diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2014-02-14 00:30:58 +0100 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2014-02-14 12:06:28 +0100 |
| commit | 9082a1fc7be02f58cbe18a34539c6a3436463dd0 (patch) | |
| tree | e8cd4ceb678ef43e7be031c835f6ee7866052e8b | |
| parent | f9b4f12d65b827612b29071f05d605bc05fa62bd (diff) | |
allow http protocol to switch to https
switch protocols at random is a bad idea if e.g. http can switch to
file, so we limit the possibilities to http to http and http to https.
As very few people (less than 1% according to popcon) have https
installed this likely changes nothing in terms of failure. The commit is
adding a friendly hint which package needs to be installed though.
| -rw-r--r-- | apt-pkg/acquire-worker.cc | 7 | ||||
| -rw-r--r-- | methods/server.cc | 14 | ||||
| -rw-r--r-- | test/integration/framework | 2 | ||||
| -rwxr-xr-x | test/integration/test-bug-738785-switch-protocol | 52 |
4 files changed, 68 insertions, 7 deletions
diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc index 44a84216a..44c3e4e17 100644 --- a/apt-pkg/acquire-worker.cc +++ b/apt-pkg/acquire-worker.cc @@ -109,7 +109,12 @@ bool pkgAcquire::Worker::Start() // Get the method path string Method = _config->FindDir("Dir::Bin::Methods") + Access; if (FileExists(Method) == false) - return _error->Error(_("The method driver %s could not be found."),Method.c_str()); + { + _error->Error(_("The method driver %s could not be found."),Method.c_str()); + if (Access == "https") + _error->Notice(_("Is the package %s installed?"), "apt-transport-https"); + return false; + } if (Debug == true) clog << "Starting method '" << Method << '\'' << endl; diff --git a/methods/server.cc b/methods/server.cc index 76faa7e7f..6dd3970a6 100644 --- a/methods/server.cc +++ b/methods/server.cc @@ -291,11 +291,15 @@ ServerMethod::DealWithHeaders(FetchResult &Res) } else { - NextURI = DeQuoteString(Server->Location); - URI tmpURI = NextURI; - // Do not allow a redirection to switch protocol - if (tmpURI.Access == "http") - return TRY_AGAIN_OR_REDIRECT; + NextURI = DeQuoteString(Server->Location); + URI tmpURI = NextURI; + URI Uri = Queue->Uri; + // same protocol redirects are okay + if (tmpURI.Access == Uri.Access) + return TRY_AGAIN_OR_REDIRECT; + // as well as http to https + else if (Uri.Access == "http" && tmpURI.Access == "https") + return TRY_AGAIN_OR_REDIRECT; } /* else pass through for error message */ } diff --git a/test/integration/framework b/test/integration/framework index 5b9a58568..f3699861b 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -190,7 +190,7 @@ setupenvironment() { mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers touch var/lib/dpkg/available mkdir -p usr/lib/apt - ln -s ${BUILDDIRECTORY}/methods usr/lib/apt/methods + ln -s ${METHODSDIR} usr/lib/apt/methods cd .. local PACKAGESFILE=$(echo "$(basename $0)" | sed -e 's/^test-/Packages-/' -e 's/^skip-/Packages-/') if [ -f "${TESTDIRECTORY}/${PACKAGESFILE}" ]; then diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol new file mode 100755 index 000000000..d3469f34f --- /dev/null +++ b/test/integration/test-bug-738785-switch-protocol @@ -0,0 +1,52 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +buildsimplenativepackage 'apt' 'all' '1.0' 'stable' + +# setup http redirecting to https +setupaptarchive --no-update +changetowebserver -o 'aptwebserver::redirect::replace::/redirectme/=https://localhost:4433/' \ + -o 'aptwebserver::support::http=false' +changetohttpswebserver +sed -i -e 's#:4433/#:8080/redirectme#' -e 's# https:# http:#' rootdir/etc/apt/sources.list.d/* + +testsuccess aptget update -o Debug::Acquire::http=1 -o Debug::Acquire::https=1 -o Debug::pkgAcquire::Worker=1 + +msgtest 'Test that the webserver does not answer' 'http requests' +downloadfile 'http://localhost:8080//pool/apt_1.0/changelog' >/dev/null 2>&1 && msgfail || msgpass + +echo 'Apt::Changelogs::Server "http://localhost:8080/redirectme";' > rootdir/etc/apt/apt.conf.d/changelog.conf +testequal "'http://localhost:8080/redirectme/pool/apt_1.0/changelog'" aptget changelog apt --print-uris + +testsuccess aptget changelog apt -d +testsuccess test -s apt.changelog +rm -f apt.changelog + +testsuccess aptget download apt +testsuccess test -s apt_1.0_all.deb +rm apt_1.0_all.deb + +testsuccess aptget install apt -y +testdpkginstalled 'apt' + +# create a copy of all methods, expect https +eval `aptconfig shell METHODS Dir::Bin::Methods/d` +COPYMETHODS='usr/lib/apt/methods' +rm rootdir/$COPYMETHODS +mkdir -p rootdir/$COPYMETHODS +cd rootdir/$COPYMETHODS +find $METHODS \! -type d | while read meth; do + ln -s $meth +done +rm https +cd - >/dev/null +echo "Dir::Bin::Methods \"${COPYMETHODS}\";" >> aptconfig.conf + +aptget download apt +testsuccess test ! -e apt_1.0_all.deb |