summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib/gpgv.h
Commit message (Collapse)AuthorAgeFilesLines
* implement Signed-By option for sources.listDavid Kalnischkies2015-08-101-1/+4
| | | | | | | | | | Limits which key(s) can be used to sign a repository. Not immensely useful from a security perspective all by itself, but if the user has additional measures in place to confine a repository (like pinning) an attacker who gets the key for such a repository is limited to its potential and can't use the key to sign its attacks for an other (maybe less limited) repository… (yes, this is as weak as it sounds, but having the capability might come in handy for implementing other stuff later).
* follow method attribute suggestions by gccDavid Kalnischkies2014-03-131-1/+1
| | | | | Git-Dch: Ignore Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
* cleanup headers and especially #includes everywhereDavid Kalnischkies2014-03-131-8/+6
| | | | | | | | Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
* warning: extra ‘;’ [-Wpedantic]David Kalnischkies2014-03-131-1/+1
| | | | | Git-Dch: Ignore Reported-By: gcc -Wpedantic
* Fix typos in documentation (codespell)Michael Vogt2014-02-221-1/+1
|
* trigger NODATA error for invalid InRelease filesDavid Kalnischkies2013-06-201-3/+12
| | | | | | | | | | | | | | | | | With the selfgrown splitting we got the problem of not recovering from networks which just reply with invalid data like those sending us login pages to authenticate with the network (e.g. hotels) back. The good thing about the InRelease file is that we know that it must be clearsigned (a Release file might or might not have a detached sig) so if we get a file but are unable to split it something is seriously wrong, so there is not much point in trying further. The Acquire system already looks out for a NODATA error from gpgv, so this adds a new error message sent to the acquire system in case the splitting we do now ourselves failed including this magic word. Closes: #712486
* support dash-escaped text in clearsigned files as implementations areDavid Kalnischkies2013-03-191-3/+0
| | | | | | | | free to escape all lines (we have no lines in our files which need to be escaped as these would be invalid fieldnames) and while ExecGPGV would detect dash-escaped text as invalid (as its not expected in messages with detached signatures) it would be possible to "comment" lines in (signed) dsc files which are only parsed but not verified
* use FileFd instead of int fds to tidy up the interface a bitDavid Kalnischkies2013-03-191-6/+6
|
* * apt-pkg/deb/debindexfile.cc,David Kalnischkies2013-03-181-14/+0
| | | | | | | | | | | apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files We can't write a "clean" file to disk as not all acquire methods copy Release files before checking them (e.g. cdrom), so this reverts recombining, but uses the method we use for dsc files also in the two places we deal with Release files
* - add method to open (maybe) clearsigned files transparentlyDavid Kalnischkies2013-03-181-0/+22
| | | | | * ftparchive/writer.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc files
* - if ExecGPGV deals with a clear-signed file it will split this fileDavid Kalnischkies2013-03-151-1/+40
| | | | | | | | into data and signatures, pass it to gpgv for verification and recombines it after that in a known-good way without unsigned blocks and whitespaces resulting usually in more or less the same file as before, but later code can be sure about the format * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default
* * apt-pkg/contrib/gpgv.cc:David Kalnischkies2013-03-151-6/+20
| | | | - ExecGPGV is a method which should never return, so mark it as such and fix the inconsistency of returning in error cases
* * apt-pkg/indexcopy.cc:David Kalnischkies2013-03-151-0/+24
- rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc