summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--apt-pkg/acquire-item.cc910
-rw-r--r--apt-pkg/acquire-item.h529
-rw-r--r--apt-pkg/acquire.cc1
-rw-r--r--apt-pkg/contrib/fileutl.cc2
-rw-r--r--apt-pkg/deb/debmetaindex.cc26
-rw-r--r--methods/copy.cc8
-rw-r--r--methods/gpgv.cc2
-rwxr-xr-xtest/integration/test-apt-get-source-authenticated2
-rwxr-xr-xtest/integration/test-apt-get-update-unauth-warning40
-rwxr-xr-xtest/integration/test-apt-update-ims25
-rwxr-xr-xtest/integration/test-apt-update-nofallback207
-rwxr-xr-xtest/integration/test-apt-update-rollback196
-rwxr-xr-xtest/integration/test-apt-update-transactions24
-rwxr-xr-xtest/integration/test-apt-update-unauth32
-rwxr-xr-xtest/integration/test-bug-596498-trusted-unsigned-repo2
-rwxr-xr-xtest/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted5
-rwxr-xr-xtest/integration/test-bug-717891-abolute-uris-for-proxies2
-rwxr-xr-xtest/integration/test-bug-728500-tempdir2
-rwxr-xr-xtest/integration/test-bug-738785-switch-protocol2
-rwxr-xr-xtest/integration/test-hashsum-verification10
-rwxr-xr-xtest/integration/test-pdiff-usage1
-rwxr-xr-xtest/integration/test-policy-pinning3
-rwxr-xr-xtest/integration/test-ubuntu-bug-346386-apt-get-update-paywall10
-rwxr-xr-xtest/integration/test-ubuntu-bug-784473-InRelease-one-message-only4
24 files changed, 1382 insertions, 663 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index f46c8a6e4..3d6924847 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -68,13 +68,17 @@ static void printHashSumComparision(std::string const &URI, HashStringList const
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#endif
-pkgAcquire::Item::Item(pkgAcquire *Owner, HashStringList const &ExpectedHashes) :
- Owner(Owner), FileSize(0), PartialSize(0), Mode(0), ID(0), Complete(false),
- Local(false), QueueCounter(0), ExpectedAdditionalItems(0),
- ExpectedHashes(ExpectedHashes)
+pkgAcquire::Item::Item(pkgAcquire *Owner,
+ HashStringList const &ExpectedHashes,
+ pkgAcqMetaBase *TransactionManager)
+ : Owner(Owner), FileSize(0), PartialSize(0), Mode(0), ID(0), Complete(false),
+ Local(false), QueueCounter(0), TransactionManager(TransactionManager),
+ ExpectedAdditionalItems(0), ExpectedHashes(ExpectedHashes)
{
Owner->Add(this);
Status = StatIdle;
+ if(TransactionManager != NULL)
+ TransactionManager->Add(this);
}
#if __GNUC__ >= 4
#pragma GCC diagnostic pop
@@ -95,7 +99,8 @@ pkgAcquire::Item::~Item()
void pkgAcquire::Item::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
{
Status = StatIdle;
- ErrorText = LookupTag(Message,"Message");
+ if(ErrorText == "")
+ ErrorText = LookupTag(Message,"Message");
UsedMirror = LookupTag(Message,"UsedMirror");
if (QueueCounter <= 1)
{
@@ -141,7 +146,7 @@ void pkgAcquire::Item::Done(string Message,unsigned long long Size,HashStringLis
{
// We just downloaded something..
string FileName = LookupTag(Message,"Filename");
- UsedMirror = LookupTag(Message,"UsedMirror");
+ UsedMirror = LookupTag(Message,"UsedMirror");
if (Complete == false && !Local && FileName == DestFile)
{
if (Owner->Log != 0)
@@ -159,7 +164,7 @@ void pkgAcquire::Item::Done(string Message,unsigned long long Size,HashStringLis
// ---------------------------------------------------------------------
/* This helper function is used by a lot of item methods as their final
step */
-void pkgAcquire::Item::Rename(string From,string To)
+bool pkgAcquire::Item::Rename(string From,string To)
{
if (rename(From.c_str(),To.c_str()) != 0)
{
@@ -167,8 +172,10 @@ void pkgAcquire::Item::Rename(string From,string To)
snprintf(S,sizeof(S),_("rename failed, %s (%s -> %s)."),strerror(errno),
From.c_str(),To.c_str());
Status = StatError;
- ErrorText = S;
+ ErrorText += S;
+ return false;
}
+ return true;
}
/*}}}*/
bool pkgAcquire::Item::RenameOnError(pkgAcquire::Item::RenameOnErrorState const error)/*{{{*/
@@ -193,6 +200,14 @@ bool pkgAcquire::Item::RenameOnError(pkgAcquire::Item::RenameOnErrorState const
Status = StatError;
// do not report as usually its not the mirrors fault, but Portal/Proxy
break;
+ case SignatureError:
+ ErrorText = _("Signature error");
+ Status = StatError;
+ break;
+ case NotClearsigned:
+ ErrorText = _("Does not start with a cleartext signature");
+ Status = StatError;
+ break;
}
return false;
}
@@ -241,118 +256,6 @@ void pkgAcquire::Item::ReportMirrorFailure(string FailCode)
}
}
/*}}}*/
-// AcqSubIndex::AcqSubIndex - Constructor /*{{{*/
-// ---------------------------------------------------------------------
-/* Get a sub-index file based on checksums from a 'master' file and
- possibly query additional files */
-pkgAcqSubIndex::pkgAcqSubIndex(pkgAcquire *Owner, string const &URI,
- string const &URIDesc, string const &ShortDesc,
- HashStringList const &ExpectedHashes)
- : Item(Owner, ExpectedHashes)
-{
- /* XXX: Beware: Currently this class does nothing (of value) anymore ! */
- Debug = _config->FindB("Debug::pkgAcquire::SubIndex",false);
-
- DestFile = _config->FindDir("Dir::State::lists") + "partial/";
- DestFile += URItoFileName(URI);
-
- Desc.URI = URI;
- Desc.Description = URIDesc;
- Desc.Owner = this;
- Desc.ShortDesc = ShortDesc;
-
- QueueURI(Desc);
-
- if(Debug)
- std::clog << "pkgAcqSubIndex: " << Desc.URI << std::endl;
-}
- /*}}}*/
-// AcqSubIndex::Custom600Headers - Insert custom request headers /*{{{*/
-// ---------------------------------------------------------------------
-/* The only header we use is the last-modified header. */
-string pkgAcqSubIndex::Custom600Headers() const
-{
- string Final = _config->FindDir("Dir::State::lists");
- Final += URItoFileName(Desc.URI);
-
- struct stat Buf;
- if (stat(Final.c_str(),&Buf) != 0)
- return "\nIndex-File: true\nFail-Ignore: true\n";
- return "\nIndex-File: true\nFail-Ignore: true\nLast-Modified: " + TimeRFC1123(Buf.st_mtime);
-}
- /*}}}*/
-void pkgAcqSubIndex::Failed(string Message,pkgAcquire::MethodConfig * /*Cnf*/)/*{{{*/
-{
- if(Debug)
- std::clog << "pkgAcqSubIndex failed: " << Desc.URI << " with " << Message << std::endl;
-
- Complete = false;
- Status = StatDone;
- Dequeue();
-
- // No good Index is provided
-}
- /*}}}*/
-void pkgAcqSubIndex::Done(string Message,unsigned long long Size,HashStringList const &Hashes, /*{{{*/
- pkgAcquire::MethodConfig *Cnf)
-{
- if(Debug)
- std::clog << "pkgAcqSubIndex::Done(): " << Desc.URI << std::endl;
-
- string FileName = LookupTag(Message,"Filename");
- if (FileName.empty() == true)
- {
- Status = StatError;
- ErrorText = "Method gave a blank filename";
- return;
- }
-
- if (FileName != DestFile)
- {
- Local = true;
- Desc.URI = "copy:" + FileName;
- QueueURI(Desc);
- return;
- }
-
- Item::Done(Message, Size, Hashes, Cnf);
-
- string FinalFile = _config->FindDir("Dir::State::lists")+URItoFileName(Desc.URI);
-
- /* Downloaded invalid transindex => Error (LP: #346386) (Closes: #627642) */
- indexRecords SubIndexParser;
- if (FileExists(DestFile) == true && !SubIndexParser.Load(DestFile)) {
- Status = StatError;
- ErrorText = SubIndexParser.ErrorText;
- return;
- }
-
- // success in downloading the index
- // rename the index
- if(Debug)
- std::clog << "Renaming: " << DestFile << " -> " << FinalFile << std::endl;
- Rename(DestFile,FinalFile);
- chmod(FinalFile.c_str(),0644);
- DestFile = FinalFile;
-
- if(ParseIndex(DestFile) == false)
- return Failed("", NULL);
-
- Complete = true;
- Status = StatDone;
- Dequeue();
- return;
-}
- /*}}}*/
-bool pkgAcqSubIndex::ParseIndex(string const &IndexFile) /*{{{*/
-{
- indexRecords SubIndexParser;
- if (FileExists(IndexFile) == false || SubIndexParser.Load(IndexFile) == false)
- return false;
- // so something with the downloaded index
- return true;
-}
- /*}}}*/
// AcqDiffIndex::AcqDiffIndex - Constructor /*{{{*/
// ---------------------------------------------------------------------
/* Get the DiffIndex file first and see if there are patches available
@@ -361,10 +264,12 @@ bool pkgAcqSubIndex::ParseIndex(string const &IndexFile) /*{{{*/
* the original packages file
*/
pkgAcqDiffIndex::pkgAcqDiffIndex(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
IndexTarget const * const Target,
HashStringList const &ExpectedHashes,
indexRecords *MetaIndexParser)
- : pkgAcqBaseIndex(Owner, Target, ExpectedHashes, MetaIndexParser)
+ : pkgAcqBaseIndex(Owner, TransactionManager, Target, ExpectedHashes,
+ MetaIndexParser), PackagesFileReadyInPartial(false)
{
Debug = _config->FindB("Debug::pkgAcquire::Diffs",false);
@@ -460,9 +365,14 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string IndexDiffFile) /*{{{*/
// we have the same sha1 as the server so we are done here
if(Debug)
std::clog << "Package file is up-to-date" << std::endl;
+ // ensure we have no leftovers from previous runs
+ std::string Partial = _config->FindDir("Dir::State::lists");
+ Partial += "partial/" + URItoFileName(RealURI);
+ unlink(Partial.c_str());
// list cleanup needs to know that this file as well as the already
// present index is ours, so we create an empty diff to save it for us
- new pkgAcqIndexDiffs(Owner, Target, ExpectedHashes, MetaIndexParser,
+ new pkgAcqIndexDiffs(Owner, TransactionManager, Target,
+ ExpectedHashes, MetaIndexParser,
ServerSha1, available_patches);
return true;
}
@@ -529,6 +439,21 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string IndexDiffFile) /*{{{*/
// we have something, queue the next diff
if(found)
{
+ // FIXME: make this use the method
+ PackagesFileReadyInPartial = true;
+ std::string Partial = _config->FindDir("Dir::State::lists");
+ Partial += "partial/" + URItoFileName(RealURI);
+
+ FileFd From(CurrentPackagesFile, FileFd::ReadOnly);
+ FileFd To(Partial, FileFd::WriteEmpty);
+ if(CopyFile(From, To) == false)
+ return _error->Errno("CopyFile", "failed to copy");
+
+ if(Debug)
+ std::cerr << "Done copying " << CurrentPackagesFile
+ << " -> " << Partial
+ << std::endl;
+
// queue the diffs
string::size_type const last_space = Description.rfind(" ");
if(last_space != string::npos)
@@ -549,24 +474,27 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string IndexDiffFile) /*{{{*/
if (pdiff_merge == false)
{
- new pkgAcqIndexDiffs(Owner, Target, ExpectedHashes, MetaIndexParser,
+ new pkgAcqIndexDiffs(Owner, TransactionManager, Target, ExpectedHashes,
+ MetaIndexParser,
ServerSha1, available_patches);
}
else
{
std::vector<pkgAcqIndexMergeDiffs*> *diffs = new std::vector<pkgAcqIndexMergeDiffs*>(available_patches.size());
for(size_t i = 0; i < available_patches.size(); ++i)
- (*diffs)[i] = new pkgAcqIndexMergeDiffs(Owner, Target,
+ (*diffs)[i] = new pkgAcqIndexMergeDiffs(Owner,
+ TransactionManager,
+ Target,
ExpectedHashes,
MetaIndexParser,
available_patches[i],
diffs);
}
- Complete = false;
- Status = StatDone;
- Dequeue();
- return true;
+ Complete = false;
+ Status = StatDone;
+ Dequeue();
+ return true;
}
}
@@ -584,7 +512,7 @@ void pkgAcqDiffIndex::Failed(string Message,pkgAcquire::MethodConfig * /*Cnf*/)/
std::clog << "pkgAcqDiffIndex failed: " << Desc.URI << " with " << Message << std::endl
<< "Falling back to normal index file acquire" << std::endl;
- new pkgAcqIndex(Owner, Target, ExpectedHashes, MetaIndexParser);
+ new pkgAcqIndex(Owner, TransactionManager, Target, ExpectedHashes, MetaIndexParser);
Complete = false;
Status = StatDone;
@@ -627,12 +555,13 @@ void pkgAcqDiffIndex::Done(string Message,unsigned long long Size,HashStringList
* for each diff and the index
*/
pkgAcqIndexDiffs::pkgAcqIndexDiffs(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
struct IndexTarget const * const Target,
HashStringList const &ExpectedHashes,
indexRecords *MetaIndexParser,
string ServerSha1,
vector<DiffInfo> diffs)
- : pkgAcqBaseIndex(Owner, Target, ExpectedHashes, MetaIndexParser),
+ : pkgAcqBaseIndex(Owner, TransactionManager, Target, ExpectedHashes, MetaIndexParser),
available_patches(diffs), ServerSha1(ServerSha1)
{
@@ -648,7 +577,9 @@ pkgAcqIndexDiffs::pkgAcqIndexDiffs(pkgAcquire *Owner,
if(available_patches.empty() == true)
{
- // we are done (yeah!)
+ // we are done (yeah!), check hashes against the final file
+ DestFile = _config->FindDir("Dir::State::lists");
+ DestFile += URItoFileName(Target->URI);
Finish(true);
}
else
@@ -664,20 +595,22 @@ void pkgAcqIndexDiffs::Failed(string Message,pkgAcquire::MethodConfig * /*Cnf*/)
if(Debug)
std::clog << "pkgAcqIndexDiffs failed: " << Desc.URI << " with " << Message << std::endl
<< "Falling back to normal index file acquire" << std::endl;
- new pkgAcqIndex(Owner, Target, ExpectedHashes, MetaIndexParser);
+ new pkgAcqIndex(Owner, TransactionManager, Target, ExpectedHashes, MetaIndexParser);
Finish();
}
/*}}}*/
// Finish - helper that cleans the item out of the fetcher queue /*{{{*/
void pkgAcqIndexDiffs::Finish(bool allDone)
{
+ if(Debug)
+ std::clog << "pkgAcqIndexDiffs::Finish(): "
+ << allDone << " "
+ << Desc.URI << std::endl;
+
// we restore the original name, this is required, otherwise
// the file will be cleaned
if(allDone)
{
- DestFile = _config->FindDir("Dir::State::lists");
- DestFile += URItoFileName(RealURI);
-
if(HashSums().usable() && !HashSums().VerifyFile(DestFile))
{
RenameOnError(HashSumMismatch);
@@ -685,6 +618,16 @@ void pkgAcqIndexDiffs::Finish(bool allDone)
return;
}
+ // queue for copy
+ PartialFile = _config->FindDir("Dir::State::lists")+"partial/"+URItoFileName(RealURI);
+
+ DestFile = _config->FindDir("Dir::State::lists");
+ DestFile += URItoFileName(RealURI);
+
+ // this happens if we have a up-to-date indexfile
+ if(!FileExists(PartialFile))
+ PartialFile = DestFile;
+
// this is for the "real" finish
Complete = true;
Status = StatDone;
@@ -704,10 +647,15 @@ void pkgAcqIndexDiffs::Finish(bool allDone)
/*}}}*/
bool pkgAcqIndexDiffs::QueueNextDiff() /*{{{*/
{
-
// calc sha1 of the just patched file
string FinalFile = _config->FindDir("Dir::State::lists");
- FinalFile += URItoFileName(RealURI);
+ FinalFile += "partial/" + URItoFileName(RealURI);
+
+ if(!FileExists(FinalFile))
+ {
+ Failed("No FinalFile " + FinalFile + " available", NULL);
+ return false;
+ }
FileFd fd(FinalFile, FileFd::ReadOnly);
SHA1Summation SHA1;
@@ -717,6 +665,7 @@ bool pkgAcqIndexDiffs::QueueNextDiff() /*{{{*/
std::clog << "QueueNextDiff: "
<< FinalFile << " (" << local_sha1 << ")"<<std::endl;
+
// final file reached before all patches are applied
if(local_sha1 == ServerSha1)
{
@@ -738,7 +687,7 @@ bool pkgAcqIndexDiffs::QueueNextDiff() /*{{{*/
// error checking and falling back if no patch was found
if(available_patches.empty() == true)
{
- Failed("", NULL);
+ Failed("No patches available", NULL);
return false;
}
@@ -765,7 +714,7 @@ void pkgAcqIndexDiffs::Done(string Message,unsigned long long Size, HashStringLi
Item::Done(Message, Size, Hashes, Cnf);
string FinalFile;
- FinalFile = _config->FindDir("Dir::State::lists")+URItoFileName(RealURI);
+ FinalFile = _config->FindDir("Dir::State::lists")+"partial/"+URItoFileName(RealURI);
// success in downloading a diff, enter ApplyDiff state
if(State == StateFetchDiff)
@@ -812,23 +761,26 @@ void pkgAcqIndexDiffs::Done(string Message,unsigned long long Size, HashStringLi
// see if there is more to download
if(available_patches.empty() == false) {
- new pkgAcqIndexDiffs(Owner, Target,
+ new pkgAcqIndexDiffs(Owner, TransactionManager, Target,
ExpectedHashes, MetaIndexParser,
ServerSha1, available_patches);
return Finish();
} else
+ // update
+ DestFile = FinalFile;
return Finish(true);
}
}
/*}}}*/
// AcqIndexMergeDiffs::AcqIndexMergeDiffs - Constructor /*{{{*/
pkgAcqIndexMergeDiffs::pkgAcqIndexMergeDiffs(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
struct IndexTarget const * const Target,
HashStringList const &ExpectedHashes,
indexRecords *MetaIndexParser,
DiffInfo const &patch,
std::vector<pkgAcqIndexMergeDiffs*> const * const allPatches)
- : pkgAcqBaseIndex(Owner, Target, ExpectedHashes, MetaIndexParser),
+ : pkgAcqBaseIndex(Owner, TransactionManager, Target, ExpectedHashes, MetaIndexParser),
patch(patch), allPatches(allPatches), State(StateFetchDiff)
{
@@ -871,7 +823,7 @@ void pkgAcqIndexMergeDiffs::Failed(string Message,pkgAcquire::MethodConfig * /*C
// first failure means we should fallback
State = StateErrorDiff;
std::clog << "Falling back to normal index file acquire" << std::endl;
- new pkgAcqIndex(Owner, Target, ExpectedHashes, MetaIndexParser);
+ new pkgAcqIndex(Owner, TransactionManager, Target, ExpectedHashes, MetaIndexParser);
}
/*}}}*/
void pkgAcqIndexMergeDiffs::Done(string Message,unsigned long long Size,HashStringList const &Hashes, /*{{{*/
@@ -882,7 +834,7 @@ void pkgAcqIndexMergeDiffs::Done(string Message,unsigned long long Size,HashStri
Item::Done(Message,Size,Hashes,Cnf);
- string const FinalFile = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+ string const FinalFile = _config->FindDir("Dir::State::lists") + "partial/" + URItoFileName(RealURI);
if (State == StateFetchDiff)
{
@@ -930,21 +882,27 @@ void pkgAcqIndexMergeDiffs::Done(string Message,unsigned long long Size,HashStri
return;
}
+
+ std::string FinalFile = _config->FindDir("Dir::State::lists");
+ FinalFile += URItoFileName(RealURI);
+
// move the result into place
if(Debug)
- std::clog << "Moving patched file in place: " << std::endl
+ std::clog << "Queue patched file in place: " << std::endl
<< DestFile << " -> " << FinalFile << std::endl;
- Rename(DestFile, FinalFile);
- chmod(FinalFile.c_str(), 0644);
- // otherwise lists cleanup will eat the file
+ // queue for copy by the transaction manager
+ PartialFile = DestFile;
DestFile = FinalFile;
// ensure the ed's are gone regardless of list-cleanup
for (std::vector<pkgAcqIndexMergeDiffs *>::const_iterator I = allPatches->begin();
I != allPatches->end(); ++I)
{
- std::string patch = FinalFile + ".ed." + (*I)->patch.file + ".gz";
+ std::string PartialFile = _config->FindDir("Dir::State::lists");
+ PartialFile += "partial/" + URItoFileName(RealURI);
+ std::string patch = PartialFile + ".ed." + (*I)->patch.file + ".gz";
+ std::cerr << patch << std::endl;
unlink(patch.c_str());
}
@@ -961,29 +919,40 @@ void pkgAcqIndexMergeDiffs::Done(string Message,unsigned long long Size,HashStri
instantiated to fetch the revision file */
pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner,
string URI,string URIDesc,string ShortDesc,
- HashStringList const &ExpectedHash, string comprExt)
- : pkgAcqBaseIndex(Owner, NULL, ExpectedHash, NULL), RealURI(URI)
+ HashStringList const &ExpectedHash)
+ : pkgAcqBaseIndex(Owner, 0, NULL, ExpectedHash, NULL), RealURI(URI)
{
- if(comprExt.empty() == true)
- {
- // autoselect the compression method
- std::vector<std::string> types = APT::Configuration::getCompressionTypes();
- for (std::vector<std::string>::const_iterator t = types.begin(); t != types.end(); ++t)
- comprExt.append(*t).append(" ");
- if (comprExt.empty() == false)
- comprExt.erase(comprExt.end()-1);
- }
- CompressionExtension = comprExt;
-
+ AutoSelectCompression();
Init(URI, URIDesc, ShortDesc);
+
+ if(_config->FindB("Debug::Acquire::Transaction", false) == true)
+ std::clog << "New pkgIndex with TransactionManager "
+ << TransactionManager << std::endl;
}
-pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner, IndexTarget const *Target,
+ /*}}}*/
+// AcqIndex::AcqIndex - Constructor /*{{{*/
+// ---------------------------------------------------------------------
+pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
+ IndexTarget const *Target,
HashStringList const &ExpectedHash,
indexRecords *MetaIndexParser)
- : pkgAcqBaseIndex(Owner, Target, ExpectedHash, MetaIndexParser),
- RealURI(Target->URI)
+ : pkgAcqBaseIndex(Owner, TransactionManager, Target, ExpectedHash,
+ MetaIndexParser), RealURI(Target->URI)
{
// autoselect the compression method
+ AutoSelectCompression();
+ Init(Target->URI, Target->Description, Target->ShortDesc);
+
+ if(_config->FindB("Debug::Acquire::Transaction", false) == true)
+ std::clog << "New pkgIndex with TransactionManager "
+ << TransactionManager << std::endl;
+}
+ /*}}}*/
+// AcqIndex::AutoSelectCompression - Select compression /*{{{*/
+// ---------------------------------------------------------------------
+void pkgAcqIndex::AutoSelectCompression()
+{
std::vector<std::string> types = APT::Configuration::getCompressionTypes();
CompressionExtension = "";
if (ExpectedHashes.usable())
@@ -999,12 +968,12 @@ pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner, IndexTarget const *Target,
}
if (CompressionExtension.empty() == false)
CompressionExtension.erase(CompressionExtension.end()-1);
-
- Init(Target->URI, Target->Description, Target->ShortDesc);
}
- /*}}}*/
// AcqIndex::Init - defered Constructor /*{{{*/
-void pkgAcqIndex::Init(string const &URI, string const &URIDesc, string const &ShortDesc) {
+// ---------------------------------------------------------------------
+void pkgAcqIndex::Init(string const &URI, string const &URIDesc,
+ string const &ShortDesc)
+{
Decompression = false;
Erase = false;
@@ -1012,7 +981,6 @@ void pkgAcqIndex::Init(string const &URI, string const &URIDesc, string const &S
DestFile += URItoFileName(URI);
std::string const comprExt = CompressionExtension.substr(0, CompressionExtension.find(' '));
- std::string MetaKey;
if (comprExt == "uncompressed")
{
Desc.URI = URI;
@@ -1081,14 +1049,9 @@ void pkgAcqIndex::InitByHashIfNeeded(const std::string MetaKey)
/* The only header we use is the last-modified header. */
string pkgAcqIndex::Custom600Headers() const
{
- std::string const compExt = CompressionExtension.substr(0, CompressionExtension.find(' '));
- string Final = _config->FindDir("Dir::State::lists");
- Final += URItoFileName(RealURI);
- if (_config->FindB("Acquire::GzipIndexes",false))
- Final += compExt;
+ string Final = GetFinalFilename();
string msg = "\nIndex-File: true";
-
struct stat Buf;
if (stat(Final.c_str(),&Buf) == 0)
msg += "\nLast-Modified: " + TimeRFC1123(Buf.st_mtime);
@@ -1096,6 +1059,9 @@ string pkgAcqIndex::Custom600Headers() const
return msg;
}
/*}}}*/
+// pkgAcqIndex::Failed - getting the indexfile failed /*{{{*/
+// ---------------------------------------------------------------------
+/* */
void pkgAcqIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*{{{*/
{
size_t const nextExt = CompressionExtension.find(' ');
@@ -1114,41 +1080,56 @@ void pkgAcqIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*{{{*/
}
Item::Failed(Message,Cnf);
+
+ /// cancel the entire transaction
