InRelease file: support Signed-By field

https://wiki.debian.org/DebianRepository/Format#Signed-By says: > **Signed-By** > An optional field containing a comma separated list of > OpenPGP key fingerprints to be used for validating > the next Release file. The fingerprints must consist > only of hex digits and may not contain spaces. > The fingerprint specifies either the key the Release file > must be signed with or the key the signature key must be > a subkey of. The later match can be disabled by appending > an exclamation mark to the fingerprint. > > If the field is present, a client should only accept future updates > to the repository that are signed with keys listed in the field. > The field should be ignored if the Valid-Until field is not present > or if it is expired. For both the CLI tools and JSON, the field is taken as a string verbatim. When specified, we must also provide `Valid-Until` field, and i'm not sure there is an 'infinity' value for it, so 100 years will have to do? Fixes https://github.com/aptly-dev/aptly/issues/1497
2026-05-06 22:18:28 +00:00 · 2025-12-29 23:15:40 +03:00
parent 836d9f3b8b
commit a4cc9211d6
25 changed files with 569 additions and 5 deletions
@@ -81,6 +81,11 @@ type PublishedRepo struct {
 	// Provide index files per hash also
 	AcquireByHash bool

+	// An optional field containing a comma separated list
+	// of OpenPGP key fingerprints to be used
+	// for validating the next Release file
+	SignedBy string
+
 	// Support multiple distributions
 	MultiDist bool

@@ -529,6 +534,7 @@ func (p *PublishedRepo) MarshalJSON() ([]byte, error) {
 		"Storage":              p.Storage,
 		"SkipContents":         p.SkipContents,
 		"AcquireByHash":        p.AcquireByHash,
+		"SignedBy":             p.SignedBy,
 		"MultiDist":            p.MultiDist,
 	})
 }
@@ -1070,6 +1076,9 @@ func (p *PublishedRepo) Publish(packagePool aptly.PackagePool, publishedStorageP
 				if p.AcquireByHash {
 					release["Acquire-By-Hash"] = "yes"
 				}
+				if p.SignedBy != "" {
+					release["Signed-By"] = p.SignedBy
+				}

 				var bufWriter *bufio.Writer
 				bufWriter, err = indexes.ReleaseIndex(component, arch, udeb).BufWriter()
@@ -1126,11 +1135,22 @@ func (p *PublishedRepo) Publish(packagePool aptly.PackagePool, publishedStorageP
 	release["Label"] = p.GetLabel()
 	release["Suite"] = p.GetSuite()
 	release["Codename"] = p.GetCodename()
-	release["Date"] = time.Now().UTC().Format("Mon, 2 Jan 2006 15:04:05 MST")
+	datetime_format := "Mon, 2 Jan 2006 15:04:05 MST"
+	date_now := time.Now().UTC()
+	release["Date"] = date_now.Format(datetime_format)
 	release["Architectures"] = strings.Join(utils.StrSlicesSubstract(p.Architectures, []string{ArchitectureSource}), " ")
 	if p.AcquireByHash {
 		release["Acquire-By-Hash"] = "yes"
 	}
+	if p.SignedBy != "" {
+		// "If the field is present, a client should only accept future updates
+		// to the repository that are signed with keys listed in the field.
+		// The field should be ignored if the Valid-Until field
+		// is not present or if it is expired."
+		release["Signed-By"] = p.SignedBy
+		// Let's use a century as a "forever" value.
+		release["Valid-Until"] = date_now.AddDate(100, 0, 0).Format(datetime_format)
+	}
 	release["Description"] = " Generated by aptly\n"
 	release["MD5Sum"] = ""
 	release["SHA1"] = ""