summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorDavid Kalnischkies <kalnischkies@gmail.com>2013-03-18 22:57:08 +0100
committerDavid Kalnischkies <kalnischkies@gmail.com>2013-03-18 22:57:08 +0100
commit233b78083f6f79730fcb5a6faeb74e2a78b6038a (patch)
treebaba7b950d929c64338fdaed9da00eb84b612b15 /apt-pkg
parentf1828b6977972b4ef6da6401602b7938f6570c32 (diff)
* apt-pkg/deb/debindexfile.cc,
apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files We can't write a "clean" file to disk as not all acquire methods copy Release files before checking them (e.g. cdrom), so this reverts recombining, but uses the method we use for dsc files also in the two places we deal with Release files
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/contrib/gpgv.cc44
-rw-r--r--apt-pkg/contrib/gpgv.h14
-rw-r--r--apt-pkg/deb/debindexfile.cc8
-rw-r--r--apt-pkg/deb/deblistparser.cc12
-rw-r--r--apt-pkg/indexrecords.cc6
5 files changed, 15 insertions, 69 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index fc16dd32c..7e244c623 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -215,7 +215,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
UNLINK_EXIT(EINTERNAL);
}
#undef UNLINK_EXIT
- // we don't need the files any longer as we have the filedescriptors still open
+ // we don't need the files any longer
unlink(sig);
unlink(data);
free(sig);
@@ -235,52 +235,12 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
exit(WEXITSTATUS(Status));
}
- /* looks like its fine. Our caller will check the status fd,
- but we construct a good-known clear-signed file without garbage
- and other non-sense. In a perfect world, we get the same file,
- but empty lines, trailing whitespaces and stuff makes it inperfect … */
- if (RecombineToClearSignedFile(File, dataFd, dataHeader, sigFd) == false)
- {
- _error->DumpErrors(std::cerr);
- exit(EINTERNAL);
- }
-
- // everything fine, we have a clean file now!
+ // everything fine
exit(0);
}
exit(EINTERNAL); // unreachable safe-guard
}
/*}}}*/
-// RecombineToClearSignedFile - combine data/signature to message /*{{{*/
-bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile,
- std::vector<std::string> const &ContentHeader, int const SignatureFile)
-{
- FILE *clean_file = fopen(OutFile.c_str(), "w");
- fputs("-----BEGIN PGP SIGNED MESSAGE-----\n", clean_file);
- for (std::vector<std::string>::const_iterator h = ContentHeader.begin(); h != ContentHeader.end(); ++h)
- fprintf(clean_file, "%s\n", h->c_str());
- fputs("\n", clean_file);
-
- FILE *data_file = fdopen(ContentFile, "r");
- FILE *sig_file = fdopen(SignatureFile, "r");
- if (data_file == NULL || sig_file == NULL)
- {
- fclose(clean_file);
- return _error->Error("Couldn't open splitfiles to recombine them into %s", OutFile.c_str());
- }
- char *buf = NULL;
- size_t buf_size = 0;
- while (getline(&buf, &buf_size, data_file) != -1)
- fputs(buf, clean_file);
- fclose(data_file);
- fputs("\n", clean_file);
- while (getline(&buf, &buf_size, sig_file) != -1)
- fputs(buf, clean_file);
- fclose(sig_file);
- fclose(clean_file);
- return true;
-}
- /*}}}*/
// SplitClearSignedFile - split message into data/signature /*{{{*/
bool SplitClearSignedFile(std::string const &InFile, int const ContentFile,
std::vector<std::string> * const ContentHeader, int const SignatureFile)
diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h
index ab7d35ab1..8cbe553bc 100644
--- a/apt-pkg/contrib/gpgv.h
+++ b/apt-pkg/contrib/gpgv.h
@@ -69,20 +69,6 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig,
bool SplitClearSignedFile(std::string const &InFile, int const ContentFile,
std::vector<std::string> * const ContentHeader, int const SignatureFile);
-/** \brief recombines message and signature to an inline signature
- *
- * Reverses the splitting down by #SplitClearSignedFile by writing
- * a well-formed clear-signed message without unsigned messages,
- * additional signed messages or just trailing whitespaces
- *
- * @param OutFile will be clear-signed file
- * @param ContentFile is the Fd the message will be read from
- * @param ContentHeader is a list of all required Amored Headers for the message
- * @param SignatureFile is the Fd all signatures will be read from
- */
-bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile,
- std::vector<std::string> const &ContentHeader, int const SignatureFile);
-
/** \brief open a file which might be clear-signed
*
* This method tries to extract the (signed) message of a file.
