diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2024-07-15 17:58:08 +0200 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2024-07-15 19:17:04 +0200 |
| commit | 04cb5104a018184fe1fac114cbc212a9395d6845 (patch) | |
| tree | cba9ec75821caa7abb709b9f203bb8f0037648b4 /methods | |
| parent | c51ea9f44e9742c88a252b86cb0260798b4b9f7b (diff) | |
gpgv: Add a LaterWorthless level, a SoonWorthless but at 'audit' level
Diffstat (limited to 'methods')
| -rw-r--r-- | methods/gpgv.cc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 20ef2861d..fc37b83dc 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -112,6 +112,7 @@ struct APT_HIDDEN SignersStorage { std::vector<Signer> Worthless; // a worthless signature is a expired or revoked one std::vector<Signer> SoonWorthless; + std::vector<Signer> LaterWorthless; std::vector<std::string> NoPubKey; std::vector<std::string> Valid; std::vector<std::string> SignedBy; @@ -420,6 +421,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, std::for_each(Signers.Worthless.begin(), Signers.Worthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; }); std::cerr << "\n SoonWorthless: "; std::for_each(Signers.SoonWorthless.begin(), Signers.SoonWorthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; }); + std::cerr << "\n LaterWorthless: "; + std::for_each(Signers.LaterWorthless.begin(), Signers.LaterWorthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; }); std::cerr << "\n NoPubKey: "; implodeVector(Signers.NoPubKey, std::cerr, ", "); std::cerr << "\n Signed-By: "; @@ -565,6 +568,13 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm) strprintf(msg, _("Signature by key %s uses weak algorithm (%s)"), Signer.key.c_str(), Signer.note.c_str()); Warning(std::move(msg)); } + for (auto const &Signer : Signers.LaterWorthless) + { + std::string msg; + // TRANSLATORS: The second %s is the reason and is untranslated for repository owners. + strprintf(msg, _("Signature by key %s uses weak algorithm (%s)"), Signer.key.c_str(), Signer.note.c_str()); + Audit(std::move(msg)); + } } if (Signers.Good.empty() || !Signers.Bad.empty() || !Signers.NoPubKey.empty()) |
