diff options
| author | Julian Andres Klode <jak@debian.org> | 2021-10-18 14:34:42 +0000 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2021-10-18 14:34:42 +0000 |
| commit | 9d8cad64f03b47576ea0fd22f7d963c031faec3b (patch) | |
| tree | ea9ffa6160ee3d4c13c8727d56735684387c83c4 /apt-pkg/deb | |
| parent | ad7bae309a827592aa228af9470c1aa7abdd189e (diff) | |
| parent | dcbae505308758df2870c0424e3f5a1dfebcb5ec (diff) | |
Merge branch 'pu/signed-by-embedded-key' into 'main'
Add support for embedding PGP keys into Signed-By in deb822 sources
See merge request apt-team/apt!176
Diffstat (limited to 'apt-pkg/deb')
| -rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index d78cea758..88a55a477 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -54,8 +54,27 @@ static std::string transformFingergrpintsWithFilenames(std::string const &finger return transformFingergrpints(finger); } /*}}}*/ -static std::string NormalizeSignedBy(std::string SignedBy, bool const SupportFilenames) /*{{{*/ +// Introducer is set if additional keys may be introduced, for example /*{{{*/ +// by setting it to a filename or a complete key +static std::string NormalizeSignedBy(std::string SignedBy, bool const Introducer) { + // This is an embedded public pgp key, normalize spaces inside it and empty "." lines + if (Introducer && SignedBy.find("-----BEGIN PGP PUBLIC KEY BLOCK-----") != std::string::npos) { + std::istringstream is(SignedBy); + std::ostringstream os; + std::string line; + + while (std::getline(is, line)) { + line = APT::String::Strip(line); + // The special encoding for empty lines in deb822 + if (line == ".") + line=""; + os << line << std::endl; + } + std::clog << "OUTPUT " << os.str() << std::endl; + return os.str(); + } + // we could go all fancy and allow short/long/string matches as gpgv/apt-key does, // but fingerprints are harder to fake than the others and this option is set once, // not interactively all the time so easy to type is not really a concern. @@ -67,7 +86,7 @@ static std::string NormalizeSignedBy(std::string SignedBy, bool const SupportFil fingers.erase(std::remove_if(fingers.begin(), fingers.end(), isAnEmptyString), fingers.end()); if (unlikely(fingers.empty())) return ""; - if (SupportFilenames) + if (Introducer) std::transform(fingers.begin(), fingers.end(), fingers.begin(), transformFingergrpintsWithFilenames); else std::transform(fingers.begin(), fingers.end(), fingers.begin(), transformFingergrpints); |