support Signed-By in Release files as a sort of HPKP

Users have the option since apt >= 1.1 to enforce that a Release file is
signed with specific key(s) either via keyring filename or fingerprints.
This commit adds an entry with the same name and value (except that it
doesn't accept filenames for obvious reasons) to the Release file so
that the repository owner can set a default value for this setting
effecting the *next* Release file, not the current one, which provides a
functionality similar "HTTP Public Key Pinning". The pinning is in
effect as long as the (then old) Release file is considered valid, but
it is also ignored if the Release file has no Valid-Until at all.

apt-pkg/deb/debmetaindex.cc

@@ -442,7 +442,7 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
    std::string const StrDate = Section.FindS("Date");
    if (RFC1123StrToTime(StrDate.c_str(), Date) == false)
    {
-      _error->Warning( _("Invalid 'Date' entry in Release file %s"), Filename.c_str());
+      _error->Warning( _("Invalid '%s' entry in Release file %s"), "Date", Filename.c_str());
       Date = 0;
    }
 
@@ -463,7 +463,7 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
 	 if(RFC1123StrToTime(StrValidUntil.c_str(), ValidUntil) == false)
 	 {
 	    if (ErrorText != NULL)
-	       strprintf(*ErrorText, _("Invalid 'Valid-Until' entry in Release file %s"), Filename.c_str());
+	       strprintf(*ErrorText, _("Invalid '%s' entry in Release file %s"), "Valid-Until", Filename.c_str());
 	    return false;
 	 }
       }
@@ -498,6 +498,33 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
       }
    }
 
+   /* as the Release file is parsed only after it was verified, the Signed-By field
+      does not effect the current, but the "next" Release file */
+   auto Sign = Section.FindS("Signed-By");
+   if (Sign.empty() == false)
+   {
+      std::transform(Sign.begin(), Sign.end(), Sign.begin(), [&](char const c) {
+	 return (isspace(c) == 0) ? c : ',';
+      });
+      auto fingers = VectorizeString(Sign, ',');
+      std::transform(fingers.begin(), fingers.end(), fingers.begin(), [&](std::string finger) {
+	 std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper);
+	 if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos)
+	 {
+	    if (ErrorText != NULL)
+	       strprintf(*ErrorText, _("Invalid '%s' entry in Release file %s"), "Signed-By", Filename.c_str());
+	    return std::string();
+	 }
+	 return finger;
+      });
+      if (fingers.empty() == false && std::find(fingers.begin(), fingers.end(), "") == fingers.end())
+      {
+	 std::stringstream os;
+	 std::copy(fingers.begin(), fingers.end(), std::ostream_iterator<std::string>(os, ","));
+	 SignedBy = os.str();
+      }
+   }
+
    LoadedSuccessfully = TRI_YES;
    return true;
 }
@@ -956,7 +983,30 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type		/*{{{*/
       std::map<std::string, std::string>::const_iterator const signedby = Options.find("signed-by");
       if (signedby == Options.end())
       {
-	 if (Deb->SetSignedBy("") == false)
+	 bool alreadySet = false;
+	 std::string filename;
+	 if (ReleaseFileName(Deb, filename))
+	 {
+	    auto OldDeb = Deb->UnloadedClone();
+	    _error->PushToStack();
+	    OldDeb->Load(filename, nullptr);
+	    bool const goodLoad = _error->PendingError() == false;
+	    _error->RevertToStack();
+	    if (goodLoad)
+	    {
+	       if (OldDeb->GetValidUntil() > 0)
+	       {
+		  time_t const invalid_since = time(NULL) - OldDeb->GetValidUntil();
+		  if (invalid_since <= 0)
+		  {
+		     Deb->SetSignedBy(OldDeb->GetSignedBy());
+		     alreadySet = true;
+		  }
+	       }
+	    }
+	    delete OldDeb;
+	 }
+	 if (alreadySet == false && Deb->SetSignedBy("") == false)
 	    return false;
       }
       else

doc/sources.list.5.xml

@@ -291,8 +291,10 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [.
 		(see <command>apt-key fingerprint</command>). If the option is
 		set, only the key(s) in this keyring or only the keys with these
 		fingerprints are used for the &apt-secure; verification of this
-		repository. Otherwise all keys in the trusted keyrings are
-		considered valid signers for this repository.
+		repository. Defaults to the value of the option with the same name
+		if set in the previously acquired <filename>Release</filename> file.
+		Otherwise all keys in the trusted keyrings are considered valid
+		signers for this repository.
 	  </para></listitem>
 
 	  <listitem><para><option>Check-Valid-Until</option> (<option>check-valid-until</option>)

po/apt-all.pot

@@ -3006,12 +3006,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr ""
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr ""
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/ar.po

