add apt-key support for armored GPG key files (*.asc)

[apt.git] / methods / gpgv.cc

diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 2fed53a39c2147f2ef14b657ef9ae764810fb6c1..a8887d70355973a9b81f04478f8b6550c1b93a2c 100644 (file)
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -39,6 +39,8 @@ using std::vector;
 #define GNUPGEXPSIG "[GNUPG:] EXPSIG"
 #define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG"
 #define GNUPGNODATA "[GNUPG:] NODATA"
+#define APTKEYWARNING "[APTKEY:] WARNING"
+#define APTKEYERROR "[APTKEY:] ERROR"
 
 struct Digest {
    enum class State {
@@ -238,6 +240,10 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
 
          ValidSigners.push_back(sig);
       }
+      else if (strncmp(buffer, APTKEYWARNING, sizeof(APTKEYWARNING)-1) == 0)
+         Warning("%s", buffer + sizeof(APTKEYWARNING));
+      else if (strncmp(buffer, APTKEYERROR, sizeof(APTKEYERROR)-1) == 0)
+        _error->Error("%s", buffer + sizeof(APTKEYERROR));
    }
    fclose(pipein);
    free(buffer);
@@ -255,16 +261,32 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
         if (std::find(ValidSigners.begin(), ValidSigners.end(), k) == ValidSigners.end())
            continue;
         // we look for GOODSIG here as well as an expired sig is a valid sig as well (but not a good one)
+        std::string const goodfingerprint = "GOODSIG " + k;
         std::string const goodlongkeyid = "GOODSIG " + k.substr(24, 16);
-        foundGood = std::find(GoodSigners.begin(), GoodSigners.end(), goodlongkeyid) != GoodSigners.end();
+        foundGood = std::find(GoodSigners.begin(), GoodSigners.end(), goodfingerprint) != GoodSigners.end();
         if (Debug == true)
-           std::clog << "Key " << k << " is valid sig, is " << goodlongkeyid << " also a good one? " << (foundGood ? "yes" : "no") << std::endl;
+           std::clog << "Key " << k << " is valid sig, is " << goodfingerprint << " also a good one? " << (foundGood ? "yes" : "no") << std::endl;
+        std::string goodsig;
+        if (foundGood == false)
+        {
+           foundGood = std::find(GoodSigners.begin(), GoodSigners.end(), goodlongkeyid) != GoodSigners.end();
+           if (Debug == true)
+              std::clog << "Key " << k << " is valid sig, is " << goodlongkeyid << " also a good one? " << (foundGood ? "yes" : "no") << std::endl;
+           goodsig = goodlongkeyid;
+        }
+        else
+           goodsig = goodfingerprint;
         if (foundGood == false)
            continue;
         std::copy(GoodSigners.begin(), GoodSigners.end(), std::back_insert_iterator<std::vector<std::string> >(NoPubKeySigners));
         GoodSigners.clear();
-        GoodSigners.push_back(goodlongkeyid);
-        NoPubKeySigners.erase(std::remove(NoPubKeySigners.begin(), NoPubKeySigners.end(), goodlongkeyid), NoPubKeySigners.end());
+        GoodSigners.push_back(goodsig);
+        NoPubKeySigners.erase(
+           std::remove(NoPubKeySigners.begin(),
+              std::remove(NoPubKeySigners.begin(), NoPubKeySigners.end(), goodfingerprint),
+              goodlongkeyid),
+           NoPubKeySigners.end()
+        );
         break;
       }
       if (foundGood == false)
@@ -353,9 +375,11 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
    URIStart(Res);
 
    // Run apt-key on file, extract contents and get the key ID of the signer
-   string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), key,
+   string const msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), key,
                                  GoodSigners, BadSigners, WorthlessSigners,
                                  SoonWorthlessSigners, NoPubKeySigners);
+   if (_error->PendingError())
+      return false;
 
    // Check if all good signers are soon worthless and warn in that case
    if (std::all_of(GoodSigners.begin(), GoodSigners.end(), [&](std::string const &good) {