+ TransactionManager->AbortTransaction();
}
/*}}}*/
// pkgAcqIndex::GetFinalFilename - Return the full final file path /*{{{*/
-std::string pkgAcqIndex::GetFinalFilename(std::string const &URI,
- std::string const &compExt)
+// ---------------------------------------------------------------------
+/* */
+std::string pkgAcqIndex::GetFinalFilename() const
{
+ std::string const compExt = CompressionExtension.substr(0, CompressionExtension.find(' '));
std::string FinalFile = _config->FindDir("Dir::State::lists");
- FinalFile += URItoFileName(URI);
+ FinalFile += URItoFileName(RealURI);
if (_config->FindB("Acquire::GzipIndexes",false) == true)
FinalFile += '.' + compExt;
return FinalFile;
}
- /*}}}*/
-// AcqIndex::ReverifyAfterIMS - Reverify index after an ims-hit /*{{{*/
-void pkgAcqIndex::ReverifyAfterIMS(std::string const &FileName)
+ /*}}}*/
+// AcqIndex::ReverifyAfterIMS - Reverify index after an ims-hit /*{{{*/
+// ---------------------------------------------------------------------
+/* */
+void pkgAcqIndex::ReverifyAfterIMS()
{
std::string const compExt = CompressionExtension.substr(0, CompressionExtension.find(' '));
+
+ // update destfile to *not* include the compression extension when doing
+ // a reverify (as its uncompressed on disk already)
+ DestFile = _config->FindDir("Dir::State::lists") + "partial/";
+ DestFile += URItoFileName(RealURI);
+
+ // adjust DestFile if its compressed on disk
if (_config->FindB("Acquire::GzipIndexes",false) == true)
- DestFile += compExt;
+ DestFile += '.' + compExt;
- string FinalFile = GetFinalFilename(RealURI, compExt);
- Rename(FinalFile, FileName);
+ // copy FinalFile into partial/ so that we check the hash again
+ string FinalFile = GetFinalFilename();
Decompression = true;
- Desc.URI = "copy:" + FileName;
+ Desc.URI = "copy:" + FinalFile;
QueueURI(Desc);
}
- /*}}}*/
+ /*}}}*/
// AcqIndex::Done - Finished a fetch /*{{{*/
// ---------------------------------------------------------------------
/* This goes through a number of states.. On the initial fetch the
method could possibly return an alternate filename which points
to the uncompressed version of the file. If this is so the file
is copied into the partial directory. In all other cases the file
- is decompressed with a gzip uri. */
-void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList const &Hashes,
+ is decompressed with a compressed uri. */
+void pkgAcqIndex::Done(string Message, unsigned long long Size,
+ HashStringList const &Hashes,
pkgAcquire::MethodConfig *Cfg)
{
Item::Done(Message,Size,Hashes,Cfg);
@@ -1161,6 +1142,7 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList con
Desc.URI = RealURI;
RenameOnError(HashSumMismatch);
printHashSumComparision(RealURI, ExpectedHashes, Hashes);
+ Failed(Message, Cfg);
return;
}
@@ -1171,7 +1153,8 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList con
* have a Package field) (LP: #346386) (Closes: #627642)
*/
FileFd fd(DestFile, FileFd::ReadOnly, FileFd::Extension);
- // Only test for correctness if the file is not empty (empty is ok)
+ // Only test for correctness if the content of the file is not empty
+ // (empty is ok)
if (fd.Size() > 0)
{
pkgTagSection sec;
@@ -1181,28 +1164,39 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList con
if (_error->PendingError() == true || tag.Step(sec) == false || sec.Exists("Package") == false)
{
RenameOnError(InvalidFormat);
+ Failed(Message, Cfg);
return;
}
}
- // Done, move it into position
- string FinalFile = GetFinalFilename(RealURI, compExt);
- Rename(DestFile,FinalFile);
- chmod(FinalFile.c_str(),0644);
-
- /* We restore the original name to DestFile so that the clean operation
- will work OK */
- DestFile = _config->FindDir("Dir::State::lists") + "partial/";
- DestFile += URItoFileName(RealURI);
- if (_config->FindB("Acquire::GzipIndexes",false))
- DestFile += '.' + compExt;
+ // FIXME: can we void the "Erase" bool here as its very non-local?
+ std::string CompressedFile = _config->FindDir("Dir::State::lists") + "partial/";
+ CompressedFile += URItoFileName(RealURI);
// Remove the compressed version.
if (Erase == true)
- unlink(DestFile.c_str());
+ unlink(CompressedFile.c_str());
+
+ // Done, queue for rename on transaction finished
+ PartialFile = DestFile;
+ DestFile = GetFinalFilename();
return;
}
+
+ // FIXME: use the same method to find
+ // check the compressed hash too
+ if(MetaKey != "" && Hashes.size() > 0)
+ {
+ indexRecords::checkSum *Record = MetaIndexParser->Lookup(MetaKey);
+ if(Record && Record->Hashes.usable() && Hashes != Record->Hashes)
+ {
+ RenameOnError(HashSumMismatch);
+ printHashSumComparision(RealURI, Record->Hashes, Hashes);
+ Failed(Message, Cfg);
+ return;
+ }
+ }
Erase = false;
Complete = true;
@@ -1246,11 +1240,12 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList con
StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
return;
- // The files timestamp matches, for non-local URLs reverify the local
- // file, for local file, uncompress again to ensure the hashsum is still
- // matching the Release file
- if (!Local && StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
+ // The files timestamp matches, reverify by copy into partial/
+ if (StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
{
+ Erase = false;
+ ReverifyAfterIMS();
+#if 0 // ???
// set destfile to the final destfile
if(_config->FindB("Acquire::GzipIndexes",false) == false)
{
@@ -1259,6 +1254,7 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList con
}
ReverifyAfterIMS(FileName);
+#endif
return;
}
string decompProg;
@@ -1307,12 +1303,16 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList con
/* The Translation file is added to the queue */
pkgAcqIndexTrans::pkgAcqIndexTrans(pkgAcquire *Owner,
string URI,string URIDesc,string ShortDesc)
- : pkgAcqIndex(Owner, URI, URIDesc, ShortDesc, HashStringList(), "")
+ : pkgAcqIndex(Owner, URI, URIDesc, ShortDesc, HashStringList())
{
}
-pkgAcqIndexTrans::pkgAcqIndexTrans(pkgAcquire *Owner, IndexTarget const * const Target,
- HashStringList const &ExpectedHashes, indexRecords *MetaIndexParser)
- : pkgAcqIndex(Owner, Target, ExpectedHashes, MetaIndexParser)
+ /*}}}*/
+pkgAcqIndexTrans::pkgAcqIndexTrans(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
+ IndexTarget const * const Target,
+ HashStringList const &ExpectedHashes,
+ indexRecords *MetaIndexParser)
+ : pkgAcqIndex(Owner, TransactionManager, Target, ExpectedHashes, MetaIndexParser)
{
// load the filesize
indexRecords::checkSum *Record = MetaIndexParser->Lookup(string(Target->MetaKey));
@@ -1324,11 +1324,7 @@ pkgAcqIndexTrans::pkgAcqIndexTrans(pkgAcquire *Owner, IndexTarget const * const
// ---------------------------------------------------------------------
string pkgAcqIndexTrans::Custom600Headers() const
{
- std::string const compExt = CompressionExtension.substr(0, CompressionExtension.find(' '));
- string Final = _config->FindDir("Dir::State::lists");
- Final += URItoFileName(RealURI);
- if (_config->FindB("Acquire::GzipIndexes",false))
- Final += compExt;
+ string Final = GetFinalFilename();
struct stat Buf;
if (stat(Final.c_str(),&Buf) != 0)
@@ -1350,6 +1346,7 @@ void pkgAcqIndexTrans::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
return;
}
+ // FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor
if (Cnf->LocalOnly == true ||
StringToBool(LookupTag(Message,"Transient-Failure"),false) == false)
{
