Bug#1123853: Allow repositories to be signed *slightly* in the future? Signature was created after the --not-after date.

[Sven Mueller <smu@google.com>]

Hi.

I've attached a patch that should do what I would envision, but I'm
not sure it matches what the APT maintainers (especially Julian) are
planning, so I'm not adding the tag "patch", especially since I'm not
super confident in my C++ skills :/

Cheers,
Sven

diff -ur apt-3.1.13.orig/methods/sqv.cc apt-3.1.13.patched/methods/sqv.cc
--- apt-3.1.13.orig/methods/sqv.cc	2026-01-08 17:36:09.443326507 +0100
+++ apt-3.1.13.patched/methods/sqv.cc	2026-01-13 13:01:59.204886814 +0100
@@ -268,9 +268,22 @@
    return res;
 }
 
-bool SQVMethod::ExecuteSqv(const std::vector<std::string> &args, std::vector<std::string> &signers)
+bool SQVMethod::ExecuteSqv(const std::vector<std::string> &c_args, std::vector<std::string> &signers)
 {
    bool const Debug = DebugEnabled();
+   auto args = c_args;
+
+   if (auto max_future = _config->FindI("Acquire::Max-FutureTime", 10); max_future > 0)
+   {
+      auto now = std::time(nullptr);
+      time_t future_time = now + time_t(max_future);
+      auto tm = std::gmtime(&future_time); // This only works when Posix
+						       // standards apply.
+      std::string someSecondsAhead;
+      strprintf(someSecondsAhead, "%d-%d-%dT%d:%d:%d+00:00", tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec);
+      args.push_back("--not-after");
+      args.push_back(std::move(someSecondsAhead));
+   }
 
    // FIXME: Use a select() loop
    FileFd sqvout;