summaryrefslogtreecommitdiff
path: root/methods/gpgv.cc
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2025-01-21 11:16:48 +0000
committerJulian Andres Klode <jak@debian.org>2025-01-21 11:16:48 +0000
commita3a4896b0bbc4567a07c6fb7cfaa8a1f6b03fab3 (patch)
tree3a6febf5d378e2f323cb1a461a76604efe0c8a59 /methods/gpgv.cc
parentafeaf6a442bb2603a1ebce096586cef48d065ba4 (diff)
parent6f618323d2d1cea47df0952a9ed2cebcda6c7193 (diff)
Merge branch 'trust-deprecation' into 'main'
Warn about missing Signed-By in .list format See merge request apt-team/apt!431
Diffstat (limited to 'methods/gpgv.cc')
-rw-r--r--methods/gpgv.cc49
1 files changed, 1 insertions, 48 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 1a6356dee..ecdbe5898 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -121,10 +121,6 @@ class GPGVMethod : public aptMethod
vector<string> const &keyFpts,
vector<string> const &keyFiles,
SignersStorage &Signers);
- string VerifyGetSignersWithLegacy(const char *file, const char *outfile,
- vector<string> const &keyFpts,
- vector<string> const &keyFiles,
- SignersStorage &Signers);
protected:
bool URIAcquire(std::string const &Message, FetchItem *Itm) override;
@@ -482,49 +478,6 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
else
return _("Unknown error executing gpgv");
}
-string GPGVMethod::VerifyGetSignersWithLegacy(const char *file, const char *outfile,
- vector<string> const &keyFpts,
- vector<string> const &keyFiles,
- SignersStorage &Signers)
-{
- string const msg = VerifyGetSigners(file, outfile, keyFpts, keyFiles, Signers);
- if (_error->PendingError())
- return msg;
-
- // Bad signature always remains bad, no need to retry against trusted.gpg
- if (!Signers.Bad.empty())
- return msg;
-
- // We do not have a key file pinned, did not find a good signature, but found
- // missing keys - let's retry with trusted.gpg
- if (keyFiles.empty() && Signers.Valid.empty() && !Signers.NoPubKey.empty())
- {
- std::vector<std::string> legacyKeyFiles{_config->FindFile("Dir::Etc::trusted")};
- if (legacyKeyFiles[0].empty())
- return msg;
- if (DebugEnabled())
- std::clog << "Retrying against " << legacyKeyFiles[0] << "\n";
-
- SignersStorage legacySigners;
-
- string const legacyMsg = VerifyGetSigners(file, outfile, keyFpts, legacyKeyFiles, legacySigners);
- if (_error->PendingError())
- return legacyMsg;
- // Hooray, we found a key apparently, something verified as good or bad
- if (!legacySigners.Valid.empty() || !legacySigners.Bad.empty())
- {
- std::string warning;
- strprintf(warning,
- _("Key is stored in legacy trusted.gpg keyring (%s). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details."),
- legacyKeyFiles[0].c_str());
- Warning(std::move(warning));
- Signers = std::move(legacySigners);
- return legacyMsg;
- }
-
- }
- return msg;
-}
static std::string GenerateKeyFile(std::string const key)
{
FileFd fd;
@@ -563,7 +516,7 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
}
// Run gpgv on file, extract contents and get the key ID of the signer
- string const msg = VerifyGetSignersWithLegacy(Path.c_str(), Itm->DestFile.c_str(), keyFpts, keyFiles, Signers);
+ string const msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), keyFpts, keyFiles, Signers);
if (_error->PendingError())
return false;