* support multiple signatures

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index b9fc74456538b56451935bc00c092e7842db00f3..11a449e91bc1ed531c8633977447510396784928 100644 (file)
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -554,7 +554,7 @@ void pkgAcqMetaIndex::AuthDone(string Message)
       return;
    }
 
-   if (!VerifyVendor())
+   if (!VerifyVendor(Message))
    {
       return;
    }
@@ -612,7 +612,7 @@ void pkgAcqMetaIndex::QueueIndexes(bool verify)
    }
 }
 
-bool pkgAcqMetaIndex::VerifyVendor()
+bool pkgAcqMetaIndex::VerifyVendor(string Message)
 {
 //    // Maybe this should be made available from above so we don't have
 //    // to read and parse it every time?
@@ -637,6 +637,22 @@ bool pkgAcqMetaIndex::VerifyVendor()
 //          break;
 //       }
 //    }
+   string::size_type pos;
+
+   // check for missing sigs (that where not fatal because otherwise we had
+   // bombed earlier)
+   string missingkeys;
+   string msg = _("There was no public key available for the "
+                 "following key IDs:\n");
+   pos = Message.find("NO_PUBKEY ");
+   if (pos != std::string::npos)
+   {
+      string::size_type start = pos+strlen("NO_PUBKEY ");
+      string Fingerprint = Message.substr(start, Message.find("\n")-start);
+      missingkeys += (Fingerprint);
+   }
+   if(!missingkeys.empty())
+      _error->Warning("%s", string(msg+missingkeys).c_str());
 
    string Transformed = MetaIndexParser->GetExpectedDist();
 
@@ -645,7 +661,7 @@ bool pkgAcqMetaIndex::VerifyVendor()
       Transformed = "experimental";
    }
 
-   string::size_type pos = Transformed.rfind('/');
+   pos = Transformed.rfind('/');
    if (pos != string::npos)
    {
       Transformed = Transformed.substr(0, pos);

diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h
index e6fc7fc47b7df7ad79da7acd8a4d07e5d58d92f5..da1bea801d7310557691a9d2470ffa2bf033466b 100644 (file)
--- a/apt-pkg/acquire-item.h
+++ b/apt-pkg/acquire-item.h
@@ -151,9 +151,10 @@ class pkgAcqMetaIndex : public pkgAcquire::Item
    const vector<struct IndexTarget*>* IndexTargets;
    indexRecords* MetaIndexParser;
    bool AuthPass;
-   bool IMSHit; // required to fail gracefully on failures
+   // required to deal gracefully with problems caused by incorrect ims hits
+   bool IMSHit; 
 
-   bool VerifyVendor();
+   bool VerifyVendor(string Message);
    void RetrievalDone(string Message);
    void AuthDone(string Message);
    void QueueIndexes(bool verify);

diff --git a/debian/changelog b/debian/changelog
index 5c1b1347e43cc0cf7cae0bc2672e407fdad950e1..8bcb4256642bd939fff600d833d8f21e8e6b33d6 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,8 +16,9 @@ apt (0.6.43.1) unstable; urgency=low
     (closes: #79277)
   * share/debian-archive.gpg: new 2006 ftp-archive signing key added
   * redownload the Release file if IMS-Hit and gpg failure
+  * deal with multiple signatures
 
- -- 
+ -- Michael Vogt <mvo@debian.org>  Thu,  5 Jan 2006 23:47:40 +0100
 
 apt (0.6.43) unstable; urgency=medium
 

diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 5cb154f665b825c5abfb896f3035736f401b315f..a114ad797dd0967c19e87d83829d9e11e017d02e 100644 (file)
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -247,7 +247,11 @@ bool GPGVMethod::Fetch(FetchItem *Itm)
                errmsg += (*I + "\n");
          }
       }
-      return _error->Error(errmsg.c_str());
+      // this is only fatal if we have no good sigs or if we have at
+      // least one bad signature. good signatures and NoPubKey signatures
+      // happen easily when a file is signed with multiple signatures
+      if(GoodSigners.empty() or !BadSigners.empty())
+        return _error->Error(errmsg.c_str());
    }
       
    // Transfer the modification times