summaryrefslogtreecommitdiffstats
path: root/apt-pkg
diff options
context:
space:
mode:
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/acquire-worker.cc5
-rw-r--r--apt-pkg/contrib/gpgv.cc32
-rw-r--r--apt-pkg/contrib/gpgv.h1
-rw-r--r--apt-pkg/init.cc4
-rw-r--r--apt-pkg/solver3.cc12
-rw-r--r--apt-pkg/solver3.h10
6 files changed, 57 insertions, 7 deletions
diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc
index 4f247cf..696a3e0 100644
--- a/apt-pkg/acquire-worker.cc
+++ b/apt-pkg/acquire-worker.cc
@@ -200,6 +200,7 @@ enum class APT_HIDDEN MessageType
STATUS = 102,
REDIRECT = 103,
WARNING = 104,
+ AUDIT = 105,
URI_START = 200,
URI_DONE = 201,
AUX_REQUEST = 351,
@@ -388,6 +389,10 @@ bool pkgAcquire::Worker::RunMessages()
_error->Warning("%s: %s", Itm ? Itm->Owner ? Itm->Owner->DescURI().c_str() : Access.c_str() : Access.c_str(), LookupTag(Message, "Message").c_str());
break;
+ case MessageType::AUDIT:
+ _error->Audit("%s: %s", Itm ? Itm->Owner ? Itm->Owner->DescURI().c_str() : Access.c_str() : Access.c_str(), LookupTag(Message, "Message").c_str());
+ break;
+
case MessageType::URI_START:
{
if (Itm == nullptr)
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index 2fa5b0c..225acae 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -566,3 +566,35 @@ bool OpenMaybeClearSignedFile(std::string const &ClearSignedFileName, FileFd &Me
return not MessageFile.Failed();
}
/*}}}*/
+bool IsAssertedPubKeyAlgo(std::string const &pkstr, std::string const &option) /*{{{*/
+{
+ auto fullAss = APT::String::Startswith(option, "APT::Key") ? _config->Find(option) : option;
+ for (auto &ass : VectorizeString(fullAss, ','))
+ {
+ if (ass == pkstr)
+ return true;
+ // We only implement >= for rsa
+ if (APT::String::Startswith(ass, ">=rsa"))
+ {
+ if (not APT::String::Startswith(pkstr, "rsa"))
+ continue;
+ if (not std::all_of(ass.begin() + 5, ass.end(), isdigit))
+ return _error->Error("Unrecognized public key specification '%s' in option %s: expect only digits after >=rsa", ass.c_str(), option.c_str());
+
+ int assBits = std::stoi(ass.substr(5));
+ int pkBits = std::stoi(pkstr.substr(3));
+
+ if (pkBits >= assBits)
+ return true;
+
+ continue;
+ }
+ if (ass.empty())
+ return _error->Error("Empty item in public key assertion string option %s", option.c_str());
+ if (not std::all_of(ass.begin(), ass.end(), [](char c)
+ { return isalpha(c) || isdigit(c); }))
+ return _error->Error("Unrecognized public key specification '%s' in option %s", ass.c_str(), option.c_str());
+ }
+ return false;
+}
+ /*}}}*/
diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h
index 1cabed4..1f3ef26 100644
--- a/apt-pkg/contrib/gpgv.h
+++ b/apt-pkg/contrib/gpgv.h
@@ -86,4 +86,5 @@ APT_PUBLIC bool SplitClearSignedFile(std::string const &InFile, FileFd * const C
*/
APT_PUBLIC bool OpenMaybeClearSignedFile(std::string const &ClearSignedFileName, FileFd &MessageFile);
+APT_PUBLIC bool IsAssertedPubKeyAlgo(std::string const &pkstr, std::string const &option);
#endif
diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc
index 487f94f..d71d954 100644
--- a/apt-pkg/init.cc
