merged from lp:~mvo/apt/mvo

[apt.git] / methods / gpgv.cc
diff --git a/methods/gpgv.cc b/methods/gpgv.cc

index 01b2408561b5946e15df3142638158a44e350422..150c1d315ebe33ee530150a20e8a72c1c6b2bf16 100644 (file)
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -17,13 +17,18 @@
  #define GNUPGBADSIG "[GNUPG:] BADSIG"
  #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
  #define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
  #define GNUPGBADSIG "[GNUPG:] BADSIG"
  #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
  #define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
+#define GNUPGGOODSIG "[GNUPG:] GOODSIG"
+#define GNUPGKEYEXPIRED "[GNUPG:] KEYEXPIRED"
+#define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG"
  #define GNUPGNODATA "[GNUPG:] NODATA"
  
  class GPGVMethod : public pkgAcqMethod
  {
     private:
     string VerifyGetSigners(const char *file, const char *outfile,
  #define GNUPGNODATA "[GNUPG:] NODATA"
  
  class GPGVMethod : public pkgAcqMethod
  {
     private:
     string VerifyGetSigners(const char *file, const char *outfile,
-                               vector<string> &GoodSigners, vector<string> &BadSigners,
+                               vector<string> &GoodSigners, 
+                                vector<string> &BadSigners,
+                                vector<string> &WorthlessSigners,
                                 vector<string> &NoPubKeySigners);
     
     protected:
                                 vector<string> &NoPubKeySigners);
     
     protected:
@@ -37,6 +42,7 @@ class GPGVMethod : public pkgAcqMethod
  string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
                                          vector<string> &GoodSigners,
                                          vector<string> &BadSigners,
  string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
                                          vector<string> &GoodSigners,
                                          vector<string> &BadSigners,
+                                        vector<string> &WorthlessSigners,
                                          vector<string> &NoPubKeySigners)
  {
     // setup a (empty) stringstream for formating the return value
                                          vector<string> &NoPubKeySigners)
  {
     // setup a (empty) stringstream for formating the return value
@@ -83,6 +89,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
        Args[i++] = gpgvpath.c_str();
        Args[i++] = "--status-fd";
        Args[i++] = "3";
        Args[i++] = gpgvpath.c_str();
        Args[i++] = "--status-fd";
        Args[i++] = "3";
+      Args[i++] = "--ignore-time-conflict";
        Args[i++] = "--keyring";
        Args[i++] = pubringpath.c_str();
  
        Args[i++] = "--keyring";
        Args[i++] = pubringpath.c_str();
  
@@ -178,15 +185,27 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
              std::cerr << "Got NODATA! " << std::endl;
           BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
        }
              std::cerr << "Got NODATA! " << std::endl;
           BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
        }
-      if (strncmp(buffer, GNUPGVALIDSIG, sizeof(GNUPGVALIDSIG)-1) == 0)
+      if (strncmp(buffer, GNUPGKEYEXPIRED, sizeof(GNUPGKEYEXPIRED)-1) == 0)
+      {
+         if (_config->FindB("Debug::Acquire::gpgv", false))
+            std::cerr << "Got KEYEXPIRED! " << std::endl;
+         WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
+      }
+      if (strncmp(buffer, GNUPGREVKEYSIG, sizeof(GNUPGREVKEYSIG)-1) == 0)
+      {
+         if (_config->FindB("Debug::Acquire::gpgv", false))
+            std::cerr << "Got REVKEYSIG! " << std::endl;
+         WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
+      }
+      if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
        {
           char *sig = buffer + sizeof(GNUPGPREFIX);
        {
           char *sig = buffer + sizeof(GNUPGPREFIX);
-         char *p = sig + sizeof("VALIDSIG");
+         char *p = sig + sizeof("GOODSIG");
           while (*p && isxdigit(*p)) 
              p++;
           *p = 0;
           if (_config->FindB("Debug::Acquire::gpgv", false))
           while (*p && isxdigit(*p)) 
              p++;
           *p = 0;
           if (_config->FindB("Debug::Acquire::gpgv", false))
-            std::cerr << "Got VALIDSIG, key ID:" << sig << std::endl;
+            std::cerr << "Got GOODSIG, key ID:" << sig << std::endl;
           GoodSigners.push_back(string(sig));
        }
     }
           GoodSigners.push_back(string(sig));
        }
     }
@@ -210,7 +229,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
     }
     else if (WEXITSTATUS(status) == 111)
     {
     }
     else if (WEXITSTATUS(status) == 111)
     {
-      ioprintf(ret, _("Could not execute '%s' to verify signature (is gnupg installed?)"), gpgvpath.c_str());
+      ioprintf(ret, _("Could not execute '%s' to verify signature (is gpgv installed?)"), gpgvpath.c_str());
        return ret.str();
     }
     else
        return ret.str();
     }
     else
@@ -226,6 +245,8 @@ bool GPGVMethod::Fetch(FetchItem *Itm)
     string keyID;
     vector<string> GoodSigners;
     vector<string> BadSigners;
     string keyID;
     vector<string> GoodSigners;
     vector<string> BadSigners;
+   // a worthless signature is a expired or revoked one
+   vector<string> WorthlessSigners;
     vector<string> NoPubKeySigners;
     
