summaryrefslogtreecommitdiff
path: root/methods
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2016-03-28 03:34:54 +0200
committerJulian Andres Klode <jak@debian.org>2016-03-28 14:59:33 +0200
commit6a4958d3134a3a61c036bc9ccaccc393c2bb99f2 (patch)
tree67d712b14a18d0dcd78df349cc1b8dea9556982d /methods
parentf46a1d944896778ca705936e58a19a3a28bd1b95 (diff)
downloadapt-6a4958d3134a3a61c036bc9ccaccc393c2bb99f2.tar.gz
Allow lowering trust level of a hash via config
Introduces APT::Hashes::<NAME> with entries Untrusted and Weak which can be set to true to cause the hash to be treated as untrusted and/or weak.
Diffstat (limited to 'methods')
-rw-r--r--methods/gpgv.cc24
1 files changed, 12 insertions, 12 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 43f1df878..60a7d4719 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -45,19 +45,20 @@ struct Digest {
Untrusted,
Weak,
Trusted,
- Configureable
} state;
char name[32];
State getState() const {
- if (state != Digest::State::Configureable)
- return state;
- std::string const digestconfig = _config->Find("Debug::Acquire::gpgv::configdigest::truststate", "trusted");
- if (digestconfig == "weak")
- return State::Weak;
- else if (digestconfig == "untrusted")
+ std::string optionUntrusted;
+ std::string optionWeak;
+ strprintf(optionUntrusted, "APT::Hashes::%s::Untrusted", name);
+ strprintf(optionWeak, "APT::Hashes::%s::Weak", name);
+ if (_config->FindB(optionUntrusted, state == State::Untrusted) == true)
return State::Untrusted;
- return State::Trusted;
+ if (_config->FindB(optionWeak, state == State::Weak) == true)
+ return State::Weak;
+
+ return state;
}
};
@@ -73,9 +74,8 @@ static constexpr Digest Digests[] = {
{Digest::State::Trusted, "SHA256"},
{Digest::State::Trusted, "SHA384"},
{Digest::State::Trusted, "SHA512"},
- {Digest::State::Configureable, "SHA224"},
+ {Digest::State::Trusted, "SHA224"},
};
-static_assert(Digests[_count(Digests) - 1].state == Digest::State::Configureable, "the last digest algo isn't the configurable one which we expect for tests");
static Digest FindDigest(std::string const & Digest)
{
@@ -234,8 +234,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
if (Debug == true)
std::clog << "Got untrusted VALIDSIG, key ID: " << sig << std::endl;
break;
- case Digest::State::Configureable:
- case Digest::State::Trusted:
+
+ case Digest::State::Trusted:
if (Debug == true)
std::clog << "Got trusted VALIDSIG, key ID: " << sig << std::endl;
break;