diff options
author | Julian Andres Klode <jak@debian.org> | 2016-03-14 14:23:50 +0100 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2016-03-14 14:23:50 +0100 |
commit | 76a71a1237d22c1990efbc19ce0e02aacf572576 (patch) | |
tree | 208a4781ef6d5c1a14974bd3e49d7ae2732d6f51 /methods | |
parent | 0cbb7e29c5dad2178896d8eaf41ad616bb0111da (diff) | |
download | apt-76a71a1237d22c1990efbc19ce0e02aacf572576.tar.gz |
Handle ERRSIG in the gpgv method like BADSIG
ERRSIG is created whenever a key uses an unknown/weak digest
algorithm, for example. This allows us to report a more useful
error than just "unknown apt-key error.":
The following signatures were invalid: ERRSIG 13B00F1FD2C19886 1 2 01 1457609403 5
While still not being the best reportable error message, it's
better than unknown apt-key error and hopefully redirects users
to complain to their repository owners.
Diffstat (limited to 'methods')
-rw-r--r-- | methods/gpgv.cc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc index f17990245..5800a04f0 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -29,6 +29,7 @@ using std::vector; #define GNUPGPREFIX "[GNUPG:]" #define GNUPGBADSIG "[GNUPG:] BADSIG" +#define GNUPGERRSIG "[GNUPG:] ERRSIG" #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY" #define GNUPGVALIDSIG "[GNUPG:] VALIDSIG" #define GNUPGGOODSIG "[GNUPG:] GOODSIG" @@ -101,6 +102,12 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, std::clog << "Got BADSIG! " << std::endl; BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX))); } + else if (strncmp(buffer, GNUPGERRSIG, sizeof(GNUPGERRSIG)-1) == 0) + { + if (Debug == true) + std::clog << "Got ERRSIG! " << std::endl; + BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX))); + } else if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0) { if (Debug == true) |