     FetchResult Res;
     vector<string> NoPubKeySigners;
     
     FetchResult Res;
@@ -234,13 +255,14 @@ bool GPGVMethod::Fetch(FetchItem *Itm)
  
     // Run gpgv on file, extract contents and get the key ID of the signer
     string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(),
  
     // Run gpgv on file, extract contents and get the key ID of the signer
     string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(),
-                             GoodSigners, BadSigners, NoPubKeySigners);
+                                 GoodSigners, BadSigners, WorthlessSigners,
+                                 NoPubKeySigners);
     if (GoodSigners.empty() || !BadSigners.empty() || !NoPubKeySigners.empty())
     {
        string errmsg;
        // In this case, something bad probably happened, so we just go
        // with what the other method gave us for an error message.
     if (GoodSigners.empty() || !BadSigners.empty() || !NoPubKeySigners.empty())
     {
        string errmsg;
        // In this case, something bad probably happened, so we just go
        // with what the other method gave us for an error message.
-      if (BadSigners.empty() && NoPubKeySigners.empty())
+      if (BadSigners.empty() && WorthlessSigners.empty() && NoPubKeySigners.empty())
           errmsg = msg;
        else
        {
           errmsg = msg;
        else
        {
@@ -251,6 +273,13 @@ bool GPGVMethod::Fetch(FetchItem *Itm)
                  I != BadSigners.end(); I++)
                 errmsg += (*I + "\n");
           }
                  I != BadSigners.end(); I++)
                 errmsg += (*I + "\n");
           }
+         if (!WorthlessSigners.empty())
+         {
+            errmsg += _("The following signatures were invalid:\n");
+            for (vector<string>::iterator I = WorthlessSigners.begin();
+                I != WorthlessSigners.end(); I++)
+               errmsg += (*I + "\n");
+         }
           if (!NoPubKeySigners.empty())
           {
               errmsg += _("The following signatures couldn't be verified because the public key is not available:\n");
           if (!NoPubKeySigners.empty())
           {
               errmsg += _("The following signatures couldn't be verified because the public key is not available:\n");
@@ -263,7 +292,7 @@ bool GPGVMethod::Fetch(FetchItem *Itm)
        // least one bad signature. good signatures and NoPubKey signatures
        // happen easily when a file is signed with multiple signatures
        if(GoodSigners.empty() or !BadSigners.empty())
        // least one bad signature. good signatures and NoPubKey signatures
        // happen easily when a file is signed with multiple signatures
        if(GoodSigners.empty() or !BadSigners.empty())
-        return _error->Error(errmsg.c_str());
+        return _error->Error("%s", errmsg.c_str());
     }
        
     // Just pass the raw output up, because passing it as a real data
     }
        
     // Just pass the raw output up, because passing it as a real data