Introduce inrelease-path option for sources.list

Allow specifying an alternative path to the InRelease file, so
you can have multiple versions of a repository, for example.

Enabling this option disables fallback to Release and Release.gpg,
so setting it to InRelease can be used to ensure that only that
will be tried.

We add two test cases: One for checking that it works, and another
for checking that the fallback does not happen.

Closes: #886745

6 files changed, 66 insertions, 5 deletions

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 611876dd2..7fcc5867a 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1324,9 +1324,13 @@ bool pkgAcqMetaBase::CheckDownloadDone(pkgAcqTransactionItem * const I, const st
    // Save the final base URI we got this Release file from
    if (I->UsedMirror.empty() == false && _config->FindB("Acquire::SameMirrorForAllIndexes", true))
    {
-      if (APT::String::Endswith(I->Desc.URI, "InRelease"))
+      auto InReleasePath = Target.Option(IndexTarget::INRELEASE_PATH);
+      if (InReleasePath.empty())
+	 InReleasePath = "InRelease";
+
+      if (APT::String::Endswith(I->Desc.URI, InReleasePath))
       {
-	 TransactionManager->BaseURI = I->Desc.URI.substr(0, I->Desc.URI.length() - strlen("InRelease"));
+	 TransactionManager->BaseURI = I->Desc.URI.substr(0, I->Desc.URI.length() - InReleasePath.length());
 	 TransactionManager->UsedMirror = I->UsedMirror;
       }
       else if (APT::String::Endswith(I->Desc.URI, "Release"))
@@ -1871,6 +1875,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
       auto const failreason = LookupTag(Message, "FailReason");
       auto const httperror = "HttpError";
       if (Status == StatAuthError ||
+	  Target.Option(IndexTarget::INRELEASE_PATH).empty() == false || /* do not fallback if InRelease was requested */
 	  (strncmp(failreason.c_str(), httperror, strlen(httperror)) == 0 &&
 	   failreason != "HttpError404"))
       {
@@ -1880,7 +1885,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
 	 // as this is gonna fail anyway and instead abort our try (LP#346386)
 	 _error->PushToStack();
 	 _error->Error(_("Failed to fetch %s  %s"), Target.URI.c_str(), ErrorText.c_str());
-	 if (AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
+	 if (Target.Option(IndexTarget::INRELEASE_PATH).empty() == true && AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
 	    _error->RevertToStack();
 	 else
 	    return;
@@ -1941,7 +1946,19 @@ pkgAcqMetaIndex::pkgAcqMetaIndex(pkgAcquire * const Owner,		/*{{{*/
    Desc.Description = DataTarget.Description;
    Desc.Owner = this;
    Desc.ShortDesc = DataTarget.ShortDesc;
-   Desc.URI = DataTarget.URI;
+
+   // Rewrite the description URI if INRELEASE_PATH was specified so
+   // we download the specified file instead.
+   auto InReleasePath = DataTarget.Option(IndexTarget::INRELEASE_PATH);
+   if (InReleasePath.empty() == false && APT::String::Endswith(DataTarget.URI, "/InRelease"))
+   {
+      Desc.URI = DataTarget.URI.substr(0, DataTarget.URI.size() - strlen("InRelease")) + InReleasePath;
+   }
+   else
+   {
+      Desc.URI = DataTarget.URI;
+   }
+
    QueueURI(Desc);
 }
 									/*}}}*/
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 2688052a4..59a26390e 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -1092,6 +1092,10 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type		/*{{{*/
       if (GetBoolOption(Options, "allow-downgrade-to-insecure", _config->FindB("Acquire::AllowDowngradeToInsecureRepositories")))
 	 ReleaseOptions.emplace("ALLOW_DOWNGRADE_TO_INSECURE", "true");
 
