From: David Kalnischkies <kalnischkies@gmail.com>
Date: Fri, 15 Mar 2013 13:17:01 +0000 (+0100)
Subject: * apt-pkg/indexcopy.cc:
X-Git-Tag: 0.9.8~20^2^2~7^2~5
X-Git-Url: https://git.saurik.com/apt.git/commitdiff_plain/2f5b615169aef2d9c74bb337af229dee2dce595e
* apt-pkg/indexcopy.cc:
- rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
---
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
new file mode 100644
index 000000000..9b008dd4f
--- /dev/null
+++ b/apt-pkg/contrib/gpgv.cc
@@ -0,0 +1,138 @@
+// -*- mode: cpp; mode: fold -*-
+// Include Files /*{{{*/
+#include<config.h>
+
+#include <iostream>
+#include <sstream>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <apt-pkg/error.h>
+#include <apt-pkg/strutl.h>
+#include <apt-pkg/fileutl.h>
+#include <apt-pkg/configuration.h>
+
+#include <apti18n.h>
+ /*}}}*/
+
+using namespace std;
+
+// RunGPGV - returns the command needed for verify /*{{{*/
+// ---------------------------------------------------------------------
+/* Generating the commandline for calling gpgv is somehow complicated as
+ we need to add multiple keyrings and user supplied options. */
+bool ExecGPGV(std::string const &File, std::string const &FileGPG,
+ int const &statusfd, int fd[2])
+{
+ if (File == FileGPG)
+ {
+ #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n"
+ char buffer[sizeof(SIGMSG)];
+ FILE* gpg = fopen(File.c_str(), "r");
+ if (gpg == NULL)
+ return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str());
+ char const * const test = fgets(buffer, sizeof(buffer), gpg);
+ fclose(gpg);
+ if (test == NULL || strcmp(buffer, SIGMSG) != 0)
+ return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str());
+ #undef SIGMSG
+ }
+
+
+ string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
+ // FIXME: remove support for deprecated APT::GPGV setting
+ string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted"));
+ string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts");
+
+ bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
+
+ if (Debug == true)
+ {
+ std::clog << "gpgv path: " << gpgvpath << std::endl;
+ std::clog << "Keyring file: " << trustedFile << std::endl;
+ std::clog << "Keyring path: " << trustedPath << std::endl;
+ }
+
+ std::vector<string> keyrings;
+ if (DirectoryExists(trustedPath))
+ keyrings = GetListOfFilesInDir(trustedPath, "gpg", false, true);
+ if (RealFileExists(trustedFile) == true)
+ keyrings.push_back(trustedFile);
+
+ std::vector<const char *> Args;
+ Args.reserve(30);
+
+ if (keyrings.empty() == true)
+ {
+ // TRANSLATOR: %s is the trusted keyring parts directory
+ return _error->Error(_("No keyring installed in %s."),
+ _config->FindDir("Dir::Etc::TrustedParts").c_str());
+ }
+
+ Args.push_back(gpgvpath.c_str());
+ Args.push_back("--ignore-time-conflict");
+
+ if (statusfd != -1)
+ {
+ Args.push_back("--status-fd");
+ char fd[10];
+ snprintf(fd, sizeof(fd), "%i", statusfd);
+ Args.push_back(fd);
+ }
+
+ for (vector<string>::const_iterator K = keyrings.begin();
+ K != keyrings.end(); ++K)
+ {
+ Args.push_back("--keyring");
+ Args.push_back(K->c_str());
+ }
+
+ Configuration::Item const *Opts;
+ Opts = _config->Tree("Acquire::gpgv::Options");
+ if (Opts != 0)
+ {
+ Opts = Opts->Child;
+ for (; Opts != 0; Opts = Opts->Next)
+ {
+ if (Opts->Value.empty() == true)
+ continue;
+ Args.push_back(Opts->Value.c_str());
+ }
+ }
+
+ Args.push_back(FileGPG.c_str());
+ if (FileGPG != File)
+ Args.push_back(File.c_str());
+ Args.push_back(NULL);
+
+ if (Debug == true)
+ {
+ std::clog << "Preparing to exec: " << gpgvpath;
+ for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a)
+ std::clog << " " << *a;
+ std::clog << std::endl;
+ }
+
+ if (statusfd != -1)
+ {
+ int const nullfd = open("/dev/null", O_RDONLY);
+ close(fd[0]);
+ // Redirect output to /dev/null; we read from the status fd
+ dup2(nullfd, STDOUT_FILENO);
+ dup2(nullfd, STDERR_FILENO);
+ // Redirect the pipe to the status fd (3)
+ dup2(fd[1], statusfd);
+
+ putenv((char *)"LANG=");
+ putenv((char *)"LC_ALL=");
+ putenv((char *)"LC_MESSAGES=");
+ }
+
+ execvp(gpgvpath.c_str(), (char **) &Args[0]);
+ return true;
