From aba813975abb880f8b27d659147f7760c02f99e7 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Tue, 27 Jun 2023 19:14:43 +0200 Subject: update: Add notice about missing Signed-By in deb822 sources We want to gently steer users towards having Signed-By for each source such that we can retire a shared keyring across sources which improves resilience against configuration issues and incompetent malicious actors. --- apt-pkg/deb/debmetaindex.cc | 3 +++ 1 file changed, 3 insertions(+) (limited to 'apt-pkg/deb') diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index ef6bce261..744a5cab7 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -1397,6 +1397,9 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ Deb->SetSnapshot(GetSnapshotOption(Options, "snapshot")) == false) return false; + if (GetBoolOption(Options, "sourceslist-entry-is-deb822", false)) + Deb->SetFlag(metaIndex::Flag::DEB822); + std::map::const_iterator const signedby = Options.find("signed-by"); if (signedby == Options.end()) { -- cgit v1.2.3-70-g09d2