@@ -3067,12 +3067,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "تعذر فتح ملف قاعدة البيانات %s: %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "لاحظ، تحديد %s بدلاً من %s\n"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/ast.po

@@ -3194,13 +3194,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Entrada inválida pa 'Date' nel ficheru release %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Entrada inválida pa 'Valid-Until' nel ficheru release %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Entrada inválida pa '%s' nel ficheru release %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/bg.po

@@ -3231,13 +3231,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Неправилна стойност за „Date“ във файла Release %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Неправилна стойност за „Valid-Until“ във файла Release %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Неправилна стойност за „%s“ във файла Release %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/bs.po

@@ -3047,14 +3047,9 @@ msgid ""
 "security purposes"
 msgstr ""
 
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Ne mogu otvoriti DB datoteku %s"
-
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr ""
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/ca.po

@@ -3234,13 +3234,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "El camp «Date» al fitxer Release %s és invàlid"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "El camp «Valid-Until» al fitxer Release %s és invàlid"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "El camp «%s» al fitxer Release %s és invàlid"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/cs.po

@@ -3200,13 +3200,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Neplatná položka „Date“ v Release souboru %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Neplatná položka „Valid-Until“ v Release souboru %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Neplatná položka „%s“ v Release souboru %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/cy.po

@@ -3229,15 +3229,9 @@ msgid ""
 "security purposes"
 msgstr ""
 
-# FIXME: number?
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Ni ellir gramadegu ffeil becynnau %s (1)"
-
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "Llinell annilys yn y ffeil dargyfeirio: %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/da.po

@@ -3214,13 +3214,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Ugyldigt punkt »Date« i udgivelsesfil %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Ugyldigt punkt »Valid-Until« i udgivelsesfil %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Ugyldigt punkt »%s« i udgivelsesfil %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/de.po

@@ -3303,13 +3303,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Ungültiger »Date«-Eintrag in Release-Datei %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Ungültiger »Valid-Until«-Eintrag in Release-Datei %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Ungültiger »%s«-Eintrag in Release-Datei %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/dz.po

@@ -3183,12 +3183,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "%s (༡་)་ཐུམ་སྒྲིལ་ཡིག་སྣོད་འདི་མིང་དཔྱད་འབད་མ་ཚུགས།"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "%s་ཁ་ཕྱོགས་ཡིག་སྣོད་ནང་ནུས་མེད་གྲལ་ཐིག"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/el.po

@@ -3212,12 +3212,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Αδύνατη η ανάλυση του αρχείου πακέτου %s (1)"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "Μη έγκυρη γραμμή στο αρχείο παρακάμψεων: %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/es.po

@@ -3368,13 +3368,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Entrada «Date» inválida en el archivo «Release» %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Entrada «Valid-Until» inválida en el archivo «Release» %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Entrada «%s» inválida en el archivo «Release» %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/eu.po

@@ -3183,12 +3183,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Ezin da %s pakete fitxategia analizatu (1)"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "Lerro baliogabea desbideratze fitxategian: %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/fi.po

@@ -3174,12 +3174,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Pakettitiedostoa %s (1) ei voi jäsentää"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "Virheellinen rivi korvautustiedostossa: %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/fr.po

@@ -3287,13 +3287,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Entrée « Date » non valable dans le fichier Release %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Entrée « Valid-Until » non valable dans le fichier Release %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Entrée « %s » non valable dans le fichier Release %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/gl.po

@@ -3228,13 +3228,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "A entrada «Date» no ficheiro de publicación %s non é válida"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "A entrada «Valid-Until» no ficheiro de publicación %s non é válida"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "A entrada «%s» no ficheiro de publicación %s non é válida"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/hu.po

@@ -3273,13 +3273,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Érvénytelen „Date” bejegyzés a(z) %s Release fájlban"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Érvénytelen „Valid-Until” bejegyzés a(z) %s Release fájlban"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Érvénytelen „%s” bejegyzés a(z) %s Release fájlban"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/it.po

@@ -3270,13 +3270,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Voce \"Date\" nel file Release %s non valida"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Voce \"Valid-Until\" nel file Release %s non valida"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Voce \"%s\" nel file Release %s non valida"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/ja.po

@@ -3265,13 +3265,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Release ファイル %s に無効な 'Date' エントリがあります"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Release ファイル %s に無効な 'Valid-Until' エントリがあります"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Release ファイル %s に無効な '%s' エントリがあります"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/ko.po

