merged the relevant bits from lp:~mvo/apt/lp346386

author: Michael Vogt <michael.vogt@ubuntu.com> 2012-07-10 13:26:11 +0200
committer: Michael Vogt <michael.vogt@ubuntu.com> 2012-07-10 13:26:11 +0200
commit: 5a8cd0703bcc751ff5eb0ae5bf196e61bd428c91 (patch)
tree: 32003c19a929dc317a2049dbd1a2422ab977894e /apt-pkg/acquire-item.cc
parent: 3ce22d4f714414d6deb8b044c5b08a8fe7a78967 (diff)
parent: 479a2beb0f5605652689d74a78dd224b69ba2e8f (diff)
1 files changed, 13 insertions, 1 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index a30e98858..ddd3300f9 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1235,9 +1235,21 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long long Size,string Hash,	/
       }
       else
       {
+         // FIXME: move this into pkgAcqMetaClearSig::Done on the next
+         //        ABI break
+
+         // if we expect a ClearTextSignature (InRelase), ensure that
+         // this is what we get and if not fail to queue a 
+         // Release/Release.gpg, see #346386
+         if (SigFile == DestFile && 
+             !IsPgpClearTextSignature(DestFile))
+         {
+            Failed(Message, Cfg);
+            return;
+         }
+
          // There was a signature file, so pass it to gpgv for
          // verification
-
          if (_config->FindB("Debug::pkgAcquire::Auth", false))
             std::cerr << "Metaindex acquired, queueing gpg verification ("
                       << SigFile << "," << DestFile << ")\n";
author	Michael Vogt <michael.vogt@ubuntu.com>	2012-07-10 13:26:11 +0200
committer	Michael Vogt <michael.vogt@ubuntu.com>	2012-07-10 13:26:11 +0200
commit	5a8cd0703bcc751ff5eb0ae5bf196e61bd428c91 (patch)
tree	32003c19a929dc317a2049dbd1a2422ab977894e /apt-pkg/acquire-item.cc
parent	3ce22d4f714414d6deb8b044c5b08a8fe7a78967 (diff)
parent	479a2beb0f5605652689d74a78dd224b69ba2e8f (diff)