+      auto InReleasePath = Options.find("inrelease-path");
+      if (InReleasePath != Options.end())
+	 ReleaseOptions.emplace("INRELEASE_PATH", InReleasePath->second);
+
       debReleaseIndex * Deb = nullptr;
       std::string const FileName = URItoFileName(constructMetaIndexURI(URI, Dist, "Release"));
       for (auto const &I: List)
diff --git a/apt-pkg/indexfile.cc b/apt-pkg/indexfile.cc
index 679e2eab8..96ae2f93b 100644
--- a/apt-pkg/indexfile.cc
+++ b/apt-pkg/indexfile.cc
@@ -149,6 +149,7 @@ std::string IndexTarget::Option(OptionKeys const EnumKey) const		/*{{{*/
       APT_CASE(ALLOW_INSECURE);
       APT_CASE(ALLOW_WEAK);
       APT_CASE(ALLOW_DOWNGRADE_TO_INSECURE);
+      APT_CASE(INRELEASE_PATH);
 #undef APT_CASE
       case FILENAME:
       {
diff --git a/apt-pkg/indexfile.h b/apt-pkg/indexfile.h
index 7ebbd66f1..31b95172e 100644
--- a/apt-pkg/indexfile.h
+++ b/apt-pkg/indexfile.h
@@ -72,7 +72,8 @@ class IndexTarget							/*{{{*/
 	 std::string const &LongDesc, std::string const &URI, bool const IsOptional,
 	 bool const KeepCompressed, std::map<std::string, std::string> const &Options);
 
-   enum OptionKeys {
+   enum OptionKeys
+   {
       SITE,
       RELEASE,
       COMPONENT,
@@ -95,6 +96,7 @@ class IndexTarget							/*{{{*/
       ALLOW_INSECURE,
       ALLOW_WEAK,
       ALLOW_DOWNGRADE_TO_INSECURE,
+      INRELEASE_PATH,
    };
    std::string Option(OptionKeys const Key) const;
    bool OptionBool(OptionKeys const Key) const;
diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml
index bfad35aa7..b19808636 100644
--- a/doc/sources.list.5.xml
+++ b/doc/sources.list.5.xml
@@ -343,6 +343,15 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [.
 		default.
 	  </para></listitem>
 
+	  <listitem><para><option>InRelease-Path</option> (<option>inrelease-path</option>)
+		determines the path to the InRelease file, relative
+		to the normal position of an <filename>InRelease</filename> file.
+		By default, this option is unset and APT will try to fetch an <filename>InRelease</filename>
+		or, if that fails, a <filename>Release</filename> file and its associated <filename>Release.gpg</filename> file. By setting this option,
+		the specified path will be tried instead of the InRelease file,
+		and the fallback to <filename>Release</filename> files will be disabled.
+	  </para></listitem>
+
        </itemizedlist>
 
     </para>
diff --git a/test/integration/test-apt-by-hash-update b/test/integration/test-apt-by-hash-update
index 9701f97f9..f4794a84f 100755
--- a/test/integration/test-apt-by-hash-update
+++ b/test/integration/test-apt-by-hash-update
@@ -77,3 +77,31 @@ ensureitsbroken -o Acquire::By-Hash=0
 sed -i "s#^\(deb\(-src\)\?\) \[by-hash=yes\] #\1 [by-hash=force] #" rootdir/etc/apt/sources.list.d/*
 ensureitworks
 #ensureitsbroken -o Acquire::By-Hash=0
+
+
+
+msgmsg 'Test InRelease by-hash via' 'sources option'
+
+rm -rf aptarchive/dists
+cp -a aptarchive/dists.bak aptarchive/dists
+mkdir -p aptarchive/dists/unstable/by-hash/SHA256
+inrelease_hash=$(sha256sum aptarchive/dists/unstable/InRelease | awk '{print $1}')
+mv aptarchive/dists/unstable/InRelease aptarchive/dists/unstable/by-hash/SHA256/$inrelease_hash
+#ensureitworks -o Acquire::By-Hash=force
+ensureitsbroken -o Acquire::By-Hash=1
+ensureitsbroken -o Acquire::By-Hash=0
+
+sed -i "s#^\(deb\(-src\)\?\) \[by-hash=force\] #\1 [by-hash=force inrelease-path=by-hash/SHA256/$inrelease_hash] #" rootdir/etc/apt/sources.list.d/*
+ensureitworks
+#ensureitsbroken -o Acquire::By-Hash=0
+
+msgmsg 'Test InRelease by-hash with' 'no fallback'
+
+rm -rf aptarchive/dists
+cp -a aptarchive/dists.bak aptarchive/dists
+
+testfailureequal "Get:1 file:${TMPWORKINGDIRECTORY}/aptarchive unstable InRelease
+Err:1 file:${TMPWORKINGDIRECTORY}/aptarchive unstable InRelease
+  File not found - ${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/by-hash/SHA256/${inrelease_hash} (2: No such file or directory)
+Reading package lists...
+E: Failed to fetch file://${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/InRelease  File not found - ${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/by-hash/SHA256/${inrelease_hash} (2: No such file or directory)" aptget update