summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-10-06 18:30:51 +0200
committerJulian Andres Klode <jak@debian.org>2017-02-22 16:53:39 +0100
commit5605c9880f36c764baaca59328777d34645a32fa (patch)
tree300d2f21a0e81acc784cc736ec06f2f02beb03c9 /apt-pkg
parent72ea04411b08bb9f25febdc4b4ca8d7b26206f2d (diff)
keep Release.gpg on untrusted to trusted IMS-Hit
A user relying on the deprecated behaviour of apt-get to accept a source with an unknown pubkey to install a package containing the key expects that the following 'apt-get update' causes the source to be considered as trusted, but in case the source hadn't changed in the meantime this wasn't happening: The source kept being untrusted until the Release file was changed. This only effects sources not using InRelease and only apt-get, the apt binary downright refuses this course of actions, but it is a common way of adding external sources. Closes: 838779 (cherry picked from commit 84eec207be35b8c117c430296d4c212b079c00c1) LP: #1657440
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/acquire-item.cc12
1 files changed, 9 insertions, 3 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index bf1c68d82..9c6f85093 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1925,10 +1925,16 @@ void pkgAcqMetaSig::Done(string const &Message, HashStringList const &Hashes,
}
else if(MetaIndex->CheckAuthDone(Message) == true)
{
- if (TransactionManager->IMSHit == false)
+ auto const Releasegpg = GetFinalFilename();
+ auto const Release = MetaIndex->GetFinalFilename();
+ // if this is an IMS-Hit on Release ensure we also have the the Release.gpg file stored
+ // (previously an unknown pubkey) – but only if the Release file exists locally (unlikely
+ // event of InRelease removed from the mirror causing fallback but still an IMS-Hit)
+ if (TransactionManager->IMSHit == false ||
+ (FileExists(Releasegpg) == false && FileExists(Release) == true))
{
- TransactionManager->TransactionStageCopy(this, DestFile, GetFinalFilename());
- TransactionManager->TransactionStageCopy(MetaIndex, MetaIndex->DestFile, MetaIndex->GetFinalFilename());
+ TransactionManager->TransactionStageCopy(this, DestFile, Releasegpg);
+ TransactionManager->TransactionStageCopy(MetaIndex, MetaIndex->DestFile, Release);
}
}
else if (MetaIndex->Status != StatAuthError)