@@ -1363,15 +1360,120 @@ void pkgAcqIndexTrans::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
Item::Failed(Message,Cnf);
}
/*}}}*/
-pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner, /*{{{*/
+
+void pkgAcqMetaBase::Add(Item *I)
+{
+ Transaction.push_back(I);
+}
+
+void pkgAcqMetaBase::AbortTransaction()
+{
+ if(_config->FindB("Debug::Acquire::Transaction", false) == true)
+ std::clog << "AbortTransaction: " << TransactionManager << std::endl;
+
+ // ensure the toplevel is in error state too
+ for (std::vector<Item*>::iterator I = Transaction.begin();
+ I != Transaction.end(); ++I)
+ {
+ if(_config->FindB("Debug::Acquire::Transaction", false) == true)
+ std::clog << " Cancel: " << (*I)->DestFile << std::endl;
+ // the transaction will abort, so stop anything that is idle
+ if ((*I)->Status == pkgAcquire::Item::StatIdle)
+ (*I)->Status = pkgAcquire::Item::StatDone;
+ }
+}
+ /*}}}*/
+bool pkgAcqMetaBase::TransactionHasError()
+{
+ for (pkgAcquire::ItemIterator I = Transaction.begin();
+ I != Transaction.end(); ++I)
+ if((*I)->Status != pkgAcquire::Item::StatDone &&
+ (*I)->Status != pkgAcquire::Item::StatIdle)
+ return true;
+
+ return false;
+}
+// Acquire::CommitTransaction - Commit a transaction /*{{{*/
+void pkgAcqMetaBase::CommitTransaction()
+{
+ if(_config->FindB("Debug::Acquire::Transaction", false) == true)
+ std::clog << "CommitTransaction: " << this << std::endl;
+
+ // move new files into place *and* remove files that are not
+ // part of the transaction but are still on disk
+ for (std::vector<Item*>::iterator I = Transaction.begin();
+ I != Transaction.end(); ++I)
+ {
+ if((*I)->PartialFile != "")
+ {
+ if(_config->FindB("Debug::Acquire::Transaction", false) == true)
+ std::clog << "mv "
+ << (*I)->PartialFile << " -> "
+ << (*I)->DestFile << " "
+ << (*I)->DescURI()
+ << std::endl;
+ Rename((*I)->PartialFile, (*I)->DestFile);
+ chmod((*I)->DestFile.c_str(),0644);
+ } else {
+ if(_config->FindB("Debug::Acquire::Transaction", false) == true)
+ std::clog << "rm "
+ << (*I)->DestFile
+ << " "
+ << (*I)->DescURI()
+ << std::endl;
+ unlink((*I)->DestFile.c_str());
+ }
+ // mark that this transaction is finished
+ (*I)->TransactionManager = 0;
+ }
+}
+
+ /*{{{*/
+bool pkgAcqMetaBase::GenerateAuthWarning(const std::string &RealURI,
+ const std::string &Message)
+{
+ string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+
+ if(FileExists(Final))
+ {
+ Status = StatTransientNetworkError;
+ _error->Warning(_("An error occurred during the signature "
+ "verification. The repository is not updated "
+ "and the previous index files will be used. "
+ "GPG error: %s: %s\n"),
+ Desc.Description.c_str(),
+ LookupTag(Message,"Message").c_str());
+ RunScripts("APT::Update::Auth-Failure");
+ return true;
+ } else if (LookupTag(Message,"Message").find("NODATA") != string::npos) {
+ /* Invalid signature file, reject (LP: #346386) (Closes: #627642) */
+ _error->Error(_("GPG error: %s: %s"),
+ Desc.Description.c_str(),
+ LookupTag(Message,"Message").c_str());
+ Status = StatError;
+ return true;
+ } else {
+ _error->Warning(_("GPG error: %s: %s"),
+ Desc.Description.c_str(),
+ LookupTag(Message,"Message").c_str());
+ }
+ // gpgv method failed
+ ReportMirrorFailure("GPGFailure");
+ return false;
+}
+ /*}}}*/
+
+
+pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner, /*{{{*/
+ pkgAcqMetaBase *TransactionManager,
string URI,string URIDesc,string ShortDesc,
- string MetaIndexURI, string MetaIndexURIDesc,
- string MetaIndexShortDesc,
+ string MetaIndexFile,
const vector<IndexTarget*>* IndexTargets,
indexRecords* MetaIndexParser) :
- Item(Owner, HashStringList()), RealURI(URI), MetaIndexURI(MetaIndexURI),
- MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc),
- MetaIndexParser(MetaIndexParser), IndexTargets(IndexTargets)
+ pkgAcqMetaBase(Owner, IndexTargets, MetaIndexParser,
+ HashStringList(), TransactionManager),
+ RealURI(URI), MetaIndexFile(MetaIndexFile), URIDesc(URIDesc),
+ ShortDesc(ShortDesc), AuthPass(false), IMSHit(false)
{
DestFile = _config->FindDir("Dir::State::lists") + "partial/";
DestFile += URItoFileName(URI);
@@ -1381,42 +1483,22 @@ pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner, /*{{{*/
// partial download anyway
unlink(DestFile.c_str());
+ // set the TransactionManager
+ if(_config->FindB("Debug::Acquire::Transaction", false) == true)
+ std::clog << "New pkgAcqMetaSig with TransactionManager "
+ << TransactionManager << std::endl;
+
// Create the item
Desc.Description = URIDesc;
Desc.Owner = this;
Desc.ShortDesc = ShortDesc;
Desc.URI = URI;
-
- string Final = _config->FindDir("Dir::State::lists");
- Final += URItoFileName(RealURI);
- if (RealFileExists(Final) == true)
- {
- // File was already in place. It needs to be re-downloaded/verified
- // because Release might have changed, we do give it a different
- // name than DestFile because otherwise the http method will
- // send If-Range requests and there are too many broken servers
- // out there that do not understand them
- LastGoodSig = DestFile+".reverify";
- Rename(Final,LastGoodSig);
- }
-
- // we expect the indextargets + one additional Release file
- ExpectedAdditionalItems = IndexTargets->size() + 1;
QueueURI(Desc);
}
/*}}}*/
pkgAcqMetaSig::~pkgAcqMetaSig() /*{{{*/
{
- // if the file was never queued undo file-changes done in the constructor
- if (QueueCounter == 1 && Status == StatIdle && FileSize == 0 && Complete == false &&
- LastGoodSig.empty() == false)
- {
- string const Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
- if (RealFileExists(Final) == false && RealFileExists(LastGoodSig) == true)
- Rename(LastGoodSig, Final);
- }
-
}
/*}}}*/
// pkgAcqMetaSig::Custom600Headers - Insert custom request headers /*{{{*/
@@ -1424,8 +1506,11 @@ pkgAcqMetaSig::~pkgAcqMetaSig() /*{{{*/
/* The only header we use is the last-modified header. */
string pkgAcqMetaSig::Custom600Headers() const
{
+ string FinalFile = _config->FindDir("Dir::State::lists");
+ FinalFile += URItoFileName(RealURI);
+
struct stat Buf;
- if (stat(LastGoodSig.c_str(),&Buf) != 0)
+ if (stat(FinalFile.c_str(),&Buf) != 0)
return "\nIndex-File: true";
return "\nIndex-File: true\nLast-Modified: " + TimeRFC1123(Buf.st_mtime);
@@ -1453,51 +1538,98 @@ void pkgAcqMetaSig::Done(string Message,unsigned long long Size, HashStringList
return;
}
- Complete = true;
+ if(StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
+ IMSHit = true;
- // at this point pkgAcqMetaIndex takes over
- ExpectedAdditionalItems = 0;
+ // adjust paths if its a ims-hit
+ if(IMSHit)
+ {
+ string FinalFile = _config->FindDir("Dir::State::lists");
+ FinalFile += URItoFileName(RealURI);
+
+ DestFile = PartialFile = FinalFile;
+ }
- // put the last known good file back on i-m-s hit (it will
- // be re-verified again)
- // Else do nothing, we have the new file in DestFile then
- if(StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
- Rename(LastGoodSig, DestFile);
+ // queue for verify
+ if(AuthPass == false)
+ {
+ AuthPass = true;
+ Desc.URI = "gpgv:" + DestFile;
+ DestFile = MetaIndexFile;
+ QueueURI(Desc);
+ return;
+ }
- // queue a pkgAcqMetaIndex to be verified against the sig we just retrieved
- new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc,
- MetaIndexShortDesc, DestFile, IndexTargets,
- MetaIndexParser);
+ // queue to copy the file in place if it was not a ims hit, on ims
+ // hit the file is already at the right place
+ if(IMSHit == false)
+ {
