summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
f46a1d9)
Introduces APT::Hashes::<NAME> with entries Untrusted and Weak
which can be set to true to cause the hash to be treated as
untrusted and/or weak.
return (Type.empty() || Hash.empty());
}
/*}}}*/
return (Type.empty() || Hash.empty());
}
/*}}}*/
+
+APT_PURE static bool IsConfigured(const char *name, const char *what)
+{
+ std::string option;
+ strprintf(option, "APT::Hashes::%s::%s", name, what);
+ return _config->FindB(option, false);
+}
+
APT_PURE bool HashString::usable() const /*{{{*/
{
return (
(Type != "Checksum-FileSize") &&
(Type != "MD5Sum") &&
APT_PURE bool HashString::usable() const /*{{{*/
{
return (
(Type != "Checksum-FileSize") &&
(Type != "MD5Sum") &&
+ (Type != "SHA1") &&
+ !IsConfigured(Type.c_str(), "Untrusted")
Untrusted,
Weak,
Trusted,
Untrusted,
Weak,
Trusted,
} state;
char name[32];
State getState() const {
} state;
char name[32];
State getState() const {
- if (state != Digest::State::Configureable)
- return state;
- std::string const digestconfig = _config->Find("Debug::Acquire::gpgv::configdigest::truststate", "trusted");
- if (digestconfig == "weak")
- return State::Weak;
- else if (digestconfig == "untrusted")
+ std::string optionUntrusted;
+ std::string optionWeak;
+ strprintf(optionUntrusted, "APT::Hashes::%s::Untrusted", name);
+ strprintf(optionWeak, "APT::Hashes::%s::Weak", name);
+ if (_config->FindB(optionUntrusted, state == State::Untrusted) == true)
+ if (_config->FindB(optionWeak, state == State::Weak) == true)
+ return State::Weak;
+
+ return state;
{Digest::State::Trusted, "SHA256"},
{Digest::State::Trusted, "SHA384"},
{Digest::State::Trusted, "SHA512"},
{Digest::State::Trusted, "SHA256"},
{Digest::State::Trusted, "SHA384"},
{Digest::State::Trusted, "SHA512"},
- {Digest::State::Configureable, "SHA224"},
+ {Digest::State::Trusted, "SHA224"},
-static_assert(Digests[_count(Digests) - 1].state == Digest::State::Configureable, "the last digest algo isn't the configurable one which we expect for tests");
static Digest FindDigest(std::string const & Digest)
{
static Digest FindDigest(std::string const & Digest)
{
if (Debug == true)
std::clog << "Got untrusted VALIDSIG, key ID: " << sig << std::endl;
break;
if (Debug == true)
std::clog << "Got untrusted VALIDSIG, key ID: " << sig << std::endl;
break;
- case Digest::State::Configureable:
- case Digest::State::Trusted:
+
+ case Digest::State::Trusted:
if (Debug == true)
std::clog << "Got trusted VALIDSIG, key ID: " << sig << std::endl;
break;
if (Debug == true)
std::clog << "Got trusted VALIDSIG, key ID: " << sig << std::endl;
break;
- echo "Debug::Acquire::gpgv::configdigest::truststate \"$1\";" > rootdir/etc/apt/apt.conf.d/truststate
+ echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::$1 \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate
msgmsg "Running base test with $1 digest"
runtest2
msgmsg "Running base test with $1 digest"
runtest2
successfulaptgetupdate() {
testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
}
successfulaptgetupdate() {
testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
}
successfulaptgetupdate() {
testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
testsuccess grep 'uses weak digest algorithm' rootdir/tmp/testwarning.output
}
successfulaptgetupdate() {
testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
testsuccess grep 'uses weak digest algorithm' rootdir/tmp/testwarning.output
}
msgmsg "Running test with apt-untrusted digest"
msgmsg "Running test with apt-untrusted digest"
-echo "Debug::Acquire::gpgv::configdigest::truststate \"untrusted\";" > rootdir/etc/apt/apt.conf.d/truststate
+echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate
runfailure() {
for DELETEFILE in 'InRelease' 'Release.gpg'; do
msgmsg 'Cold archive signed by' 'Joe Sixpack'
runfailure() {
for DELETEFILE in 'InRelease' 'Release.gpg'; do
msgmsg 'Cold archive signed by' 'Joe Sixpack'
projects / apt.git / commitdiff