@@ -3162,13 +3162,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Release 파일 %s에 'Date' 항목이 잘못되었습니다"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Release 파일 %s에 'Valid-Until' 항목이 잘못되었습니다"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Release 파일 %s에 '%s' 항목이 잘못되었습니다"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/ku.po

@@ -3062,14 +3062,9 @@ msgid ""
 "security purposes"
 msgstr ""
 
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Pakêt nehate dîtin %s"
-
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr ""
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/lt.po

@@ -3155,12 +3155,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Nepavyko atverti DB failo %s: %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "Pastaba: pažymimas %s vietoje %s\n"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/mr.po

@@ -3156,12 +3156,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "%s (1) पॅकेज फाईल पार्स करण्यात असमर्थ"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "%s डायव्हर्जन फाईलमध्ये अवैध ओळ आहे:"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/nb.po

@@ -3198,13 +3198,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Ugyldig «Date»-oppføring i Release-fila %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Ugyldig «Valid-Until»-oppføring i Release-fila %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Ugyldig «%s»-oppføring i Release-fila %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/ne.po

@@ -3156,12 +3156,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "प्याकेज फाइल पद वर्णन गर्न असक्षम %s (१)"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "घुमाउरो फाइलमा अवैध लाइन:%s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/nl.po

@@ -3320,13 +3320,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Ongeldige 'Date'-vermelding in Release-bestand %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Ongeldige 'Valid-Until'-vermelding in Release-bestand %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Ongeldige '%s'-vermelding in Release-bestand %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/nn.po

@@ -3171,12 +3171,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Klarte ikkje tolka pakkefila %s (1)"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "Ugyldig linje i avleiingsfila: %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/pl.po

@@ -3262,13 +3262,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Nieprawidłowy wpis Date w pliku Release %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Nieprawidłowy wpis Valid-Until w pliku Release %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Nieprawidłowy wpis %s w pliku Release %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/pt.po

@@ -3238,13 +3238,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Entrada, 'Date', inválida no ficheiro Release %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Entrada inválida, 'Valid-until', no ficheiro de Release: %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Entrada inválida, '%s', no ficheiro de Release: %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/pt_BR.po

@@ -3195,12 +3195,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Impossível analisar arquivo de pacote %s (1)"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "Linha inválida no arquivo de desvios: %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/ro.po

@@ -3211,12 +3211,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Nu s-a putut analiza fișierul pachet %s (1)"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "Linie necorespunzătoare în fișierul-redirectare: %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/ru.po

@@ -3258,13 +3258,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Неправильный элемент «Date» в файле Release %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Неправильный элемент «Valid-Until» в файле Release %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Неправильный элемент «%s» в файле Release %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/sk.po

@@ -3212,13 +3212,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Chýba položka „Date“ v súbore Release %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Chýba položka „Valid-Until“ v súbore Release %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Chýba položka „%s“ v súbore Release %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/sl.po

@@ -3215,13 +3215,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Neveljavne vnos 'Datum' v Release datoteki %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Neveljaven vnos 'Veljavno-do' v Release datoteki %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Neveljaven vnos '%s' v Release datoteki %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/sv.po

@@ -3238,13 +3238,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Ogiltig ”Date”-post i Release-filen %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Ogiltig ”Valid-Until”-post i Release-filen %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Ogiltig ”%s”-post i Release-filen %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/th.po

@@ -3142,13 +3142,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "รายการ 'Date' ไม่ถูกต้องในแฟ้ม Release %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "รายการ 'Valid-Until' ไม่ถูกต้องในแฟ้ม Release %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "รายการ '%s' ไม่ถูกต้องในแฟ้ม Release %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/tl.po

@@ -3191,12 +3191,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Hindi ma-parse ang talaksang pakete %s (1)"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "Di tanggap na linya sa talaksang diversion: %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/tr.po

@@ -3238,13 +3238,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "'Release' dosyasında (%s) geçersiz 'Date' girdisi"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "'Release' dosyasında (%s) geçersiz 'Valid-Until' girdisi"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "'Release' dosyasında (%2$s) geçersiz '%1$s' girdisi"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/uk.po

@@ -3259,13 +3259,8 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "Невірний запис 'Date' у 'Release' файлі %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "Невірний запис 'Valid-Until' у 'Release' файлі %s"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "Невірний запис '%s' у 'Release' файлі %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/vi.po

