diff options
| author | Michael Vogt <michael.vogt@ubuntu.com> | 2011-08-05 12:26:35 +0200 |
|---|---|---|
| committer | Michael Vogt <michael.vogt@ubuntu.com> | 2011-08-05 12:26:35 +0200 |
| commit | 3568a640bd363409cdeb1cb69eaa3261c79f2ff2 (patch) | |
| tree | 03f428bb0b412809a86e70100461e32545b9dea1 | |
| parent | 515d18c9b271e4188dd4c59939c3c3cfeaf575a8 (diff) | |
* apt-pkg/acquire-item.cc:
- if no Release.gpg file is found, still load the hashes for
verification (closes: #636314) and add test
| -rw-r--r-- | apt-pkg/acquire-item.cc | 5 | ||||
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rwxr-xr-x | test/integration/test-hashsum-verification | 7 |
3 files changed, 13 insertions, 2 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 215615bdd..ebd8d5a12 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1258,8 +1258,9 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string Hash, /*{{{* if (SigFile == "") { // There was no signature file, so we are finished. Download - // the indexes without verification. - QueueIndexes(false); + // the indexes and do hashsum verification + MetaIndexParser->Load(DestFile); + QueueIndexes(true); } else { diff --git a/debian/changelog b/debian/changelog index 1dec5dce0..f162e20f4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -13,6 +13,9 @@ apt (0.8.15.6) unstable; urgency=low (LP: #812862) * test/integration/test-hashsum-verification: - add regression test for hashsum verification + * apt-pkg/acquire-item.cc: + - if no Release.gpg file is found, still load the hashes for + verification (closes: #636314) and add test -- Michael Vogt <mvo@debian.org> Tue, 12 Jul 2011 11:54:47 +0200 diff --git a/test/integration/test-hashsum-verification b/test/integration/test-hashsum-verification index 29420c098..033096ee8 100755 --- a/test/integration/test-hashsum-verification +++ b/test/integration/test-hashsum-verification @@ -70,6 +70,13 @@ runtest() { msgtest 'No Packages file in /var/lib/apt/lists' [ "$(ls rootdir/var/lib/apt/lists/*Package* 2>/dev/null)" = "" ] && msgpass || msgfail + # now with the unsigned Release file + rm -rf rootdir/var/lib/apt/lists + rm aptarchive/InRelease aptarchive/Release.gpg + msgtest 'unsigned apt-get update gets the expected hashsum mismatch' + aptget update 2>&1 | grep "Hash Sum mismatch" > /dev/null && msgpass || msgfail + + } runtest |