From e14417db27771ad85f45880974c8f59f05d138f1 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 20 Jan 2025 12:31:55 +0100 Subject: Remove superseded warning about trusted.gpg fallback This warning has been superseded by the missing sources.list notice (which will also become a warning shortly) Adjust the sqv exit to avoid introducing a new spurious "No good signature" that we did not reach before. moo --- methods/gpgv.cc | 49 +------------------------------------------------ 1 file changed, 1 insertion(+), 48 deletions(-) (limited to 'methods/gpgv.cc') diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 1a6356dee..ecdbe5898 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -121,10 +121,6 @@ class GPGVMethod : public aptMethod vector const &keyFpts, vector const &keyFiles, SignersStorage &Signers); - string VerifyGetSignersWithLegacy(const char *file, const char *outfile, - vector const &keyFpts, - vector const &keyFiles, - SignersStorage &Signers); protected: bool URIAcquire(std::string const &Message, FetchItem *Itm) override; @@ -482,49 +478,6 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, else return _("Unknown error executing gpgv"); } -string GPGVMethod::VerifyGetSignersWithLegacy(const char *file, const char *outfile, - vector const &keyFpts, - vector const &keyFiles, - SignersStorage &Signers) -{ - string const msg = VerifyGetSigners(file, outfile, keyFpts, keyFiles, Signers); - if (_error->PendingError()) - return msg; - - // Bad signature always remains bad, no need to retry against trusted.gpg - if (!Signers.Bad.empty()) - return msg; - - // We do not have a key file pinned, did not find a good signature, but found - // missing keys - let's retry with trusted.gpg - if (keyFiles.empty() && Signers.Valid.empty() && !Signers.NoPubKey.empty()) - { - std::vector legacyKeyFiles{_config->FindFile("Dir::Etc::trusted")}; - if (legacyKeyFiles[0].empty()) - return msg; - if (DebugEnabled()) - std::clog << "Retrying against " << legacyKeyFiles[0] << "\n"; - - SignersStorage legacySigners; - - string const legacyMsg = VerifyGetSigners(file, outfile, keyFpts, legacyKeyFiles, legacySigners); - if (_error->PendingError()) - return legacyMsg; - // Hooray, we found a key apparently, something verified as good or bad - if (!legacySigners.Valid.empty() || !legacySigners.Bad.empty()) - { - std::string warning; - strprintf(warning, - _("Key is stored in legacy trusted.gpg keyring (%s). Use Signed-By instead. See the USER CONFIGURATION section in apt-secure(8) for details."), - legacyKeyFiles[0].c_str()); - Warning(std::move(warning)); - Signers = std::move(legacySigners); - return legacyMsg; - } - - } - return msg; -} static std::string GenerateKeyFile(std::string const key) { FileFd fd; @@ -563,7 +516,7 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm) } // Run gpgv on file, extract contents and get the key ID of the signer - string const msg = VerifyGetSignersWithLegacy(Path.c_str(), Itm->DestFile.c_str(), keyFpts, keyFiles, Signers); + string const msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), keyFpts, keyFiles, Signers); if (_error->PendingError()) return false; -- cgit v1.2.3-70-g09d2