git.saurik.com Git - apt.git/commit - test/integration/test-releasefile-verification

]> git.saurik.com Git - apt.git/commit - test/integration/test-releasefile-verification

author	David Kalnischkies <david@kalnischkies.de>
	Tue, 22 Mar 2016 00:26:29 +0000 (01:26 +0100)
committer	David Kalnischkies <david@kalnischkies.de>
	Tue, 22 Mar 2016 00:58:45 +0000 (01:58 +0100)
commit	08b7761a251a36fa65cbe022a86c51d7f091a88d
tree	9666c3f3582e88ae0ac748d7bccb2811f17f4c06	tree \| snapshot
parent	8fa99570816d3a644a9c4386c6a8f2ca21480329	commit \| diff

handle gpgv's weak-digests ERRSIG

Our own gpgv method can declare a digest algorithm as untrusted and
handles these as worthless signatures. If gpgv comes with inbuilt
untrusted (which is called weak in official terminology) which it e.g.
does for MD5 in recent versions we should handle it in the same way.

To check this we use the most uncommon still fully trusted hash as a
configureable one via a hidden config option to toggle through all of
the three states a hash can be in.

methods/gpgv.cc		diff \| blob \| blame \| history
test/integration/test-releasefile-verification		diff \| blob \| blame \| history

APT (for Cydia)

RSS Atom