diff --git a/apt-pkg/deb/debindexfile.cc b/apt-pkg/deb/debindexfile.cc
index de645bb6e..909dfcf47 100644
--- a/apt-pkg/deb/debindexfile.cc
+++ b/apt-pkg/deb/debindexfile.cc
@@ -22,6 +22,7 @@
#include <apt-pkg/strutl.h>
#include <apt-pkg/acquire-item.h>
#include <apt-pkg/debmetaindex.h>
+#include <apt-pkg/gpgv.h>
#include <sys/stat.h>
/*}}}*/
@@ -337,7 +338,12 @@ bool debPackagesIndex::Merge(pkgCacheGenerator &Gen,OpProgress *Prog) const
if (releaseExists == true || FileExists(ReleaseFile) == true)
{
- FileFd Rel(ReleaseFile,FileFd::ReadOnly);
+ FileFd Rel;
+ // Beware: The 'Release' file might be clearsigned in case the
+ // signature for an 'InRelease' file couldn't be checked
+ if (OpenMaybeClearSignedFile(ReleaseFile, Rel) == false)
+ return false;
+
if (_error->PendingError() == true)
return false;
Parser.LoadReleaseInfo(File,Rel,Section);
diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
index b84bd6fdd..2c014a734 100644
--- a/apt-pkg/deb/deblistparser.cc
+++ b/apt-pkg/deb/deblistparser.cc
@@ -800,13 +800,12 @@ bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator &FileI,
map_ptrloc const storage = WriteUniqString(component);
FileI->Component = storage;
- // FIXME: Code depends on the fact that Release files aren't compressed
+ // FIXME: should use FileFd and TagSection
FILE* release = fdopen(dup(File.Fd()), "r");
if (release == NULL)
return false;
char buffer[101];
- bool gpgClose = false;
while (fgets(buffer, sizeof(buffer), release) != NULL)
{
size_t len = 0;
@@ -818,15 +817,6 @@ bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator &FileI,
if (buffer[len] == '\0')
continue;
- // only evalute the first GPG section
- if (strncmp("-----", buffer, 5) == 0)
- {
- if (gpgClose == true)
- break;
- gpgClose = true;
- continue;
- }
-
// seperate the tag from the data
const char* dataStart = strchr(buffer + len, ':');
if (dataStart == NULL)
diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc
index af2639beb..1461a24bb 100644
--- a/apt-pkg/indexrecords.cc
+++ b/apt-pkg/indexrecords.cc
@@ -12,6 +12,7 @@
#include <apt-pkg/configuration.h>
#include <apt-pkg/fileutl.h>
#include <apt-pkg/hashes.h>
+#include <apt-pkg/gpgv.h>
#include <sys/stat.h>
#include <clocale>
@@ -57,7 +58,10 @@ bool indexRecords::Exists(string const &MetaKey) const
bool indexRecords::Load(const string Filename) /*{{{*/
{
- FileFd Fd(Filename, FileFd::ReadOnly);
+ FileFd Fd;
+ if (OpenMaybeClearSignedFile(Filename, Fd) == false)
+ return false;
+
pkgTagFile TagFile(&Fd, Fd.Size() + 256); // XXX
if (_error->PendingError() == true)
{