diff options
| -rw-r--r-- | apt-pkg/acquire-item.cc | 22 | ||||
| -rw-r--r-- | apt-pkg/acquire-item.h | 5 | ||||
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rw-r--r-- | methods/gpgv.cc | 6 |
4 files changed, 29 insertions, 7 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index b9fc74456..11a449e91 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -554,7 +554,7 @@ void pkgAcqMetaIndex::AuthDone(string Message) return; } - if (!VerifyVendor()) + if (!VerifyVendor(Message)) { return; } @@ -612,7 +612,7 @@ void pkgAcqMetaIndex::QueueIndexes(bool verify) } } -bool pkgAcqMetaIndex::VerifyVendor() +bool pkgAcqMetaIndex::VerifyVendor(string Message) { // // Maybe this should be made available from above so we don't have // // to read and parse it every time? @@ -637,6 +637,22 @@ bool pkgAcqMetaIndex::VerifyVendor() // break; // } // } + string::size_type pos; + + // check for missing sigs (that where not fatal because otherwise we had + // bombed earlier) + string missingkeys; + string msg = _("There was no public key available for the " + "following key IDs:\n"); + pos = Message.find("NO_PUBKEY "); + if (pos != std::string::npos) + { + string::size_type start = pos+strlen("NO_PUBKEY "); + string Fingerprint = Message.substr(start, Message.find("\n")-start); + missingkeys += (Fingerprint); + } + if(!missingkeys.empty()) + _error->Warning("%s", string(msg+missingkeys).c_str()); string Transformed = MetaIndexParser->GetExpectedDist(); @@ -645,7 +661,7 @@ bool pkgAcqMetaIndex::VerifyVendor() Transformed = "experimental"; } - string::size_type pos = Transformed.rfind('/'); + pos = Transformed.rfind('/'); if (pos != string::npos) { Transformed = Transformed.substr(0, pos); diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index e6fc7fc47..da1bea801 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -151,9 +151,10 @@ class pkgAcqMetaIndex : public pkgAcquire::Item const vector<struct IndexTarget*>* IndexTargets; indexRecords* MetaIndexParser; bool AuthPass; - bool IMSHit; // required to fail gracefully on failures + // required to deal gracefully with problems caused by incorrect ims hits + bool IMSHit; - bool VerifyVendor(); + bool VerifyVendor(string Message); void RetrievalDone(string Message); void AuthDone(string Message); void QueueIndexes(bool verify); diff --git a/debian/changelog b/debian/changelog index 5c1b1347e..8bcb42566 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,8 +16,9 @@ apt (0.6.43.1) unstable; urgency=low (closes: #79277) * share/debian-archive.gpg: new 2006 ftp-archive signing key added * redownload the Release file if IMS-Hit and gpg failure + * deal with multiple signatures - -- + -- Michael Vogt <mvo@debian.org> Thu, 5 Jan 2006 23:47:40 +0100 apt (0.6.43) unstable; urgency=medium diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 5cb154f66..a114ad797 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -247,7 +247,11 @@ bool GPGVMethod::Fetch(FetchItem *Itm) errmsg += (*I + "\n"); } } - return _error->Error(errmsg.c_str()); + // this is only fatal if we have no good sigs or if we have at + // least one bad signature. good signatures and NoPubKey signatures + // happen easily when a file is signed with multiple signatures + if(GoodSigners.empty() or !BadSigners.empty()) + return _error->Error(errmsg.c_str()); } // Transfer the modification times |