diff options
author | Julian Andres Klode <jak@debian.org> | 2016-03-28 03:34:54 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2016-03-28 14:59:33 +0200 |
commit | 6a4958d3134a3a61c036bc9ccaccc393c2bb99f2 (patch) | |
tree | 67d712b14a18d0dcd78df349cc1b8dea9556982d /methods | |
parent | f46a1d944896778ca705936e58a19a3a28bd1b95 (diff) | |
download | apt-6a4958d3134a3a61c036bc9ccaccc393c2bb99f2.tar.gz |
Allow lowering trust level of a hash via config
Introduces APT::Hashes::<NAME> with entries Untrusted and Weak
which can be set to true to cause the hash to be treated as
untrusted and/or weak.
Diffstat (limited to 'methods')
-rw-r--r-- | methods/gpgv.cc | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 43f1df878..60a7d4719 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -45,19 +45,20 @@ struct Digest { Untrusted, Weak, Trusted, - Configureable } state; char name[32]; State getState() const { - if (state != Digest::State::Configureable) - return state; - std::string const digestconfig = _config->Find("Debug::Acquire::gpgv::configdigest::truststate", "trusted"); - if (digestconfig == "weak") - return State::Weak; - else if (digestconfig == "untrusted") + std::string optionUntrusted; + std::string optionWeak; + strprintf(optionUntrusted, "APT::Hashes::%s::Untrusted", name); + strprintf(optionWeak, "APT::Hashes::%s::Weak", name); + if (_config->FindB(optionUntrusted, state == State::Untrusted) == true) return State::Untrusted; - return State::Trusted; + if (_config->FindB(optionWeak, state == State::Weak) == true) + return State::Weak; + + return state; } }; @@ -73,9 +74,8 @@ static constexpr Digest Digests[] = { {Digest::State::Trusted, "SHA256"}, {Digest::State::Trusted, "SHA384"}, {Digest::State::Trusted, "SHA512"}, - {Digest::State::Configureable, "SHA224"}, + {Digest::State::Trusted, "SHA224"}, }; -static_assert(Digests[_count(Digests) - 1].state == Digest::State::Configureable, "the last digest algo isn't the configurable one which we expect for tests"); static Digest FindDigest(std::string const & Digest) { @@ -234,8 +234,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, if (Debug == true) std::clog << "Got untrusted VALIDSIG, key ID: " << sig << std::endl; break; - case Digest::State::Configureable: - case Digest::State::Trusted: + + case Digest::State::Trusted: if (Debug == true) std::clog << "Got trusted VALIDSIG, key ID: " << sig << std::endl; break; |