2 files changed, 23 insertions, 4 deletions

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index eb8053feb..a4a6bc4a3 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1912,7 +1912,7 @@ string pkgAcqMetaClearSig::Custom600Headers() const
    Header += "\nFail-Ignore: true";
    std::string const key = TransactionManager->MetaIndexParser->GetSignedBy();
    if (key.empty() == false)
-      Header += "\nSigned-By: " + key;
+      Header += "\nSigned-By: " + QuoteString(key, "");
 
    return Header;
 }
@@ -2168,7 +2168,7 @@ std::string pkgAcqMetaSig::Custom600Headers() const
    std::string Header = pkgAcqTransactionItem::Custom600Headers();
    std::string const key = TransactionManager->MetaIndexParser->GetSignedBy();
    if (key.empty() == false)
-      Header += "\nSigned-By: " + key;
+      Header += "\nSigned-By: " + QuoteString(key, "");
    return Header;
 }
 									/*}}}*/
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index d78cea758..88a55a477 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -54,8 +54,27 @@ static std::string transformFingergrpintsWithFilenames(std::string const &finger
    return transformFingergrpints(finger);
 }
 									/*}}}*/
-static std::string NormalizeSignedBy(std::string SignedBy, bool const SupportFilenames) /*{{{*/
+// Introducer is set if additional keys may be introduced, for example	/*{{{*/
+// by setting it to a filename or a complete key
+static std::string NormalizeSignedBy(std::string SignedBy, bool const Introducer)
 {
+   // This is an embedded public pgp key, normalize spaces inside it and empty "." lines
+   if (Introducer && SignedBy.find("-----BEGIN PGP PUBLIC KEY BLOCK-----") != std::string::npos) {
+      std::istringstream is(SignedBy);
+      std::ostringstream os;
+      std::string line;
+
+      while (std::getline(is, line)) {
+	 line = APT::String::Strip(line);
+	 // The special encoding for empty lines in deb822
+	 if (line == ".")
+	    line="";
+	 os << line << std::endl;
+      }
+      std::clog << "OUTPUT " << os.str() << std::endl;
+      return os.str();
+   }
+
    // we could go all fancy and allow short/long/string matches as gpgv/apt-key does,
    // but fingerprints are harder to fake than the others and this option is set once,
    // not interactively all the time so easy to type is not really a concern.
@@ -67,7 +86,7 @@ static std::string NormalizeSignedBy(std::string SignedBy, bool const SupportFil
    fingers.erase(std::remove_if(fingers.begin(), fingers.end(), isAnEmptyString), fingers.end());
    if (unlikely(fingers.empty()))
       return "";
-   if (SupportFilenames)
+   if (Introducer)
       std::transform(fingers.begin(), fingers.end(), fingers.begin(), transformFingergrpintsWithFilenames);
    else
       std::transform(fingers.begin(), fingers.end(), fingers.begin(), transformFingergrpints);