+ PartialFile = _config->FindDir("Dir::State::lists") + "partial/";
+ PartialFile += URItoFileName(RealURI);
+
+ DestFile = _config->FindDir("Dir::State::lists");
+ DestFile += URItoFileName(RealURI);
+ }
+ // we parse the MetaIndexFile here because at this point we can
+ // trust the data
+ if(AuthPass == true)
+ {
+ // load indexes and queue further downloads
+ MetaIndexParser->Load(MetaIndexFile);
+ QueueIndexes(true);
+ }
+
+ Complete = true;
}
/*}}}*/
void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
{
string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+
+ // FIXME: meh, this is not really elegant
+ string InReleaseURI = RealURI.replace(RealURI.rfind("Release.gpg"), 12,
+ "InRelease");
+ string FinalInRelease = _config->FindDir("Dir::State::lists") + URItoFileName(InReleaseURI);
+
+ if(RealFileExists(Final) || RealFileExists(FinalInRelease))
+ {
+ _error->Error("The repository '%s' is no longer signed.",
+ URIDesc.c_str());
+ Rename(MetaIndexFile, MetaIndexFile+".FAILED");
+ Status = pkgAcquire::Item::StatError;
+ TransactionManager->AbortTransaction();
+ return;
+ }
- // at this point pkgAcqMetaIndex takes over
- ExpectedAdditionalItems = 0;
+ // this ensures that any file in the lists/ dir is removed by the
+ // transaction
+ DestFile = _config->FindDir("Dir::State::lists") + "partial/";
+ DestFile += URItoFileName(RealURI);
+ PartialFile = "";
- // if we get a network error we fail gracefully
- if(Status == StatTransientNetworkError)
+ // FIXME: duplicated code from pkgAcqMetaIndex
+ if (AuthPass == true)
{
- Item::Failed(Message,Cnf);
- // move the sigfile back on transient network failures
- if(FileExists(LastGoodSig))
- Rename(LastGoodSig,Final);
-
- // set the status back to , Item::Failed likes to reset it
- Status = pkgAcquire::Item::StatTransientNetworkError;
- return;
+ bool Stop = GenerateAuthWarning(RealURI, Message);
+ if(Stop)
+ return;
}
- // Delete any existing sigfile when the acquire failed
- unlink(Final.c_str());
-
- // queue a pkgAcqMetaIndex with no sigfile
- new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc,
- "", IndexTargets, MetaIndexParser);
+ // only allow going further if the users explicitely wants it
+ if(_config->FindB("APT::Get::AllowUnauthenticated", false) == true)
+ {
+ // we parse the indexes here because at this point the user wanted
+ // a repository that may potentially harm him
+ MetaIndexParser->Load(MetaIndexFile);
+ QueueIndexes(true);
+ }
+ else
+ {
+ _error->Warning("Use --allow-unauthenticated to force the update");
+ }
+ // FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor
if (Cnf->LocalOnly == true ||
StringToBool(LookupTag(Message,"Transient-Failure"),false) == false)
{
@@ -1507,33 +1639,52 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
Dequeue();
return;
}
-
Item::Failed(Message,Cnf);
}
/*}}}*/
pkgAcqMetaIndex::pkgAcqMetaIndex(pkgAcquire *Owner, /*{{{*/
+ pkgAcqMetaBase *TransactionManager,
string URI,string URIDesc,string ShortDesc,
- string SigFile,
+ string MetaIndexSigURI,string MetaIndexSigURIDesc, string MetaIndexSigShortDesc,
const vector<IndexTarget*>* IndexTargets,
indexRecords* MetaIndexParser) :
- Item(Owner, HashStringList()), RealURI(URI), SigFile(SigFile), IndexTargets(IndexTargets),
- MetaIndexParser(MetaIndexParser), AuthPass(false), IMSHit(false)
+ pkgAcqMetaBase(Owner, IndexTargets, MetaIndexParser, HashStringList(),
+ TransactionManager),
+ RealURI(URI), URIDesc(URIDesc), ShortDesc(ShortDesc),
+ AuthPass(false), IMSHit(false),
+ MetaIndexSigURI(MetaIndexSigURI), MetaIndexSigURIDesc(MetaIndexSigURIDesc),
+ MetaIndexSigShortDesc(MetaIndexSigShortDesc)
+{
+ if(TransactionManager == NULL)
+ {
+ this->TransactionManager = this;
+ this->TransactionManager->Add(this);
+ }
+
+ if(_config->FindB("Debug::Acquire::Transaction", false) == true)
+ std::clog << "New pkgAcqMetaIndex with TransactionManager "
+ << this->TransactionManager << std::endl;
+
+
+ Init(URIDesc, ShortDesc);
+}
+ /*}}}*/
+// pkgAcqMetaIndex::Init - Delayed constructor /*{{{*/
+void pkgAcqMetaIndex::Init(std::string URIDesc, std::string ShortDesc)
{
DestFile = _config->FindDir("Dir::State::lists") + "partial/";
- DestFile += URItoFileName(URI);
+ DestFile += URItoFileName(RealURI);
// Create the item
Desc.Description = URIDesc;
Desc.Owner = this;
Desc.ShortDesc = ShortDesc;
- Desc.URI = URI;
+ Desc.URI = RealURI;
// we expect more item
ExpectedAdditionalItems = IndexTargets->size();
-
QueueURI(Desc);
}
- /*}}}*/
// pkgAcqMetaIndex::Custom600Headers - Insert custom request headers /*{{{*/
// ---------------------------------------------------------------------
/* The only header we use is the last-modified header. */
@@ -1572,27 +1723,8 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long long Size,HashStringList
// Still more retrieving to do
return;
- if (SigFile == "")
+ if (SigFile != "")
{
- // There was no signature file, so we are finished. Download
- // the indexes and do only hashsum verification if possible
- MetaIndexParser->Load(DestFile);
- QueueIndexes(false);
- }
- else
- {
- // FIXME: move this into pkgAcqMetaClearSig::Done on the next
- // ABI break
-
- // if we expect a ClearTextSignature (InRelase), ensure that
- // this is what we get and if not fail to queue a
- // Release/Release.gpg, see #346386
- if (SigFile == DestFile && !StartsWithGPGClearTextSignature(DestFile))
- {
- Failed(Message, Cfg);
- return;
- }
-
// There was a signature file, so pass it to gpgv for
// verification
if (_config->FindB("Debug::pkgAcquire::Auth", false))
@@ -1620,8 +1752,8 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long long Size,HashStringList
FinalFile += URItoFileName(RealURI);
if (SigFile == DestFile)
SigFile = FinalFile;
- Rename(DestFile,FinalFile);
- chmod(FinalFile.c_str(),0644);
+ // queue for copy in place
+ PartialFile = DestFile;
DestFile = FinalFile;
}
}
@@ -1656,14 +1788,24 @@ void pkgAcqMetaIndex::RetrievalDone(string Message) /*{{{*/
if (SigFile == DestFile)
{
SigFile = FinalFile;
+#if 0
// constructor of pkgAcqMetaClearSig moved it out of the way,
// now move it back in on IMS hit for the 'old' file
string const OldClearSig = DestFile + ".reverify";
if (RealFileExists(OldClearSig) == true)
Rename(OldClearSig, FinalFile);
+#endif
}
DestFile = FinalFile;
}
+
+ // queue a signature
+ if(SigFile != DestFile)
+ new pkgAcqMetaSig(Owner, TransactionManager,
+ MetaIndexSigURI, MetaIndexSigURIDesc,
+ MetaIndexSigShortDesc, DestFile, IndexTargets,
+ MetaIndexParser);
+
Complete = true;
}
/*}}}*/
@@ -1690,6 +1832,8 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/
std::cerr << "Signature verification succeeded: "
<< DestFile << std::endl;
+// we ensure this by other means
+#if 0
// do not trust any previously unverified content that we may have
string LastGoodSigFile = _config->FindDir("Dir::State::lists").append("partial/").append(URItoFileName(RealURI));
if (DestFile != SigFile)
@@ -1714,11 +1858,18 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/
}
}
}
+#endif
-
- // Download further indexes with verification
+ // Download further indexes with verification
+ //
+ // it would be really nice if we could simply do
+ // if (IMSHit == false) QueueIndexes(true)
+ // and skip the download if the Release file has not changed
+ // - but right now the list cleaner will needs to be tricked
+ // to not delete all our packages/source indexes in this case
QueueIndexes(true);
+#if 0
// is it a clearsigned MetaIndex file?