+}
+ /*}}}*/
diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h
new file mode 100644
index 000000000..c15166c94
--- /dev/null
+++ b/apt-pkg/contrib/gpgv.h
@@ -0,0 +1,24 @@
+// -*- mode: cpp; mode: fold -*-
+// Description /*{{{*/
+/* ######################################################################
+
+ Helpers to deal with gpgv better and more easily
+
+ ##################################################################### */
+ /*}}}*/
+#ifndef CONTRIB_GPGV_H
+#define CONTRIB_GPGV_H
+
+#include <string>
+
+/** \brief generates and run the command to verify a file with gpgv */
+bool ExecGPGV(std::string const &File, std::string const &FileOut,
+ int const &statusfd, int fd[2]);
+
+inline bool ExecGPGV(std::string const &File, std::string const &FileOut,
+ int const &statusfd = -1) {
+ int fd[2];
+ return ExecGPGV(File, FileOut, statusfd, fd);
+}
+
+#endif
diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc
index aa1f01a4a..f53989bdb 100644
--- a/apt-pkg/indexcopy.cc
+++ b/apt-pkg/indexcopy.cc
@@ -593,9 +593,9 @@ bool SigVerify::CopyAndVerify(string CDROM,string Name,vector<string> &SigList,
if(pid == 0)
{
if (useInRelease == true)
- RunGPGV(inrelease, inrelease);
+ ExecGPGV(inrelease, inrelease);
else
- RunGPGV(release, releasegpg);
+ ExecGPGV(release, releasegpg);
}
if(!ExecWait(pid, "gpgv")) {
@@ -639,124 +639,6 @@ bool SigVerify::CopyAndVerify(string CDROM,string Name,vector<string> &SigList,
}
}
- return true;
-}
- /*}}}*/
-// SigVerify::RunGPGV - returns the command needed for verify /*{{{*/
-// ---------------------------------------------------------------------
-/* Generating the commandline for calling gpgv is somehow complicated as
- we need to add multiple keyrings and user supplied options. Also, as
- the cdrom code currently can not use the gpgv method we have two places
- these need to be done - so the place for this method is wrong but better
- than code duplication⦠*/
-bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG,
- int const &statusfd, int fd[2])
-{
- if (File == FileGPG)
- {
- #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n"
- char buffer[sizeof(SIGMSG)];
- FILE* gpg = fopen(File.c_str(), "r");
- if (gpg == NULL)
- return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str());
- char const * const test = fgets(buffer, sizeof(buffer), gpg);
- fclose(gpg);
- if (test == NULL || strcmp(buffer, SIGMSG) != 0)
- return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str());
- #undef SIGMSG
- }
-
-
- string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
- // FIXME: remove support for deprecated APT::GPGV setting
- string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted"));
- string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts");
-
- bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
-
- if (Debug == true)
- {
- std::clog << "gpgv path: " << gpgvpath << std::endl;
- std::clog << "Keyring file: " << trustedFile << std::endl;
- std::clog << "Keyring path: " << trustedPath << std::endl;
- }
-
- std::vector<string> keyrings;
- if (DirectoryExists(trustedPath))
- keyrings = GetListOfFilesInDir(trustedPath, "gpg", false, true);
- if (RealFileExists(trustedFile) == true)
- keyrings.push_back(trustedFile);
-
- std::vector<const char *> Args;
- Args.reserve(30);
-
- if (keyrings.empty() == true)
- {
- // TRANSLATOR: %s is the trusted keyring parts directory
- return _error->Error(_("No keyring installed in %s."),
- _config->FindDir("Dir::Etc::TrustedParts").c_str());
- }
-
- Args.push_back(gpgvpath.c_str());
- Args.push_back("--ignore-time-conflict");
-
- if (statusfd != -1)
- {
- Args.push_back("--status-fd");
- char fd[10];
- snprintf(fd, sizeof(fd), "%i", statusfd);
- Args.push_back(fd);
- }
-
- for (vector<string>::const_iterator K = keyrings.begin();
- K != keyrings.end(); ++K)
- {
- Args.push_back("--keyring");
- Args.push_back(K->c_str());
- }
-
- Configuration::Item const *Opts;
- Opts = _config->Tree("Acquire::gpgv::Options");
- if (Opts != 0)
- {
- Opts = Opts->Child;
- for (; Opts != 0; Opts = Opts->Next)
- {
- if (Opts->Value.empty() == true)
- continue;
