summaryrefslogtreecommitdiff
path: root/methods/sqv.cc
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2025-01-21 11:16:48 +0000
committerJulian Andres Klode <jak@debian.org>2025-01-21 11:16:48 +0000
commita3a4896b0bbc4567a07c6fb7cfaa8a1f6b03fab3 (patch)
tree3a6febf5d378e2f323cb1a461a76604efe0c8a59 /methods/sqv.cc
parentafeaf6a442bb2603a1ebce096586cef48d065ba4 (diff)
parent6f618323d2d1cea47df0952a9ed2cebcda6c7193 (diff)
Merge branch 'trust-deprecation' into 'main'
Warn about missing Signed-By in .list format See merge request apt-team/apt!431
Diffstat (limited to 'methods/sqv.cc')
-rw-r--r--methods/sqv.cc23
1 files changed, 3 insertions, 20 deletions
diff --git a/methods/sqv.cc b/methods/sqv.cc
index ce7e36657..9dbe75994 100644
--- a/methods/sqv.cc
+++ b/methods/sqv.cc
@@ -133,6 +133,8 @@ bool SQVMethod::VerifyGetSigners(const char *file, const char *outfile,
if (keyFiles.empty())
{
auto Parts = GetListOfFilesInDir(_config->FindDir("Dir::Etc::TrustedParts"), std::vector<std::string>{"gpg", "asc"}, true);
+ if (auto trusted = _config->FindFile("Dir::Etc::Trusted"); not trusted.empty())
+ Parts.push_back(trusted);
for (auto &Part : Parts)
{
if (Debug)
@@ -298,27 +300,8 @@ bool SQVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
// Run sqv on file, extract contents and get the key ID of the signer
VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), keyFiles, Signers);
- if (_error->PendingError())
- {
- // Legacy fallback to trusted.gpg
- auto trusted = _config->FindFile("Dir::Etc::Trusted");
- _error->PushToStack();
- VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), {trusted}, Signers);
- bool error = _error->PendingError();
- _error->RevertToStack();
- if (error)
- return false;
-
- _error->Discard();
- std::string warning;
- strprintf(warning,
- _("Key is stored in legacy trusted.gpg keyring (%s). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details."),
- trusted.c_str());
- Warning(std::move(warning));
- }
-
if (Signers.empty())
- return _error->Error("No good signature");
+ return _error->PendingError() ? false : _error->Error("No good signature");
if (not keyFpts.empty())
{