summaryrefslogtreecommitdiff
path: root/methods
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2024-07-15 19:13:58 +0200
committerJulian Andres Klode <julian.klode@canonical.com>2024-07-15 19:17:55 +0200
commit47deb766c0a11c54d122197531279677545459af (patch)
tree8c4209613689b1faa69c0f61f4eb6e5801522935 /methods
parent29dd6c45bc2579d012ac78ba3100a2485c78ff1d (diff)
Only revoke weak RSA keys for now, add 'next' and 'future' levels
Algorithms not in the next level give a warning, algorithms in not in the future level introduce an audit message for the --audit flag. next: >=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512 future: >=rsa3072,ed25519,ed448 LP: #2073126
Diffstat (limited to 'methods')
-rw-r--r--methods/gpgv.cc11
1 files changed, 11 insertions, 0 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index fc37b83dc..4a0866555 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -262,6 +262,17 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
{ return IsTheSameKey(fpr, goodsig); }),
Signers.Good.end());
}
+ else if (not IsAssertedPubKeyAlgo(pkstr, "APT::Key::Assert-Pubkey-Algo::Next"))
+ {
+ std::string reason;
+ Signers.SoonWorthless.push_back({fpr, pkstr});
+ }
+ else if (not IsAssertedPubKeyAlgo(pkstr, "APT::Key::Assert-Pubkey-Algo::Future"))
+ {
+ std::string reason;
+ strprintf(reason, _("%s will be deprecated in a future release"), pkstr.c_str());
+ Signers.LaterWorthless.push_back({fpr, reason});
+ }
}
else if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
PushEntryWithKeyID(Signers.Good, buffer, Debug);