* support multiple signatures

17 years ago · ce424cd446
4 changed files with 29 additions and 7 deletions
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@ -554,7 +554,7 @@ void pkgAcqMetaIndex::AuthDone(string Message)
      return;
   }

-   if (!VerifyVendor())
+   if (!VerifyVendor(Message))
   {
      return;
   }
@ -612,7 +612,7 @@ void pkgAcqMetaIndex::QueueIndexes(bool verify)
   }
 }

-bool pkgAcqMetaIndex::VerifyVendor()
+bool pkgAcqMetaIndex::VerifyVendor(string Message)
 {
 //    // Maybe this should be made available from above so we don't have
 //    // to read and parse it every time?
@ -637,6 +637,22 @@ bool pkgAcqMetaIndex::VerifyVendor()
 //          break;
 //       }
 //    }
+   string::size_type pos;
+
+   // check for missing sigs (that where not fatal because otherwise we had
+   // bombed earlier)
+   string missingkeys;
+   string msg = _("There was no public key available for the "
+		  "following key IDs:\n");
+   pos = Message.find("NO_PUBKEY ");
+   if (pos != std::string::npos)
+   {
+      string::size_type start = pos+strlen("NO_PUBKEY ");
+      string Fingerprint = Message.substr(start, Message.find("\n")-start);
+      missingkeys += (Fingerprint);
+   }
+   if(!missingkeys.empty())
+      _error->Warning("%s", string(msg+missingkeys).c_str());

   string Transformed = MetaIndexParser->GetExpectedDist();

@ -645,7 +661,7 @@ bool pkgAcqMetaIndex::VerifyVendor()
      Transformed = "experimental";
   }

-   string::size_type pos = Transformed.rfind('/');
+   pos = Transformed.rfind('/');
   if (pos != string::npos)
   {
      Transformed = Transformed.substr(0, pos);
--- a/apt-pkg/acquire-item.h
+++ b/apt-pkg/acquire-item.h
@ -151,9 +151,10 @@ class pkgAcqMetaIndex : public pkgAcquire::Item
   const vector<struct IndexTarget*>* IndexTargets;
   indexRecords* MetaIndexParser;
   bool AuthPass;
-   bool IMSHit; // required to fail gracefully on failures
+   // required to deal gracefully with problems caused by incorrect ims hits
+   bool IMSHit; 

-   bool VerifyVendor();
+   bool VerifyVendor(string Message);
   void RetrievalDone(string Message);
   void AuthDone(string Message);
   void QueueIndexes(bool verify);
--- a/debian/changelog
+++ b/debian/changelog
@ -16,8 +16,9 @@ apt (0.6.43.1) unstable; urgency=low
    (closes: #79277)
  * share/debian-archive.gpg: new 2006 ftp-archive signing key added
  * redownload the Release file if IMS-Hit and gpg failure
+  * deal with multiple signatures

- -- 
+ -- Michael Vogt <mvo@debian.org>  Thu,  5 Jan 2006 23:47:40 +0100

 apt (0.6.43) unstable; urgency=medium

--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@ -247,7 +247,11 @@ bool GPGVMethod::Fetch(FetchItem *Itm)
               errmsg += (*I + "\n");
         }
      }
-      return _error->Error(errmsg.c_str());
+      // this is only fatal if we have no good sigs or if we have at
+      // least one bad signature. good signatures and NoPubKey signatures
+      // happen easily when a file is signed with multiple signatures
+      if(GoodSigners.empty() or !BadSigners.empty())
+      	 return _error->Error(errmsg.c_str());
   }
      
   // Transfer the modification times