summaryrefslogtreecommitdiff
path: root/apt-pkg/deb/debmetaindex.cc
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-04-29 10:16:42 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2016-05-01 10:50:24 +0200
commit46e00c9062d09a642973e83a334483db1f310397 (patch)
tree6c498258c3e0ffb7e330c82506bb94e9f749b41a /apt-pkg/deb/debmetaindex.cc
parent5419a6ce20967902102358a07632ae3688788d62 (diff)
support multiple fingerprints in signed-by
A keyring file can include multiple keys, so its only fair for transitions and such to support multiple fingerprints as well.
Diffstat (limited to 'apt-pkg/deb/debmetaindex.cc')
-rw-r--r--apt-pkg/deb/debmetaindex.cc21
1 files changed, 14 insertions, 7 deletions
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 71b208622..5b84ea5e8 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -627,19 +627,26 @@ bool debReleaseIndex::SetSignedBy(std::string const &pSignedBy)
if (SignedBy.empty() == true && pSignedBy.empty() == false)
{
if (pSignedBy[0] == '/') // no check for existence as we could be chrooting later or such things
- ; // absolute path to a keyring file
+ SignedBy = pSignedBy; // absolute path to a keyring file
else
{
// we could go all fancy and allow short/long/string matches as gpgv/apt-key does,
// but fingerprints are harder to fake than the others and this option is set once,
// not interactively all the time so easy to type is not really a concern.
- std::string finger = pSignedBy;
- finger.erase(std::remove(finger.begin(), finger.end(), ' '), finger.end());
- std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper);
- if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos)
- return _error->Error(_("Invalid value set for option %s regarding source %s %s (%s)"), "Signed-By", URI.c_str(), Dist.c_str(), "not a fingerprint");
+ auto fingers = VectorizeString(pSignedBy, ',');
+ std::transform(fingers.begin(), fingers.end(), fingers.begin(), [&](std::string finger) {
+ std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper);
+ if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos)
+ {
+ _error->Error(_("Invalid value set for option %s regarding source %s %s (%s)"), "Signed-By", URI.c_str(), Dist.c_str(), "not a fingerprint");
+ return std::string();
+ }
+ return finger;
+ });
+ std::stringstream os;
+ std::copy(fingers.begin(), fingers.end(), std::ostream_iterator<std::string>(os, ","));
+ SignedBy = os.str();
}
- SignedBy = pSignedBy;
}
else if (SignedBy != pSignedBy)
return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), "Signed-By", URI.c_str(), Dist.c_str());