diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2021-06-09 13:22:38 +0200 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2021-10-18 16:12:54 +0200 |
| commit | 3f07f5345ec79702c3c769047452041b2c12953f (patch) | |
| tree | 4fcf77cec69916e6a1c4ac4553d6eb5efe5d525f /methods | |
| parent | c8e5008794f07afa1e9c139249c682eb5745fc25 (diff) | |
Add support for embedding PGP keys into Signed-By in deb822 sources
Extend the Signed-By field to handle embedded public key blocks,
this allows shipping self-contained .sources files, making it
substantially easier to provide third party repositories.
Diffstat (limited to 'methods')
| -rw-r--r-- | methods/gpgv.cc | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc index a9da456ec..594e8781a 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -416,6 +416,14 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, return _("Unknown error executing apt-key"); } +static std::string GenerateKeyFile(std::string const key) +{ + FileFd fd; + GetTempFile("apt-key.XXXXXX.asc", false, &fd); + fd.Write(key.data(), key.size()); + return fd.Name(); +} + bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm) { URI const Get(Itm->Uri); @@ -423,11 +431,27 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm) SignersStorage Signers; std::vector<std::string> keyFpts, keyFiles; - for (auto &&key : VectorizeString(LookupTag(Message, "Signed-By"), ',')) - if (key.empty() == false && key[0] == '/') - keyFiles.emplace_back(std::move(key)); - else - keyFpts.emplace_back(std::move(key)); + struct TemporaryFile + { + std::string name = ""; + ~TemporaryFile() { if (0) RemoveFile("~TemporaryFile", name); } + } tmpKey; + + std::string SignedBy = DeQuoteString(LookupTag(Message, "Signed-By")); + + if (SignedBy.find("-----BEGIN PGP PUBLIC KEY BLOCK-----") != std::string::npos) + { + tmpKey.name = GenerateKeyFile(SignedBy); + keyFiles.emplace_back(tmpKey.name); + } + else + { + for (auto &&key : VectorizeString(SignedBy, ',')) + if (key.empty() == false && key[0] == '/') + keyFiles.emplace_back(std::move(key)); + else + keyFpts.emplace_back(std::move(key)); + } // Run apt-key on file, extract contents and get the key ID of the signer string const msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), keyFpts, keyFiles, Signers); |