From: Julian Andres Klode Date: Mon, 14 Mar 2016 13:23:50 +0000 (+0100) Subject: Handle ERRSIG in the gpgv method like BADSIG X-Git-Tag: 1.2.7~8 X-Git-Url: https://git.saurik.com/apt.git/commitdiff_plain/76a71a1237d22c1990efbc19ce0e02aacf572576 Handle ERRSIG in the gpgv method like BADSIG ERRSIG is created whenever a key uses an unknown/weak digest algorithm, for example. This allows us to report a more useful error than just "unknown apt-key error.": The following signatures were invalid: ERRSIG 13B00F1FD2C19886 1 2 01 1457609403 5 While still not being the best reportable error message, it's better than unknown apt-key error and hopefully redirects users to complain to their repository owners. --- diff --git a/methods/gpgv.cc b/methods/gpgv.cc index f17990245..5800a04f0 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -29,6 +29,7 @@ using std::vector; #define GNUPGPREFIX "[GNUPG:]" #define GNUPGBADSIG "[GNUPG:] BADSIG" +#define GNUPGERRSIG "[GNUPG:] ERRSIG" #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY" #define GNUPGVALIDSIG "[GNUPG:] VALIDSIG" #define GNUPGGOODSIG "[GNUPG:] GOODSIG" @@ -101,6 +102,12 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, std::clog << "Got BADSIG! " << std::endl; BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX))); } + else if (strncmp(buffer, GNUPGERRSIG, sizeof(GNUPGERRSIG)-1) == 0) + { + if (Debug == true) + std::clog << "Got ERRSIG! " << std::endl; + BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX))); + } else if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0) { if (Debug == true)