summaryrefslogtreecommitdiff
path: root/apt-pkg/acquire-item.cc
diff options
context:
space:
mode:
authorMichael Vogt <michael.vogt@ubuntu.com>2012-07-10 13:26:11 +0200
committerMichael Vogt <michael.vogt@ubuntu.com>2012-07-10 13:26:11 +0200
commit5a8cd0703bcc751ff5eb0ae5bf196e61bd428c91 (patch)
tree32003c19a929dc317a2049dbd1a2422ab977894e /apt-pkg/acquire-item.cc
parent3ce22d4f714414d6deb8b044c5b08a8fe7a78967 (diff)
parent479a2beb0f5605652689d74a78dd224b69ba2e8f (diff)
merged the relevant bits from lp:~mvo/apt/lp346386
Diffstat (limited to 'apt-pkg/acquire-item.cc')
-rw-r--r--apt-pkg/acquire-item.cc14
1 files changed, 13 insertions, 1 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index a30e98858..ddd3300f9 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1235,9 +1235,21 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long long Size,string Hash, /
}
else
{
+ // FIXME: move this into pkgAcqMetaClearSig::Done on the next
+ // ABI break
+
+ // if we expect a ClearTextSignature (InRelase), ensure that
+ // this is what we get and if not fail to queue a
+ // Release/Release.gpg, see #346386
+ if (SigFile == DestFile &&
+ !IsPgpClearTextSignature(DestFile))
+ {
+ Failed(Message, Cfg);
+ return;
+ }
+
// There was a signature file, so pass it to gpgv for
// verification
-
if (_config->FindB("Debug::pkgAcquire::Auth", false))
std::cerr << "Metaindex acquired, queueing gpg verification ("
<< SigFile << "," << DestFile << ")\n";