diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2024-02-28 14:49:48 +0100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2024-02-28 18:21:01 +0100 |
| commit | 60d653634f889abe09c0f4d88f2559eab9202635 (patch) | |
| tree | 9afe7739be332d24bd948274fc7565bb6f1c57ec /methods | |
| parent | 066121ac4de3f1e07e203583a2c5d00a0289f84a (diff) | |
gpgv: Add a reason to worthless signers
Diffstat (limited to 'methods')
| -rw-r--r-- | methods/gpgv.cc | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc index cb46703b3..b2e73c9fe 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -108,7 +108,7 @@ static bool IsTheSameKey(std::string const &validsig, std::string const &goodsig struct APT_HIDDEN SignersStorage { std::vector<std::string> Good; std::vector<std::string> Bad; - std::vector<std::string> Worthless; + std::vector<Signer> Worthless; // a worthless signature is a expired or revoked one std::vector<Signer> SoonWorthless; std::vector<std::string> NoPubKey; @@ -160,6 +160,16 @@ static void PushEntryWithUID(std::vector<std::string> &Signers, char * const buf std::clog << "Got " << msg << " !" << std::endl; Signers.push_back(msg); } +static void PushEntryWithUID(std::vector<Signer> &Signers, char * const buffer, bool const Debug) +{ + std::string msg = buffer + sizeof(GNUPGPREFIX); + auto const nuke = msg.find_last_not_of("\n\t\r"); + if (nuke != std::string::npos) + msg.erase(nuke + 1); + if (Debug == true) + std::clog << "Got " << msg << " !" << std::endl; + Signers.push_back({msg, ""}); +} static void implodeVector(std::vector<std::string> const &vec, std::ostream &out, char const * const sep) { if (vec.empty()) @@ -253,7 +263,11 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, case Digest::State::Untrusted: // Treat them like an expired key: For that a message about expiry // is emitted, a VALIDSIG, but no GOODSIG. - Signers.Worthless.push_back(sig); + { + std::string note; + strprintf(note, "untrusted digest algorithm: %s", digest.name); + Signers.Worthless.push_back({sig, note}); + } Signers.Good.erase(std::remove_if(Signers.Good.begin(), Signers.Good.end(), [&](std::string const &goodsig) { return IsTheSameKey(sig, goodsig); }), Signers.Good.end()); if (Debug == true) @@ -285,7 +299,9 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, } fclose(pipein); free(buffer); - std::move(ErrSigners.begin(), ErrSigners.end(), std::back_inserter(Signers.Worthless)); + + for (auto errSigner : ErrSigners) + Signers.Worthless.push_back({errSigner, ""}); // apt-key has a --keyid parameter, but this requires gpg, so we call it without it // and instead check after the fact which keyids where used for verification @@ -381,7 +397,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, std::cerr << "\n Bad: "; implodeVector(Signers.Bad, std::cerr, ", "); std::cerr << "\n Worthless: "; - implodeVector(Signers.Worthless, std::cerr, ", "); + std::for_each(Signers.Worthless.begin(), Signers.Worthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; }); std::cerr << "\n SoonWorthless: "; std::for_each(Signers.SoonWorthless.begin(), Signers.SoonWorthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; }); std::cerr << "\n NoPubKey: "; @@ -549,8 +565,12 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm) if (!Signers.Worthless.empty()) { errmsg += _("The following signatures were invalid:\n"); - for (auto const &I : Signers.Worthless) - errmsg.append(I).append("\n"); + for (auto const &[key, reason] : Signers.Worthless) { + errmsg.append(key); + if (not reason.empty()) + errmsg.append(" (").append(reason).append(")"); + errmsg.append("\n"); + } } if (!Signers.NoPubKey.empty()) { |