summaryrefslogtreecommitdiff
path: root/methods/sqv.cc
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2025-01-01 14:23:35 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2025-01-01 14:23:35 +0100
commit02c8e57304f5bded10f7b16207469f9bc9bf3e96 (patch)
tree609b5a4d9eab37a1686772f281f7449a0d3aa201 /methods/sqv.cc
parent3c4d0d25e1c35af16b66a4dee48fb3b0ed9d50a5 (diff)
sqv: Avoid propagating errors between files
We inadvertently did not discard pending errors when the fallback to Dir::Etc::trusted succeeded, do so. Also add some quick safety checks to make sure we enter the verification in a good state, and that if somehow errors are pending after a verification we return false. Closes: #1091679
Diffstat (limited to 'methods/sqv.cc')
-rw-r--r--methods/sqv.cc13
1 files changed, 12 insertions, 1 deletions
diff --git a/methods/sqv.cc b/methods/sqv.cc
index 63ccdc08f..716081f8e 100644
--- a/methods/sqv.cc
+++ b/methods/sqv.cc
@@ -262,6 +262,10 @@ static std::string GenerateKeyFile(std::string const key)
bool SQVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
{
+ // Quick safety check: do we have left-over errors from a previous URL?
+ if (unlikely(_error->PendingError()))
+ return _error->Error("Internal error: Error set at start of verification");
+
URI const Get(Itm->Uri);
std::string const Path = DecodeSendURI(Get.Host + Get.Path); // To account for relative paths
@@ -288,6 +292,10 @@ bool SQVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
keyFpts.emplace_back(std::move(key));
}
+ // Nothing should have failed here in the setup, if it did, don't bother verifying
+ if (_error->PendingError())
+ return false;
+
// Run apt-key on file, extract contents and get the key ID of the signer
VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), keyFiles, Signers);
if (_error->PendingError())
@@ -300,6 +308,8 @@ bool SQVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
_error->RevertToStack();
if (error)
return false;
+
+ _error->Discard();
std::string warning;
strprintf(warning,
_("Key is stored in legacy trusted.gpg keyring (%s). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details."),
@@ -337,7 +347,8 @@ bool SQVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
if (DebugEnabled())
std::clog << "sqv succeeded\n";
- return true;
+ // If we have a pending error somehow, we should still fail here...
+ return not _error->PendingError();
}
int main()