diff options
author | Michael Vogt <michael.vogt@ubuntu.com> | 2007-12-21 13:56:19 +0100 |
---|---|---|
committer | Michael Vogt <michael.vogt@ubuntu.com> | 2007-12-21 13:56:19 +0100 |
commit | fce726023f703c369ae030684e75ed03c7544d6b (patch) | |
tree | 35e29b133b2e328bece499f45b0eb5358ffcccd1 /apt-pkg | |
parent | 6ad4feb6e2c4dc7badfdfd57c0110d58567d7a7a (diff) |
implement AptAuthenticationReliabtlity spec
Diffstat (limited to 'apt-pkg')
-rw-r--r-- | apt-pkg/acquire-item.cc | 79 | ||||
-rw-r--r-- | apt-pkg/acquire-item.h | 1 | ||||
-rw-r--r-- | apt-pkg/algorithms.cc | 3 |
3 files changed, 38 insertions, 45 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 7cae6c8b7..54526ab05 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -831,8 +831,9 @@ void pkgAcqMetaSig::Done(string Message,unsigned long Size,string MD5, Rename(LastGoodSig, DestFile); // queue a pkgAcqMetaIndex to be verified against the sig we just retrieved - new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc, - DestFile, IndexTargets, MetaIndexParser); + new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, + MetaIndexShortDesc, DestFile, IndexTargets, + MetaIndexParser); } /*}}}*/ @@ -921,13 +922,19 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string Hash, if (AuthPass == true) { AuthDone(Message); + + // all cool, move Release file into place + Complete = true; + + string FinalFile = _config->FindDir("Dir::State::lists"); + FinalFile += URItoFileName(RealURI); + Rename(DestFile,FinalFile); + chmod(FinalFile.c_str(),0644); + DestFile = FinalFile; } else { RetrievalDone(Message); - if (!Complete) - // Still more retrieving to do - return; if (SigFile == "") { @@ -972,22 +979,14 @@ void pkgAcqMetaIndex::RetrievalDone(string Message) return; } - // see if the download was a IMSHit + // make sure to verify against the right file on I-M-S hit IMSHit = StringToBool(LookupTag(Message,"IMS-Hit"),false); - Complete = true; - - string FinalFile = _config->FindDir("Dir::State::lists"); - FinalFile += URItoFileName(RealURI); - - // If we get a IMS hit we can remove the empty file in partial - // othersie we move the file in place - if (IMSHit) - unlink(DestFile.c_str()); - else - Rename(DestFile,FinalFile); - - chmod(FinalFile.c_str(),0644); - DestFile = FinalFile; + if(IMSHit) + { + string FinalFile = _config->FindDir("Dir::State::lists"); + FinalFile += URItoFileName(RealURI); + DestFile = FinalFile; + } } void pkgAcqMetaIndex::AuthDone(string Message) @@ -1017,7 +1016,6 @@ void pkgAcqMetaIndex::AuthDone(string Message) QueueIndexes(true); // Done, move signature file into position - string VerifiedSigFile = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI) + ".gpg"; Rename(SigFile,VerifiedSigFile); @@ -1162,30 +1160,27 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) { if (AuthPass == true) { - // if we fail the authentication but got the file via a IMS-Hit - // this means that the file wasn't downloaded and that it might be - // just stale (server problem, proxy etc). we delete what we have - // queue it again without i-m-s - // alternatively we could just unlink the file and let the user try again - if (IMSHit) + // gpgv method failed, if we have a good signature + string LastGoodSigFile = _config->FindDir("Dir::State::lists") + + "partial/" + URItoFileName(RealURI) + ".gpg.reverify"; + if(FileExists(LastGoodSigFile)) { - Complete = false; - Local = false; - AuthPass = false; - unlink(DestFile.c_str()); - - DestFile = _config->FindDir("Dir::State::lists") + "partial/"; - DestFile += URItoFileName(RealURI); - Desc.URI = RealURI; - QueueURI(Desc); + string VerifiedSigFile = _config->FindDir("Dir::State::lists") + + URItoFileName(RealURI) + ".gpg"; + Rename(LastGoodSigFile,VerifiedSigFile); + Status = StatTransientNetworkError; + _error->Warning(_("A error occurred during the signature " + "verification. The repository is not updated " + "and the previous index files will be used." + "GPG error: %s: %s\n" + Desc.Description.c_str(), + LookupTag(Message,"Message").c_str()); return; + } else { + _error->Warning(_("GPG error: %s: %s"), + Desc.Description.c_str(), + LookupTag(Message,"Message").c_str()); } - - // gpgv method failed - _error->Warning("GPG error: %s: %s", - Desc.Description.c_str(), - LookupTag(Message,"Message").c_str()); - } // No Release file was present, or verification failed, so fall diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index a48f7f7e5..7ecbf570a 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -612,7 +612,6 @@ class pkgAcqMetaSig : public pkgAcquire::Item /** \brief The last good signature file */ string LastGoodSig; - /** \brief The fetch request that is currently being processed. */ pkgAcquire::ItemDesc Desc; diff --git a/apt-pkg/algorithms.cc b/apt-pkg/algorithms.cc index 158f9c258..c5e3c7b38 100644 --- a/apt-pkg/algorithms.cc +++ b/apt-pkg/algorithms.cc @@ -1107,8 +1107,7 @@ bool pkgProblemResolver::Resolve(bool BrokenFix) return _error->Error(_("Unable to correct problems, you have held broken packages.")); } - // set the auto-flags (mvo: I'm not sure if we _really_ need this, but - // I didn't managed + // set the auto-flags (mvo: I'm not sure if we _really_ need this) pkgCache::PkgIterator I = Cache.PkgBegin(); for (;I.end() != true; I++) { if (Cache[I].NewInstall() && !(Flags[I->ID] & PreInstalled)) { |