On IMS-Hit, you can't assume local compression :/.

[apt.git] / methods / gpgv.cc

diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index d073c733eae7e5a4544a4cc592edd53a2bbb06a2..95a86f8902576fe5a7479baf81adba6e18153b25 100644 (file)
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -40,6 +40,7 @@ using std::vector;
 #define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG"
 #define GNUPGNODATA "[GNUPG:] NODATA"
 #define APTKEYWARNING "[APTKEY:] WARNING"
+#define APTKEYERROR "[APTKEY:] ERROR"
 
 struct Digest {
    enum class State {
@@ -54,9 +55,9 @@ struct Digest {
       std::string optionWeak;
       strprintf(optionUntrusted, "APT::Hashes::%s::Untrusted", name);
       strprintf(optionWeak, "APT::Hashes::%s::Weak", name);
-      if (_config->FindB(optionUntrusted, state == State::Untrusted) == true)
+      if (_config->FindB(optionUntrusted, false) == true)
         return State::Untrusted;
-      if (_config->FindB(optionWeak, state == State::Weak) == true)
+      if (_config->FindB(optionWeak, false) == true)
         return State::Weak;
 
       return state;
@@ -66,8 +67,8 @@ struct Digest {
 static constexpr Digest Digests[] = {
    {Digest::State::Untrusted, "Invalid digest"},
    {Digest::State::Untrusted, "MD5"},
-   {Digest::State::Weak, "SHA1"},
-   {Digest::State::Weak, "RIPE-MD/160"},
+   {Digest::State::Untrusted, "SHA1"},
+   {Digest::State::Untrusted, "RIPE-MD/160"},
    {Digest::State::Trusted, "Reserved digest"},
    {Digest::State::Trusted, "Reserved digest"},
    {Digest::State::Trusted, "Reserved digest"},
@@ -241,6 +242,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
       }
       else if (strncmp(buffer, APTKEYWARNING, sizeof(APTKEYWARNING)-1) == 0)
          Warning("%s", buffer + sizeof(APTKEYWARNING));
+      else if (strncmp(buffer, APTKEYERROR, sizeof(APTKEYERROR)-1) == 0)
+        _error->Error("%s", buffer + sizeof(APTKEYERROR));
    }
    fclose(pipein);
    free(buffer);
@@ -372,9 +375,11 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
    URIStart(Res);
 
    // Run apt-key on file, extract contents and get the key ID of the signer
-   string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), key,
+   string const msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), key,
                                  GoodSigners, BadSigners, WorthlessSigners,
                                  SoonWorthlessSigners, NoPubKeySigners);
+   if (_error->PendingError())
+      return false;
 
    // Check if all good signers are soon worthless and warn in that case
    if (std::all_of(GoodSigners.begin(), GoodSigners.end(), [&](std::string const &good) {