X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/b5cabd30cc1be1c6c1ca675ceb359bab577c1905..b39bb552f8de65cea13dc5f1fae6fbeb198605c6:/methods/gpgv.cc diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 018e4f622..02fb8c356 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -1,20 +1,29 @@ -#include +#include + #include +#include +#include +#include #include #include -#include -#include -#include -#include -#include +#include #include +#include +#include +#include +#include #include +#include #include -#include - +#include #include +#include + +using std::string; +using std::vector; + #define GNUPGPREFIX "[GNUPG:]" #define GNUPGBADSIG "[GNUPG:] BADSIG" #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY" @@ -48,9 +57,6 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, vector &NoPubKeySigners) { bool const Debug = _config->FindB("Debug::Acquire::gpgv", false); - // setup a (empty) stringstream for formating the return value - std::stringstream ret; - ret.str(""); if (Debug == true) std::clog << "inside VerifyGetSigners" << std::endl; @@ -64,21 +70,12 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, if (pid < 0) return string("Couldn't spawn new process") + strerror(errno); else if (pid == 0) - { - if (SigVerify::RunGPGV(outfile, file, 3, fd) == false) - { - // TRANSLATOR: %s is the trusted keyring parts directory - ioprintf(ret, _("No keyring installed in %s."), - _config->FindDir("Dir::Etc::TrustedParts", "/etc/apt/trusted.gpg.d").c_str()); - return ret.str(); - } - exit(111); - } + ExecGPGV(outfile, file, 3, fd); close(fd[1]); FILE *pipein = fdopen(fd[0], "r"); - // Loop over the output of gpgv, and check the signatures. + // Loop over the output of apt-key (which really is gnupg), and check the signatures. size_t buffersize = 64; char *buffer = (char *) malloc(buffersize); size_t bufferoff = 0; @@ -89,8 +86,16 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, // Read a line. Sigh. while ((c = getc(pipein)) != EOF && c != '\n') { - if (bufferoff == buffersize) - buffer = (char *) realloc(buffer, buffersize *= 2); + if (bufferoff == buffersize) + { + char* newBuffer = (char *) realloc(buffer, buffersize *= 2); + if (newBuffer == NULL) + { + free(buffer); + return "Couldn't allocate a buffer big enough for reading"; + } + buffer = newBuffer; + } *(buffer+bufferoff) = c; bufferoff++; } @@ -149,12 +154,13 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, } } fclose(pipein); + free(buffer); int status; waitpid(pid, &status, 0); if (Debug == true) { - std::clog << "gpgv exited\n"; + std::clog << "apt-key exited\n"; } if (WEXITSTATUS(status) == 0) @@ -164,18 +170,19 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, return ""; } else if (WEXITSTATUS(status) == 1) - { return _("At least one invalid signature was encountered."); - } else if (WEXITSTATUS(status) == 111) + return _("Could not execute 'apt-key' to verify signature (is gnupg installed?)"); + else if (WEXITSTATUS(status) == 112) { - ioprintf(ret, _("Could not execute 'gpgv' to verify signature (is gpgv installed?)")); - return ret.str(); + // acquire system checks for "NODATA" to generate GPG errors (the others are only warnings) + std::string errmsg; + //TRANSLATORS: %s is a single techy word like 'NODATA' + strprintf(errmsg, _("Clearsigned file isn't valid, got '%s' (does the network require authentication?)"), "NODATA"); + return errmsg; } else - { - return _("Unknown error executing gpgv"); - } + return _("Unknown error executing apt-key"); } bool GPGVMethod::Fetch(FetchItem *Itm) @@ -193,7 +200,7 @@ bool GPGVMethod::Fetch(FetchItem *Itm) Res.Filename = Itm->DestFile; URIStart(Res); - // Run gpgv on file, extract contents and get the key ID of the signer + // Run apt-key on file, extract contents and get the key ID of the signer string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), GoodSigners, BadSigners, WorthlessSigners, NoPubKeySigners); @@ -210,21 +217,21 @@ bool GPGVMethod::Fetch(FetchItem *Itm) { errmsg += _("The following signatures were invalid:\n"); for (vector::iterator I = BadSigners.begin(); - I != BadSigners.end(); I++) + I != BadSigners.end(); ++I) errmsg += (*I + "\n"); } if (!WorthlessSigners.empty()) { errmsg += _("The following signatures were invalid:\n"); for (vector::iterator I = WorthlessSigners.begin(); - I != WorthlessSigners.end(); I++) + I != WorthlessSigners.end(); ++I) errmsg += (*I + "\n"); } if (!NoPubKeySigners.empty()) { errmsg += _("The following signatures couldn't be verified because the public key is not available:\n"); for (vector::iterator I = NoPubKeySigners.begin(); - I != NoPubKeySigners.end(); I++) + I != NoPubKeySigners.end(); ++I) errmsg += (*I + "\n"); } } @@ -245,7 +252,7 @@ bool GPGVMethod::Fetch(FetchItem *Itm) if (_config->FindB("Debug::Acquire::gpgv", false)) { - std::clog << "gpgv succeeded\n"; + std::clog << "apt-key succeeded\n"; } return true; @@ -255,8 +262,10 @@ bool GPGVMethod::Fetch(FetchItem *Itm) int main() { setlocale(LC_ALL, ""); - + GPGVMethod Mth; + Mth.DropPrivsOrDie(); + return Mth.Run(); }