_str());
}
// Transfer the modification times