if (DestFile == SigFile)
return;
@@ -1728,20 +1879,11 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/
URItoFileName(RealURI) + ".gpg";
Rename(SigFile,VerifiedSigFile);
chmod(VerifiedSigFile.c_str(),0644);
+#endif
}
/*}}}*/
-void pkgAcqMetaIndex::QueueIndexes(bool verify) /*{{{*/
+void pkgAcqMetaBase::QueueIndexes(bool verify) /*{{{*/
{
-#if 0
- /* Reject invalid, existing Release files (LP: #346386) (Closes: #627642)
- * FIXME: Disabled; it breaks unsigned repositories without hashes */
- if (!verify && FileExists(DestFile) && !MetaIndexParser->Load(DestFile))
- {
- Status = StatError;
- ErrorText = MetaIndexParser->ErrorText;
- return;
- }
-#endif
bool transInRelease = false;
{
std::vector<std::string> const keys = MetaIndexParser->MetaKeys();
@@ -1803,16 +1945,13 @@ void pkgAcqMetaIndex::QueueIndexes(bool verify) /*{{{*/
if ((*Target)->IsOptional() == true)
{
- if ((*Target)->IsSubIndex() == true)
- new pkgAcqSubIndex(Owner, (*Target)->URI, (*Target)->Description,
- (*Target)->ShortDesc, ExpectedIndexHashes);
- else if (transInRelease == false || Record != NULL || compressedAvailable == true)
+ if (transInRelease == false || Record != NULL || compressedAvailable == true)
{
if (_config->FindB("Acquire::PDiffs",true) == true && transInRelease == true &&
MetaIndexParser->Exists((*Target)->MetaKey + ".diff/Index") == true)
- new pkgAcqDiffIndex(Owner, *Target, ExpectedIndexHashes, MetaIndexParser);
+ new pkgAcqDiffIndex(Owner, TransactionManager, *Target, ExpectedIndexHashes, MetaIndexParser);
else
- new pkgAcqIndexTrans(Owner, *Target, ExpectedIndexHashes, MetaIndexParser);
+ new pkgAcqIndexTrans(Owner, TransactionManager, *Target, ExpectedIndexHashes, MetaIndexParser);
}
continue;
}
@@ -1823,9 +1962,9 @@ void pkgAcqMetaIndex::QueueIndexes(bool verify) /*{{{*/
instead, but passing the required info to it is to much hassle */
if(_config->FindB("Acquire::PDiffs",true) == true && (verify == false ||
MetaIndexParser->Exists((*Target)->MetaKey + ".diff/Index") == true))
- new pkgAcqDiffIndex(Owner, *Target, ExpectedIndexHashes, MetaIndexParser);
+ new pkgAcqDiffIndex(Owner, TransactionManager, *Target, ExpectedIndexHashes, MetaIndexParser);
else
- new pkgAcqIndex(Owner, *Target, ExpectedIndexHashes, MetaIndexParser);
+ new pkgAcqIndex(Owner, TransactionManager, *Target, ExpectedIndexHashes, MetaIndexParser);
}
}
/*}}}*/
@@ -1909,49 +2048,22 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message) /*{{{*/
// pkgAcqMetaIndex::Failed - no Release file present or no signature file present /*{{{*/
// ---------------------------------------------------------------------
/* */
-void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig * /*Cnf*/)
+void pkgAcqMetaIndex::Failed(string Message,
+ pkgAcquire::MethodConfig * /*Cnf*/)
{
+ string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+
if (AuthPass == true)
{
- // gpgv method failed, if we have a good signature
- string LastGoodSigFile = _config->FindDir("Dir::State::lists").append("partial/").append(URItoFileName(RealURI));
- if (DestFile != SigFile)
- LastGoodSigFile.append(".gpg");
- LastGoodSigFile.append(".reverify");
-
- if(FileExists(LastGoodSigFile))
- {
- string VerifiedSigFile = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
- if (DestFile != SigFile)
- VerifiedSigFile.append(".gpg");
- Rename(LastGoodSigFile, VerifiedSigFile);
- Status = StatTransientNetworkError;
- _error->Warning(_("An error occurred during the signature "
- "verification. The repository is not updated "
- "and the previous index files will be used. "
- "GPG error: %s: %s\n"),
- Desc.Description.c_str(),
- LookupTag(Message,"Message").c_str());
- RunScripts("APT::Update::Auth-Failure");
- return;
- } else if (LookupTag(Message,"Message").find("NODATA") != string::npos) {
- /* Invalid signature file, reject (LP: #346386) (Closes: #627642) */
- _error->Error(_("GPG error: %s: %s"),
- Desc.Description.c_str(),
- LookupTag(Message,"Message").c_str());
- return;
- } else {
- _error->Warning(_("GPG error: %s: %s"),
- Desc.Description.c_str(),
- LookupTag(Message,"Message").c_str());
- }
- // gpgv method failed
- ReportMirrorFailure("GPGFailure");
+ bool Stop = GenerateAuthWarning(RealURI, Message);
+ if(Stop)
+ return;
}
/* Always move the meta index, even if gpgv failed. This ensures
* that PackageFile objects are correctly filled in */
- if (FileExists(DestFile)) {
+ if (FileExists(DestFile))
+ {
string FinalFile = _config->FindDir("Dir::State::lists");
FinalFile += URItoFileName(RealURI);
/* InRelease files become Release files, otherwise
@@ -1963,33 +2075,55 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig * /*Cnf*/)
"Release");
SigFile = FinalFile;
}
- Rename(DestFile,FinalFile);
- chmod(FinalFile.c_str(),0644);
+ // Done, queue for rename on transaction finished
+ PartialFile = DestFile;
DestFile = FinalFile;
}
+ _error->Warning(_("The data from '%s' is not signed. Packages "
+ "from that repository can not be authenticated."),
+ URIDesc.c_str());
+
// No Release file was present, or verification failed, so fall
// back to queueing Packages files without verification
- QueueIndexes(false);
+ // only allow going further if the users explicitely wants it
+ if(_config->FindB("APT::Get::AllowUnauthenticated", false) == true)
+ {
+ QueueIndexes(false);
+ } else {
+ // warn if the repository is unsinged
+ _error->Warning("Use --allow-unauthenticated to force the update");
+ }
}
/*}}}*/
+
+void pkgAcqMetaIndex::Finished()
+{
+ if(_config->FindB("Debug::Acquire::Transaction", false) == true)
+ std::clog << "Finished: " << DestFile <<std::endl;
+ if(TransactionManager != NULL &&
+ TransactionManager->TransactionHasError() == false)
+ TransactionManager->CommitTransaction();
+}
+
+
pkgAcqMetaClearSig::pkgAcqMetaClearSig(pkgAcquire *Owner, /*{{{*/
string const &URI, string const &URIDesc, string const &ShortDesc,
string const &MetaIndexURI, string const &MetaIndexURIDesc, string const &MetaIndexShortDesc,
string const &MetaSigURI, string const &MetaSigURIDesc, string const &MetaSigShortDesc,
const vector<IndexTarget*>* IndexTargets,
indexRecords* MetaIndexParser) :
- pkgAcqMetaIndex(Owner, URI, URIDesc, ShortDesc, "", IndexTargets, MetaIndexParser),
- MetaIndexURI(MetaIndexURI), MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc),
- MetaSigURI(MetaSigURI), MetaSigURIDesc(MetaSigURIDesc), MetaSigShortDesc(MetaSigShortDesc)
+ pkgAcqMetaIndex(Owner, NULL, URI, URIDesc, ShortDesc, MetaSigURI, MetaSigURIDesc,MetaSigShortDesc, IndexTargets, MetaIndexParser),
+ MetaIndexURI(MetaIndexURI), MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc),
+ MetaSigURI(MetaSigURI), MetaSigURIDesc(MetaSigURIDesc), MetaSigShortDesc(MetaSigShortDesc)
{
SigFile = DestFile;
// index targets + (worst case:) Release/Release.gpg
ExpectedAdditionalItems = IndexTargets->size() + 2;
-
+#if 0
// keep the old InRelease around in case of transistent network errors
string const Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
if (RealFileExists(Final) == true)
@@ -1997,10 +2131,12 @@ pkgAcqMetaClearSig::pkgAcqMetaClearSig(pkgAcquire *Owner, /*{{{*/
string const LastGoodSig = DestFile + ".reverify";
Rename(Final,LastGoodSig);
}
+#endif
}
/*}}}*/
pkgAcqMetaClearSig::~pkgAcqMetaClearSig() /*{{{*/
{
+#if 0
// if the file was never queued undo file-changes done in the constructor
if (QueueCounter == 1 && Status == StatIdle && FileSize == 0 && Complete == false)
{
@@ -2009,6 +2145,7 @@ pkgAcqMetaClearSig::~pkgAcqMetaClearSig() /*{{{*/
if (RealFileExists(Final) == false && RealFileExists(LastGoodSig) == true)
Rename(LastGoodSig, Final);
}
+#endif
}
/*}}}*/
// pkgAcqMetaClearSig::Custom600Headers - Insert custom request headers /*{{{*/
@@ -2022,7 +2159,6 @@ string pkgAcqMetaClearSig::Custom600Headers() const
struct stat Buf;
if (stat(Final.c_str(),&Buf) != 0)
{
- Final = DestFile + ".reverify";
if (stat(Final.c_str(),&Buf) != 0)
return "\nIndex-File: true\nFail-Ignore: true\n";
}
@@ -2030,6 +2166,25 @@ string pkgAcqMetaClearSig::Custom600Headers() const
return "\nIndex-File: true\nFail-Ignore: true\nLast-Modified: " + TimeRFC1123(Buf.st_mtime);
}
/*}}}*/
+// pkgAcqMetaClearSig::Done - We got a file /*{{{*/
+// ---------------------------------------------------------------------
+void pkgAcqMetaClearSig::Done(std::string Message,unsigned long long Size,
+ HashStringList const &Hashes,
+ pkgAcquire::MethodConfig *Cnf)
+{
+ // if we expect a ClearTextSignature (InRelase), ensure that
+ // this is what we get and if not fail to queue a
+ // Release/Release.gpg, see #346386
+ if (FileExists(DestFile) && !StartsWithGPGClearTextSignature(DestFile))
+ {
+ pkgAcquire::Item::Failed(Message, Cnf);
+ RenameOnError(NotClearsigned);
+ TransactionManager->AbortTransaction();
+ return;
+ }
+ pkgAcqMetaIndex::Done(Message, Size, Hashes, Cnf);
+}
+ /*}}}*/
void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*{{{*/
{
// we failed, we will not get additional items from this method
@@ -2037,16 +2192,17 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*
if (AuthPass == false)
{
- // Remove the 'old' InRelease file if we try Release.gpg now as otherwise
- // the file will stay around and gives a false-auth impression (CVE-2012-0214)
+ // Queue the 'old' InRelease file for removal if we try Release.gpg
+ // as otherwise the file will stay around and gives a false-auth
+ // impression (CVE-2012-0214)
string FinalFile = _config->FindDir("Dir::State::lists");
FinalFile.append(URItoFileName(RealURI));
- if (FileExists(FinalFile))
- unlink(FinalFile.c_str());
+ PartialFile = "";
+ DestFile = FinalFile;
- new pkgAcqMetaSig(Owner,
- MetaSigURI, MetaSigURIDesc, MetaSigShortDesc,
+ new pkgAcqMetaIndex(Owner, TransactionManager,
MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc,
+ MetaSigURI, MetaSigURIDesc, MetaSigShortDesc,
IndexTargets, MetaIndexParser);
if (Cnf->LocalOnly == true ||
StringToBool(LookupTag(Message, "Transient-Failure"), false) == false)
diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h
index 74b5de675..3c81f77a9 100644
--- a/apt-pkg/acquire-item.h
+++ b/apt-pkg/acquire-item.h
@@ -47,6 +47,7 @@ class indexRecords;
class pkgRecords;
class pkgSourceList;
class IndexTarget;
+class pkgAcqMetaBase;
/** \brief Represents the process by which a pkgAcquire object should {{{
* retrieve a file or a collection of files.
