From c4e57e200ae40db5e9ada6ec0933b53d249e4a97 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 20 Jan 2025 11:57:33 +0100 Subject: Warn about missing Signed-By in .list format Warn about the missing field there and suggest the transition to deb822 .sources files if we found any non-deb822 source without signed-by. --- apt-private/private-update.cc | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'apt-private/private-update.cc') diff --git a/apt-private/private-update.cc b/apt-private/private-update.cc index 694480a96..d5faf5d2f 100644 --- a/apt-private/private-update.cc +++ b/apt-private/private-update.cc @@ -106,15 +106,23 @@ bool DoUpdate() if (_config->FindB("APT::Get::Update::SourceListWarnings::SignedBy", SLWarnings)) { + bool allDeb822 = true; for (auto *S : *List) { - if (not S->HasFlag(metaIndex::Flag::DEB822) || not S->GetSignedBy().empty()) + if (not S->GetSignedBy().empty()) continue; URI uri(S->GetURI()); // TRANSLATOR: the first is manpage reference, the last the URI from a sources.list _error->Notice(_("Missing Signed-By in the %s entry for '%s'"), "sources.list(5)", URI::ArchiveOnly(uri).c_str()); + allDeb822 &= S->HasFlag(metaIndex::Flag::DEB822); + } + if (not allDeb822) + { + _error->Notice(_("Consider migrating all sources.list(5) entries to the deb822 .sources format")); + _error->Notice(_("The deb822 .sources format supports both embedded as well as external OpenPGP keys")); + _error->Notice(_("See apt-secure(7) for best practices in configuring repository signing.")); } } -- cgit v1.2.3-70-g09d2