@@ -3233,15 +3233,9 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr ""
-"Gặp mục tin “Date” (ngày tháng) không hợp lệ trong tập tin Phát hành %s"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr ""
-"Gặp mục tin “Valid-Until” (hợp lệ đến khi) không hợp lệ trong tập tin Phát "
+"Gặp mục tin “%s” (hợp lệ đến khi) không hợp lệ trong tập tin Phát "
 "hành %s"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

po/zh_CN.po

@@ -3153,13 +3153,8 @@ msgstr "Release 文件 %s 中不含散列项，该文件用于保证足够的安
 
 #: apt-pkg/deb/debmetaindex.cc
 #, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "软件包仓库 Release 文件 %s 内 Date 条目无效"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
-msgstr "软件包仓库 Release 文件 %s 内 Valid-Until 条目无效"
+msgid "Invalid '%s' entry in Release file %s"
+msgstr "软件包仓库 Release 文件 %2$s 内 %1$s 条目无效"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
 #: apt-pkg/deb/debmetaindex.cc

po/zh_TW.po

@@ -3140,12 +3140,7 @@ msgstr ""
 
 #: apt-pkg/deb/debmetaindex.cc
 #, fuzzy, c-format
-msgid "Invalid 'Date' entry in Release file %s"
-msgstr "在 Release 檔 %s 裡沒有 Hash 項目"
-
-#: apt-pkg/deb/debmetaindex.cc
-#, fuzzy, c-format
-msgid "Invalid 'Valid-Until' entry in Release file %s"
+msgid "Invalid '%s' entry in Release file %s"
 msgstr "在 Release 檔 %s 裡沒有 Hash 項目"
 
 #. TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite

test/integration/test-releasefile-verification

@@ -29,7 +29,7 @@ prepare() {
 	cp "$1" aptarchive/Packages
 	find aptarchive -name 'Release' -delete
 	compressfile 'aptarchive/Packages' "$DATE"
-	generatereleasefiles "$DATE"
+	generatereleasefiles "$DATE" 'now + 1 month'
 }
 
 installaptold() {
@@ -47,6 +47,7 @@ Download complete and in download only mode" aptget install apt -dy
 }
 
 installaptnew() {
+	rm -rf rootdir/var/cache/apt/archives
 	testsuccessequal "Reading package lists...
 Building dependency tree...
 Suggested packages:
@@ -301,6 +302,55 @@ runtest() {
 	rm -f rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
 	sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${MARVIN},${SIXPACK}\] #\1 #" rootdir/etc/apt/sources.list.d/*
 
+	rm -rf rootdir/var/lib/apt/lists-bak
+	cp -a rootdir/var/lib/apt/lists rootdir/var/lib/apt/lists-bak
+	prepare "${PKGFILE}-new"
+	signreleasefiles 'Joe Sixpack'
+	find aptarchive/ -name "$DELETEFILE" -delete
+
+	msgmsg 'Warm archive with signed-by' 'Joe Sixpack'
+	sed -i "/^Valid-Until: / a\
+Signed-By: ${SIXPACK}" rootdir/var/lib/apt/lists/*Release
+	touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release
+	successfulaptgetupdate
+	testsuccessequal "$(cat "${PKGFILE}-new")
+" aptcache show apt
+	installaptnew
+
+	msgmsg 'Warm archive with signed-by' 'Marvin Paranoid'
+	rm -rf rootdir/var/lib/apt/lists
+	cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists
+	sed -i "/^Valid-Until: / a\
+Signed-By: ${MARVIN}" rootdir/var/lib/apt/lists/*Release
+	touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release
+	updatewithwarnings 'W: .* public key is not available: GOODSIG'
+	testsuccessequal "$(cat "${PKGFILE}")
+" aptcache show apt
+	installaptold
+
+	msgmsg 'Warm archive with outdated signed-by' 'Marvin Paranoid'
+	rm -rf rootdir/var/lib/apt/lists
+	cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists
+	sed -i "/^Valid-Until: / a\
+Valid-Until: $(date -u -d "now - 2min" '+%a, %d %b %Y %H:%M:%S %Z') \\
+Signed-By: ${MARVIN}" rootdir/var/lib/apt/lists/*Release
+	touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release
+	successfulaptgetupdate
+	testsuccessequal "$(cat "${PKGFILE}-new")
+" aptcache show apt
+	installaptnew
+
+	msgmsg 'Warm archive with two signed-bys' 'Joe Sixpack'
+	rm -rf rootdir/var/lib/apt/lists
+	cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists
+	sed -i "/^Valid-Until: / a\
+Signed-By: ${MARVIN} ${MARVIN}, \\
+ ${SIXPACK}" rootdir/var/lib/apt/lists/*Release
+	touch -d 'now - 1 year' rootdir/var/lib/apt/lists/*Release
+	successfulaptgetupdate
+	testsuccessequal "$(cat "${PKGFILE}-new")
+" aptcache show apt
+	installaptnew
 }
 
 runtest2() {