summaryrefslogtreecommitdiffstats
path: root/methods
diff options
context:
space:
mode:
Diffstat (limited to 'methods')
-rw-r--r--methods/aptmethod.h12
-rw-r--r--methods/gpgv.cc21
2 files changed, 31 insertions, 2 deletions
diff --git a/methods/aptmethod.h b/methods/aptmethod.h
index 26b8c0b..1c24f3a 100644
--- a/methods/aptmethod.h
+++ b/methods/aptmethod.h
@@ -448,7 +448,7 @@ protected:
return true;
}
- void Warning(std::string &&msg)
+ void Message(std::string &&msg, std::string code)
{
std::unordered_map<std::string, std::string> fields;
if (Queue != 0)
@@ -458,7 +458,15 @@ protected:
if (not UsedMirror.empty())
fields.emplace("UsedMirror", UsedMirror);
fields.emplace("Message", std::move(msg));
- SendMessage("104 Warning", std::move(fields));
+ SendMessage(code, std::move(fields));
+ }
+ void Warning(std::string &&msg)
+ {
+ return Message(std::move(msg), "104 Warning");
+ }
+ void Audit(std::string &&msg)
+ {
+ return Message(std::move(msg), "105 Audit");
}
bool TransferModificationTimes(char const * const From, char const * const To, time_t &LastModified) APT_NONNULL(2, 3)
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 20ef286..4a08665 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -112,6 +112,7 @@ struct APT_HIDDEN SignersStorage {
std::vector<Signer> Worthless;
// a worthless signature is a expired or revoked one
std::vector<Signer> SoonWorthless;
+ std::vector<Signer> LaterWorthless;
std::vector<std::string> NoPubKey;
std::vector<std::string> Valid;
std::vector<std::string> SignedBy;
@@ -261,6 +262,17 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
{ return IsTheSameKey(fpr, goodsig); }),
Signers.Good.end());
}
+ else if (not IsAssertedPubKeyAlgo(pkstr, "APT::Key::Assert-Pubkey-Algo::Next"))
+ {
+ std::string reason;
+ Signers.SoonWorthless.push_back({fpr, pkstr});
+ }
+ else if (not IsAssertedPubKeyAlgo(pkstr, "APT::Key::Assert-Pubkey-Algo::Future"))
+ {
+ std::string reason;
+ strprintf(reason, _("%s will be deprecated in a future release"), pkstr.c_str());
+ Signers.LaterWorthless.push_back({fpr, reason});
+ }
}
else if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
PushEntryWithKeyID(Signers.Good, buffer, Debug);
@@ -420,6 +432,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
std::for_each(Signers.Worthless.begin(), Signers.Worthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; });
std::cerr << "\n SoonWorthless: ";
std::for_each(Signers.SoonWorthless.begin(), Signers.SoonWorthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; });
+ std::cerr << "\n LaterWorthless: ";
+ std::for_each(Signers.LaterWorthless.begin(), Signers.LaterWorthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; });
std::cerr << "\n NoPubKey: ";
implodeVector(Signers.NoPubKey, std::cerr, ", ");
std::cerr << "\n Signed-By: ";
@@ -565,6 +579,13 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
strprintf(msg, _("Signature by key %s uses weak algorithm (%s)"), Signer.key.c_str(), Signer.note.c_str());
Warning(std::move(msg));
}
+ for (auto const &Signer : Signers.LaterWorthless)
+ {
+ std::string msg;
+ // TRANSLATORS: The second %s is the reason and is untranslated for repository owners.
+ strprintf(msg, _("Signature by key %s uses weak algorithm (%s)"), Signer.key.c_str(), Signer.note.c_str());
+ Audit(std::move(msg));
+ }
}
if (Signers.Good.empty() || !Signers.Bad.empty() || !Signers.NoPubKey.empty())