summaryrefslogtreecommitdiff
path: root/methods
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2016-03-14 14:23:50 +0100
committerJulian Andres Klode <jak@debian.org>2016-03-14 14:23:50 +0100
commit76a71a1237d22c1990efbc19ce0e02aacf572576 (patch)
tree208a4781ef6d5c1a14974bd3e49d7ae2732d6f51 /methods
parent0cbb7e29c5dad2178896d8eaf41ad616bb0111da (diff)
downloadapt-76a71a1237d22c1990efbc19ce0e02aacf572576.tar.gz
Handle ERRSIG in the gpgv method like BADSIG
ERRSIG is created whenever a key uses an unknown/weak digest algorithm, for example. This allows us to report a more useful error than just "unknown apt-key error.": The following signatures were invalid: ERRSIG 13B00F1FD2C19886 1 2 01 1457609403 5 While still not being the best reportable error message, it's better than unknown apt-key error and hopefully redirects users to complain to their repository owners.
Diffstat (limited to 'methods')
-rw-r--r--methods/gpgv.cc7
1 files changed, 7 insertions, 0 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index f17990245..5800a04f0 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -29,6 +29,7 @@ using std::vector;
#define GNUPGPREFIX "[GNUPG:]"
#define GNUPGBADSIG "[GNUPG:] BADSIG"
+#define GNUPGERRSIG "[GNUPG:] ERRSIG"
#define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
#define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
#define GNUPGGOODSIG "[GNUPG:] GOODSIG"
@@ -101,6 +102,12 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
std::clog << "Got BADSIG! " << std::endl;
BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
+ else if (strncmp(buffer, GNUPGERRSIG, sizeof(GNUPGERRSIG)-1) == 0)
+ {
+ if (Debug == true)
+ std::clog << "Got ERRSIG! " << std::endl;
+ BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
+ }
else if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
{
if (Debug == true)