Control: clone -1 -2 Control: reassign -2 apt Control: retitle -2 apt: SplitClearSignedFile mishandles lines with trailing whitespace
On Fri, Nov 01, 2019 at 05:58:06PM -0400, John Bazik wrote: > When debmirror splits InRelease files using split_clearsigned_file, it > can produce text and signature files that gpgv reports as having a > "BAD signature." Yet gpgv reports "Good signature" for the original > InRelease file, by itself. What I found is that most files work but > some do not. Attached is a standalone split command, using the code > from debmirror. This is what I see when I test the debian-archive > wheezy-backports InRelease file: Very interesting. It's due to the "Version: " line, with a trailing space, in the InRelease file for wheezy-backports. RFC 4880 section 7.1 says: Also, any trailing whitespace -- spaces (0x20) and tabs (0x09) -- at the end of any line is removed when the cleartext signature is generated. Remarkable; but we have to cope with it. Apparently the clearsigning process is not intended to be reversible. As the comment notes, I translated the split_clearsigned_file function from similar code in APT, and as far as I can see by code inspection it has the same bug. APT maintainers: I think you need to remove any trailing space or tab characters from buf before writing it to ContentFile. There should be a message posted to #943970 shortly with a link to my fix in debmirror. Thanks, -- Colin Watson [cjwat...@debian.org]
