summaryrefslogtreecommitdiff
path: root/apt-pkg/deb
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2023-06-27 19:14:43 +0200
committerJulian Andres Klode <julian.klode@canonical.com>2023-06-27 19:21:47 +0200
commitaba813975abb880f8b27d659147f7760c02f99e7 (patch)
treea288dc6a6ebb4d13b42a35c6df610a6cecc6ec31 /apt-pkg/deb
parentf557a5e15bb4715557566d7e88e7367c17e94ebf (diff)
update: Add notice about missing Signed-By in deb822 sources
We want to gently steer users towards having Signed-By for each source such that we can retire a shared keyring across sources which improves resilience against configuration issues and incompetent malicious actors.
Diffstat (limited to 'apt-pkg/deb')
-rw-r--r--apt-pkg/deb/debmetaindex.cc3
1 files changed, 3 insertions, 0 deletions
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index ef6bce261..744a5cab7 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -1397,6 +1397,9 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/
Deb->SetSnapshot(GetSnapshotOption(Options, "snapshot")) == false)
return false;
+ if (GetBoolOption(Options, "sourceslist-entry-is-deb822", false))
+ Deb->SetFlag(metaIndex::Flag::DEB822);
+
std::map<std::string, std::string>::const_iterator const signedby = Options.find("signed-by");
if (signedby == Options.end())
{