+++ b/apt-pkg/init.cc
@@ -131,7 +131,9 @@ bool pkgInitConfig(Configuration &Cnf)
Cnf.Set("APT::Build-Essential::", "build-essential");
Cnf.CndSet("APT::Install-Recommends", true);
Cnf.CndSet("APT::Install-Suggests", false);
- Cnf.CndSet("APT::Key::Assert-Pubkey-Algo", ">=rsa2048,ed25519,ed448");
+ Cnf.CndSet("APT::Key::Assert-Pubkey-Algo", ">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1");
+ Cnf.CndSet("APT::Key::Assert-Pubkey-Algo::Next", ">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512");
+ Cnf.CndSet("APT::Key::Assert-Pubkey-Algo::Future", ">=rsa3072,ed25519,ed448");
Cnf.CndSet("Dir","/");
// State
diff --git a/apt-pkg/solver3.cc b/apt-pkg/solver3.cc
index 67aa68d..0aec1ec 100644
--- a/apt-pkg/solver3.cc
+++ b/apt-pkg/solver3.cc
@@ -202,10 +202,10 @@ void APT::Solver::Work::Dump(pkgCache &cache)
if (optional)
std::cerr << "Optional ";
std::cerr << "Item (" << ssize_t(size <= solutions.size() ? size : -1) << "@" << depth << (upgrade ? "u" : "") << ") ";
- if (auto Pkg = reason.Pkg(); Pkg != 0)
- std::cerr << pkgCache::PkgIterator(cache, cache.PkgP + Pkg).FullName();
- if (auto Ver = reason.Ver(); Ver != 0)
- std::cerr << pkgCache::VerIterator(cache, cache.VerP + Ver).ParentPkg().FullName() << "=" << pkgCache::VerIterator(cache, cache.VerP + Ver).VerStr();
+ if (auto Pkg = reason.Pkg(cache); not Pkg.end())
+ std::cerr << Pkg.FullName();
+ if (auto Ver = reason.Ver(cache); not Ver.end())
+ std::cerr << Ver.ParentPkg().FullName() << "=" << Ver.VerStr();
std::cerr << " -> ";
for (auto sol : solutions)
{
@@ -221,7 +221,7 @@ std::string APT::Solver::WhyStr(Reason reason)
while (not reason.empty())
{
- if (auto Pkg = pkgCache::PkgIterator(cache, cache.PkgP + reason.Pkg()); not Pkg.end())
+ if (auto Pkg = reason.Pkg(cache); not Pkg.end())
{
if ((*this)[Pkg].decision == Decision::MUSTNOT)
out.push_back(std::string("not ") + Pkg.FullName());
@@ -229,7 +229,7 @@ std::string APT::Solver::WhyStr(Reason reason)
out.push_back(Pkg.FullName());
reason = (*this)[Pkg].reason;
}
- if (auto Ver = pkgCache::VerIterator(cache, cache.VerP + reason.Ver()); not Ver.end())
+ if (auto Ver = reason.Ver(cache); not Ver.end())
{
if ((*this)[Ver].decision == Decision::MUSTNOT)
out.push_back(std::string("not ") + Ver.ParentPkg().FullName() + "=" + Ver.VerStr());
diff --git a/apt-pkg/solver3.h b/apt-pkg/solver3.h
index d460c95..96faaa6 100644
--- a/apt-pkg/solver3.h
+++ b/apt-pkg/solver3.h
@@ -219,6 +219,16 @@ struct APT::Solver::Reason
{
return IsVersion ? map_pointer<pkgCache::Version>{(uint32_t)MapPtr} : 0;
}
+ // \brief Return the package iterator if storing a package, or an empty one
+ pkgCache::PkgIterator Pkg(pkgCache &cache) const
+ {
+ return IsVersion ? pkgCache::PkgIterator() : pkgCache::PkgIterator(cache, cache.PkgP + Pkg());
+ }
+ // \brief Return the version iterator if storing a package, or an empty end.
+ pkgCache::VerIterator Ver(pkgCache &cache) const
+ {
+ return IsVersion ? pkgCache::VerIterator(cache, cache.VerP + Ver()) : pkgCache::VerIterator();
+ }
// \brief Check if there is no reason.
bool empty() const
{