- Args.push_back(Opts->Value.c_str());
- }
- }
-
- Args.push_back(FileGPG.c_str());
- if (FileGPG != File)
- Args.push_back(File.c_str());
- Args.push_back(NULL);
-
- if (Debug == true)
- {
- std::clog << "Preparing to exec: " << gpgvpath;
- for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a)
- std::clog << " " << *a;
- std::clog << std::endl;
- }
-
- if (statusfd != -1)
- {
- int const nullfd = open("/dev/null", O_RDONLY);
- close(fd[0]);
- // Redirect output to /dev/null; we read from the status fd
- dup2(nullfd, STDOUT_FILENO);
- dup2(nullfd, STDERR_FILENO);
- // Redirect the pipe to the status fd (3)
- dup2(fd[1], statusfd);
-
- putenv((char *)"LANG=");
- putenv((char *)"LC_ALL=");
- putenv((char *)"LC_MESSAGES=");
- }
-
- execvp(gpgvpath.c_str(), (char **) &Args[0]);
return true;
}
/*}}}*/
diff --git a/apt-pkg/indexcopy.h b/apt-pkg/indexcopy.h
index e3de1afd9..49e724f2f 100644
--- a/apt-pkg/indexcopy.h
+++ b/apt-pkg/indexcopy.h
@@ -14,6 +14,9 @@
#include <string>
#include <stdio.h>
+#include <apt-pkg/gpgv.h>
+#include <apt-pkg/macros.h>
+
#ifndef APT_8_CLEANER_HEADERS
using std::string;
using std::vector;
@@ -96,13 +99,13 @@ class SigVerify /*{{{*/
bool CopyAndVerify(std::string CDROM,std::string Name,std::vector<std::string> &SigList,
std::vector<std::string> PkgList,std::vector<std::string> SrcList);
- /** \brief generates and run the command to verify a file with gpgv */
- static bool RunGPGV(std::string const &File, std::string const &FileOut,
- int const &statusfd, int fd[2]);
- inline static bool RunGPGV(std::string const &File, std::string const &FileOut,
+ __deprecated static bool RunGPGV(std::string const &File, std::string const &FileOut,
+ int const &statusfd, int fd[2]) {
+ return ExecGPGV(File, FileOut, statusfd, fd);
+ };
+ __deprecated static bool RunGPGV(std::string const &File, std::string const &FileOut,
int const &statusfd = -1) {
- int fd[2];
- return RunGPGV(File, FileOut, statusfd, fd);
+ return ExecGPGV(File, FileOut, statusfd);
};
};
/*}}}*/
diff --git a/apt-pkg/makefile b/apt-pkg/makefile
index 27d7ead24..59729faf5 100644
--- a/apt-pkg/makefile
+++ b/apt-pkg/makefile
@@ -27,15 +27,13 @@ APT_DOMAIN:=libapt-pkg$(LIBAPTPKG_MAJOR)
SOURCE = contrib/mmap.cc contrib/error.cc contrib/strutl.cc \
contrib/configuration.cc contrib/progress.cc contrib/cmndline.cc \
contrib/hashsum.cc contrib/md5.cc contrib/sha1.cc \
- contrib/sha2_internal.cc\
- contrib/hashes.cc \
+ contrib/sha2_internal.cc contrib/hashes.cc \
contrib/cdromutl.cc contrib/crc-16.cc contrib/netrc.cc \
- contrib/fileutl.cc
-HEADERS = mmap.h error.h configuration.h fileutl.h cmndline.h netrc.h\
- md5.h crc-16.h cdromutl.h strutl.h sptr.h sha1.h sha2.h sha256.h\
- sha2_internal.h \
- hashes.h hashsum_template.h\
- macros.h weakptr.h
+ contrib/fileutl.cc contrib/gpgv.cc
+HEADERS = mmap.h error.h configuration.h fileutl.h cmndline.h netrc.h \
+ md5.h crc-16.h cdromutl.h strutl.h sptr.h sha1.h sha2.h sha256.h \
+ sha2_internal.h hashes.h hashsum_template.h \
+ macros.h weakptr.h gpgv.h
# Source code for the core main library
SOURCE+= pkgcache.cc version.cc depcache.cc \
diff --git a/debian/changelog b/debian/changelog
index 9ed9b4d61..ac630ad7e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+apt (0.9.7.9) UNRELEASED; urgency=low
+
+ [ David Kalnischkies ]
+ * apt-pkg/indexcopy.cc:
+ - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
+
+ -- David Kalnischkies <kalnischkies@gmail.com> Fri, 15 Mar 2013 14:15:43 +0100
+
apt (0.9.7.8) unstable; urgency=criticial
* SECURITY UPDATE: InRelease verification bypass
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 25ba0d063..98381b845 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -6,6 +6,7 @@
#include <apt-pkg/fileutl.h>
#include <apt-pkg/indexcopy.h>
#include <apt-pkg/configuration.h>
+#include <apt-pkg/gpgv.h>
#include <utime.h>
#include <stdio.h>
@@ -72,7 +73,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
else if (pid == 0)
{
_error->PushToStack();
- bool const success = SigVerify::RunGPGV(outfile, file, 3, fd);
+ bool const success = ExecGPGV(outfile, file, 3, fd);
if (success == false)
{
string errmsg;