From 8be7a10b43804fc4ebef712892e45bba26647d1f Mon Sep 17 00:00:00 2001 From: Johannes Schauer Marin Rodrigues Date: Wed, 12 Mar 2025 23:55:05 +0100 Subject: apt-pkg/solver3.h: avoid static_assert(false) With older compilers (g++ and clang from Bookworm), static_assert(false) will result in: /home/josch/git/apt/build/include/apt-pkg/solver3.h:52:24: error: static assertion failed: Cannot construct map for key type 52 | static_assert(false, "Cannot construct map for key type"); | ^~~~~ This commit implements the terrible but more valid workaround according to: https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2022/p2593r0.html Original solution from here: https://stackoverflow.com/questions/14637356/static-assert-fails-compilation-even-though-template-function-is-called-nowhere/14637534#14637534 That way, apt will compile with compilers in Bookworm again. --- apt-pkg/solver3.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apt-pkg/solver3.h b/apt-pkg/solver3.h index 1bdc13559..c2d6e035e 100644 --- a/apt-pkg/solver3.h +++ b/apt-pkg/solver3.h @@ -19,6 +19,8 @@ #include #include +template struct always_false : std::false_type {}; + namespace APT { @@ -49,7 +51,7 @@ class ContiguousCacheMap else if constexpr (std::is_same_v) size = cache.Head().PackageCount; else - static_assert(false, "Cannot construct map for key type"); + static_assert(always_false::value, "Cannot construct map for key type"); data_ = new V[size]{}; } -- cgit v1.2.3-70-g09d2 From f866dac363c6a22fe1b35baddf126b39a405410e Mon Sep 17 00:00:00 2001 From: Johannes Schauer Marin Rodrigues Date: Wed, 12 Mar 2025 19:45:18 +0100 Subject: cmdline/apt-get.cc: emit Signed-By field and support $(SIGNED_BY) in apt-get indextargets --format --- cmdline/apt-get.cc | 2 ++ doc/acquire-additional-files.md | 9 ++++++--- test/integration/test-signed-by-option | 19 ++++++++++--------- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 2828ad68a..ae2356325 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -263,6 +263,8 @@ static bool DoIndexTargets(CommandLine &CmdL) if (ReleaseInfo) { AddOptions.insert(std::make_pair("TRUSTED", ((*S)->IsTrusted() ? "yes" : "no"))); + if (not (*S)->GetSignedBy().empty()) + AddOptions.insert(std::make_pair("SIGNED_BY", SubstVar(SubstVar(APT::String::Strip((*S)->GetSignedBy()), "\n\n", "\n.\n"), "\n", "\n "))); pkgCache::RlsFileIterator const RlsFile = (*S)->FindInCache(*Cache, false); if (RlsFile.end()) continue; diff --git a/doc/acquire-additional-files.md b/doc/acquire-additional-files.md index 5b0335bc2..5253e37de 100644 --- a/doc/acquire-additional-files.md +++ b/doc/acquire-additional-files.md @@ -214,7 +214,8 @@ information about all files downloaded (aka: you will see *Packages*, default output format as parameter to filter out all entries which do not have such a line. With `--format`, you can further more define your own output style. The variables are what you see in the output, just all -uppercase and wrapped in `$()`, as in the configuration file. +uppercase, hyphens replaced with underscores and wrapped in `$()`, as in +the configuration file. To get all the filenames of all *Translation-en* files you can e.g. call: @@ -235,8 +236,8 @@ creates and calling `GetIndexTargets()` on them. See the source code of Note that by default targets are not listed if they weren't downloaded. If you want to see all targets, you can use the `--no-release-info`, which -also removes the *Codename*, *Suite*, *Version*, *Origin*, *Label* and *Trusted* -fields from the output as these also display data which needs to be +also removes the *Codename*, *Suite*, *Version*, *Origin*, *Label*, *Trusted*, +and *Signed-By* fields from the output as these also display data which needs to be downloaded first and could hence be inaccurate [on the pro-side: This mode is faster as it doesn't require a valid binary cache to operate]. The most notable difference perhaps is in the *Filename* field through: By @@ -251,6 +252,8 @@ Remarks on fields only available in (default) `--release-info mode`: * `Trusted`: Denotes with a *yes* or *no* if the data in this file is authenticated by a trust chain rooted in a trusted gpg key. You should be careful with untrusted data and warn the user if you use it. +* `Signed-By`: The path to the OpenPGP keyring or an ASCII-armored embedded + OpenPGP certificate. The latter is DEB822-multi-line encoded. * `Codename`, `Suite`, `Version`, `Origin` and `Label` are fields from the *Release* file, are only present if they are present in the *Release* file and contain the same data. diff --git a/test/integration/test-signed-by-option b/test/integration/test-signed-by-option index e6a3fbb86..62081eb06 100755 --- a/test/integration/test-signed-by-option +++ b/test/integration/test-signed-by-option @@ -40,13 +40,7 @@ setupaptarchive --no-update rm -f rootdir/etc/apt/sources.list.d/* rootdir/etc/apt/sources.list rm -f rootdir/etc/apt/trusted.gpg.d/* rootdir/etc/apt/trusted.gpg -cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF -Types: deb -URIs: file://$PWD/aptarchive -Suites: stable -Components: main -xSigned-By: - -----BEGIN PGP PUBLIC KEY BLOCK----- +GPGKEYBLOCK='-----BEGIN PGP PUBLIC KEY BLOCK----- . mQENBExsGNYBCADNVx+TQ6h1tEyUP11f7ihfta3ZePkW1rIdkdHgA3Fw/TeLnTEq mWuhMw2pL4zy1vQhU8efNrRaNUrUS7kV3LIdSjd5K4Aizqtsdy/gLKFoTcO8LFIm @@ -63,15 +57,22 @@ xSigned-By: xNHhRHzEPTYZ4PCCyaRX4YRAwsEMFsscsghpQgqRDhGSWq+jUVI+Aay7FTnd+1UA 1snsGpB0o9qxx8JpGMXI =c/k4 - -----END PGP PUBLIC KEY BLOCK----- + -----END PGP PUBLIC KEY BLOCK-----' +cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF +Types: deb +URIs: file://$PWD/aptarchive +Suites: stable +Components: main +xSigned-By: + $GPGKEYBLOCK EOF testfailure apt update -o Debug::Acquire::gpgv=1 testsuccess grep -E "(NO_PUBKEY 5A90D141DBAC8DAE|no keyring is specified)" rootdir/tmp/testfailure.output sed -i s/^xSigned-By/Signed-By/ rootdir/etc/apt/sources.list.d/deb822.sources testsuccess apt update -o Debug::Acquire::gpgv=1 +testsuccessequal "$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')\n$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')" aptget indextargets --format '$(SIGNED_BY)' # make sure we did not leave leftover files (LP: #1995247) testsuccessequal "" ls "${TMPDIR}" - rm -f rootdir/etc/apt/sources.list.d/* msgtest 'Check that a repository with' 'only the fisrt entry has no Signed-By value works' -- cgit v1.2.3-70-g09d2