diff options
| author | Julian Andres Klode <jak@debian.org> | 2025-01-21 11:16:48 +0000 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2025-01-21 11:16:48 +0000 |
| commit | a3a4896b0bbc4567a07c6fb7cfaa8a1f6b03fab3 (patch) | |
| tree | 3a6febf5d378e2f323cb1a461a76604efe0c8a59 /methods/sqv.cc | |
| parent | afeaf6a442bb2603a1ebce096586cef48d065ba4 (diff) | |
| parent | 6f618323d2d1cea47df0952a9ed2cebcda6c7193 (diff) | |
Merge branch 'trust-deprecation' into 'main'
Warn about missing Signed-By in .list format
See merge request apt-team/apt!431
Diffstat (limited to 'methods/sqv.cc')
| -rw-r--r-- | methods/sqv.cc | 23 |
1 files changed, 3 insertions, 20 deletions
diff --git a/methods/sqv.cc b/methods/sqv.cc index ce7e36657..9dbe75994 100644 --- a/methods/sqv.cc +++ b/methods/sqv.cc @@ -133,6 +133,8 @@ bool SQVMethod::VerifyGetSigners(const char *file, const char *outfile, if (keyFiles.empty()) { auto Parts = GetListOfFilesInDir(_config->FindDir("Dir::Etc::TrustedParts"), std::vector<std::string>{"gpg", "asc"}, true); + if (auto trusted = _config->FindFile("Dir::Etc::Trusted"); not trusted.empty()) + Parts.push_back(trusted); for (auto &Part : Parts) { if (Debug) @@ -298,27 +300,8 @@ bool SQVMethod::URIAcquire(std::string const &Message, FetchItem *Itm) // Run sqv on file, extract contents and get the key ID of the signer VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), keyFiles, Signers); - if (_error->PendingError()) - { - // Legacy fallback to trusted.gpg - auto trusted = _config->FindFile("Dir::Etc::Trusted"); - _error->PushToStack(); - VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), {trusted}, Signers); - bool error = _error->PendingError(); - _error->RevertToStack(); - if (error) - return false; - - _error->Discard(); - std::string warning; - strprintf(warning, - _("Key is stored in legacy trusted.gpg keyring (%s). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details."), - trusted.c_str()); - Warning(std::move(warning)); - } - if (Signers.empty()) - return _error->Error("No good signature"); + return _error->PendingError() ? false : _error->Error("No good signature"); if (not keyFpts.empty()) { |
