summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/acquire-item.cc8
-rw-r--r--apt-pkg/contrib/gpgv.cc20
-rw-r--r--apt-pkg/contrib/gpgv.h9
3 files changed, 33 insertions, 4 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 12524778e..69644883b 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1423,7 +1423,15 @@ string pkgAcqMetaBase::Custom600Headers() const
void pkgAcqMetaBase::QueueForSignatureVerify(pkgAcqTransactionItem * const I, std::string const &File, std::string const &Signature)
{
AuthPass = true;
+#ifdef SQV_EXECUTABLE
+ if (not _config->Find("APT::Key::GPGVCommand").empty() || not FileExists(SQV_EXECUTABLE))
+ I->Desc.URI = "gpgv:" + pkgAcquire::URIEncode(Signature);
+ else {
+ I->Desc.URI = "sqv:" + pkgAcquire::URIEncode(Signature);
+ }
+#else
I->Desc.URI = "gpgv:" + pkgAcquire::URIEncode(Signature);
+#endif
I->DestFile = File;
QueueURI(I->Desc);
I->SetActiveSubprocess("gpgv");
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index 7b0a0d240..48d31a44c 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -169,7 +169,7 @@ static bool CheckGPGV(std::unordered_map<std::string, std::forward_list<std::str
/// Verifies a file containing a detached signature has the right format
/// @return 0 if succesful, or an exit code for ExecGPGV otherwise.
-static int VerifyDetachedSignatureFile(std::string FileGPG, int fd[2], int statusfd = -1)
+static int VerifyDetachedSignatureFile(std::string const &FileGPG, int fd[2], int statusfd = -1)
{
auto detached = make_unique_FILE(FileGPG, "r");
if (detached.get() == nullptr)
@@ -211,10 +211,17 @@ static int VerifyDetachedSignatureFile(std::string FileGPG, int fd[2], int statu
}
}
}
- if (found_signatures == 0 && statusfd != -1)
+ if (found_signatures == 0)
{
- auto const errtag = "[GNUPG:] NODATA\n";
- FileFd::Write(fd[1], errtag, strlen(errtag));
+ if (statusfd != -1 && fd)
+ {
+ auto const errtag = "[GNUPG:] NODATA\n";
+ FileFd::Write(fd[1], errtag, strlen(errtag));
+ }
+ else
+ {
+ _error->Error("Signed file isn't valid, got 'NODATA' (does the network require authentication?)");
+ }
// guess if this is a binary signature, we never officially supported them,
// but silently accepted them via passing them unchecked to gpgv
if (found_badcontent)
@@ -247,6 +254,11 @@ static int VerifyDetachedSignatureFile(std::string FileGPG, int fd[2], int statu
return 0;
}
+bool VerifyDetachedSignatureFile(std::string const &DetachedSignatureFileName)
+{
+ return VerifyDetachedSignatureFile(DetachedSignatureFileName, nullptr, -1) == 0;
+}
+
std::pair<std::string, std::forward_list<std::string>> APT::Internal::FindGPGV(bool Debug)
{
static thread_local std::unordered_map<std::string, std::forward_list<std::string>> checkedCommands;
diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h
index d4520f3a2..0b84f6bb7 100644
--- a/apt-pkg/contrib/gpgv.h
+++ b/apt-pkg/contrib/gpgv.h
@@ -96,5 +96,14 @@ APT_PUBLIC bool SplitClearSignedFile(std::string const &InFile, FileFd * const C
*/
APT_PUBLIC bool OpenMaybeClearSignedFile(std::string const &ClearSignedFileName, FileFd &MessageFile);
+/** \brief verifiy a detached signature file for correctness.
+ *
+ * We want to expect unavoided content. This may set an error when returning false
+ * but it might not necessarily do so (in case of empty signature file).
+ *
+ * @return true if the detached signature files contains ASCII-armored signatures, otherwise false
+ */
+APT_PUBLIC bool VerifyDetachedSignatureFile(std::string const &DetachedSignatureFileName);
+
APT_PUBLIC bool IsAssertedPubKeyAlgo(std::string const &pkstr, std::string const &option);
#endif