implement Signed-By option for sources.list
Limits which key(s) can be used to sign a repository. Not immensely useful from a security perspective all by itself, but if the user has additional measures in place to confine a repository (like pinning) an attacker who gets the key for such a repository is limited to its potential and can't use the key to sign its attacks for an other (maybe less limited) repository… (yes, this is as weak as it sounds, but having the capability might come in handy for implementing other stuff later).
Showing
- apt-pkg/acquire-item.cc 14 additions, 1 deletionapt-pkg/acquire-item.cc
- apt-pkg/acquire-item.h 1 addition, 0 deletionsapt-pkg/acquire-item.h
- apt-pkg/contrib/gpgv.cc 16 additions, 1 deletionapt-pkg/contrib/gpgv.cc
- apt-pkg/contrib/gpgv.h 4 additions, 1 deletionapt-pkg/contrib/gpgv.h
- apt-pkg/deb/debmetaindex.cc 35 additions, 0 deletionsapt-pkg/deb/debmetaindex.cc
- apt-pkg/deb/debmetaindex.h 1 addition, 0 deletionsapt-pkg/deb/debmetaindex.h
- apt-pkg/metaindex.cc 2 additions, 2 deletionsapt-pkg/metaindex.cc
- apt-pkg/metaindex.h 3 additions, 1 deletionapt-pkg/metaindex.h
- apt-pkg/sourcelist.cc 15 additions, 13 deletionsapt-pkg/sourcelist.cc
- cmdline/apt-key.in 19 additions, 3 deletionscmdline/apt-key.in
- doc/sources.list.5.xml 12 additions, 12 deletionsdoc/sources.list.5.xml
- methods/gpgv.cc 10 additions, 8 deletionsmethods/gpgv.cc
- test/integration/framework 16 additions, 7 deletionstest/integration/framework
- test/integration/test-apt-key 35 additions, 2 deletionstest/integration/test-apt-key
- test/integration/test-releasefile-verification 42 additions, 5 deletionstest/integration/test-releasefile-verification
Loading
Please register or sign in to comment