@@ -62,6 +63,8 @@ class IndexTarget;
*/
class pkgAcquire::Item : public WeakPointable
{
+ void *d;
+
protected:
/** \brief The acquire object with which this item is associated. */
@@ -87,7 +90,7 @@ class pkgAcquire::Item : public WeakPointable
* \param To The new name of \a From. If \a To exists it will be
* overwritten.
*/
- void Rename(std::string From,std::string To);
+ bool Rename(std::string From,std::string To);
public:
@@ -116,7 +119,7 @@ class pkgAcquire::Item : public WeakPointable
/** \brief The item was could not be downloaded because of
* a transient network error (e.g. network down)
*/
- StatTransientNetworkError
+ StatTransientNetworkError,
} Status;
/** \brief Contains a textual description of the error encountered
@@ -173,6 +176,9 @@ class pkgAcquire::Item : public WeakPointable
*/
unsigned int QueueCounter;
+ /** \brief TransactionManager */
+ pkgAcqMetaBase *TransactionManager;
+
/** \brief The number of additional fetch items that are expected
* once this item is done.
*
@@ -188,6 +194,9 @@ class pkgAcquire::Item : public WeakPointable
*/
std::string DestFile;
+ /** \brief storge name until a transaction is finished */
+ std::string PartialFile;
+
/** \brief Invoked by the acquire worker when the object couldn't
* be fetched.
*
@@ -295,7 +304,8 @@ class pkgAcquire::Item : public WeakPointable
* \param ExpectedHashes of the file represented by this item
*/
Item(pkgAcquire *Owner,
- HashStringList const &ExpectedHashes=HashStringList());
+ HashStringList const &ExpectedHashes=HashStringList(),
+ pkgAcqMetaBase *TransactionManager=NULL);
/** \brief Remove this item from its owner's queue by invoking
* pkgAcquire::Remove.
@@ -307,7 +317,9 @@ class pkgAcquire::Item : public WeakPointable
enum RenameOnErrorState {
HashSumMismatch,
SizeMismatch,
- InvalidFormat
+ InvalidFormat,
+ SignatureError,
+ NotClearsigned,
};
/** \brief Rename failed file and set error
@@ -335,62 +347,265 @@ struct DiffInfo {
unsigned long size;
};
/*}}}*/
-/** \brief An item that is responsible for fetching a SubIndex {{{
- *
- * The MetaIndex file includes only records for important indexes
- * and records for these SubIndex files so these can carry records
- * for addition files like PDiffs and Translations
- */
-class pkgAcqSubIndex : public pkgAcquire::Item
+ /*}}}*/
+
+class pkgAcqMetaBase : public pkgAcquire::Item
{
+ void *d;
+
protected:
- /** \brief If \b true, debugging information will be written to std::clog. */
- bool Debug;
+ std::vector<Item*> Transaction;
+
+ /** \brief A package-system-specific parser for the meta-index file. */
+ indexRecords *MetaIndexParser;
+
+ /** \brief The index files which should be looked up in the meta-index
+ * and then downloaded.
+ */
+ const std::vector<IndexTarget*>* IndexTargets;
+
+ /** \brief Starts downloading the individual index files.
+ *
+ * \param verify If \b true, only indices whose expected hashsum
+ * can be determined from the meta-index will be downloaded, and
+ * the hashsums of indices will be checked (reporting
+ * #StatAuthError if there is a mismatch). If verify is \b false,
+ * no hashsum checking will be performed.
+ */
+ void QueueIndexes(bool verify);
public:
+ // transaction code
+ void Add(Item *I);
+ void AbortTransaction();
+ bool TransactionHasError() APT_PURE;
+ void CommitTransaction();
+
+ // helper for the signature warning
+ bool GenerateAuthWarning(const std::string &RealURI,
+ const std::string &Message);
+
+
+ pkgAcqMetaBase(pkgAcquire *Owner,
+ const std::vector<IndexTarget*>* IndexTargets,
+ indexRecords* MetaIndexParser,
+ HashStringList const &ExpectedHashes=HashStringList(),
+ pkgAcqMetaBase *TransactionManager=NULL)
+ : Item(Owner, ExpectedHashes, TransactionManager),
+ MetaIndexParser(MetaIndexParser), IndexTargets(IndexTargets) {};
+};
+
+/** \brief An acquire item that downloads the detached signature {{{
+ * of a meta-index (Release) file, then queues up the release
+ * file itself.
+ *
+ * \todo Why protected members?
+ *
+ * \sa pkgAcqMetaIndex
+ */
+class pkgAcqMetaSig : public pkgAcqMetaBase
+{
+ void *d;
+
+ protected:
+
+ /** \brief The URI of the signature file. Unlike Desc.URI, this is
+ * never modified; it is used to determine the file that is being
+ * downloaded.
+ */
+ std::string RealURI;
+
+ std::string URIDesc;
+ std::string ShortDesc;
+
+ /** \brief The file we need to verify */
+ std::string MetaIndexFile;
+
+ /** \brief If we are in fetching or download state */
+ bool AuthPass;
+
+ /** \brief Was this file already on disk */
+ bool IMSHit;
+
+ public:
+
// Specialized action members
virtual void Failed(std::string Message,pkgAcquire::MethodConfig *Cnf);
virtual void Done(std::string Message,unsigned long long Size, HashStringList const &Hashes,
pkgAcquire::MethodConfig *Cnf);
- virtual std::string DescURI() {return Desc.URI;};
virtual std::string Custom600Headers() const;
- virtual bool ParseIndex(std::string const &IndexFile);
+ virtual std::string DescURI() {return RealURI; };
+
+ /** \brief Create a new pkgAcqMetaSig. */
+ pkgAcqMetaSig(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
+ std::string URI,std::string URIDesc, std::string ShortDesc,
+ std::string MetaIndexFile,
+ const std::vector<IndexTarget*>* IndexTargets,
+ indexRecords* MetaIndexParser);
+ virtual ~pkgAcqMetaSig();
+};
+ /*}}}*/
+
+/** \brief An item that is responsible for downloading the meta-index {{{
+ * file (i.e., Release) itself and verifying its signature.
+ *
+ * Once the download and verification are complete, the downloads of
+ * the individual index files are queued up using pkgAcqDiffIndex.
+ * If the meta-index file had a valid signature, the expected hashsums
+ * of the index files will be the md5sums listed in the meta-index;
+ * otherwise, the expected hashsums will be "" (causing the
+ * authentication of the index files to be bypassed).
+ */
+class pkgAcqMetaIndex : public pkgAcqMetaBase
+{
+ void *d;
+
+ protected:
+ /** \brief The URI that is actually being downloaded; never
+ * modified by pkgAcqMetaIndex.
+ */
+ std::string RealURI;
- /** \brief Create a new pkgAcqSubIndex.
+ /** \brief The file in which the signature for this index was stored.
*
- * \param Owner The Acquire object that owns this item.
+ * If empty, the signature and the md5sums of the individual
+ * indices will not be checked.
+ */
+ std::string SigFile;
+
+ /** \brief If \b true, the index's signature is currently being verified.
+ */
+ bool AuthPass;
+ // required to deal gracefully with problems caused by incorrect ims hits
+ bool IMSHit;
+
+ /** \brief Check that the release file is a release file for the
+ * correct distribution.
*
- * \param URI The URI of the list file to download.
+ * \return \b true if no fatal errors were encountered.
+ */
+ bool VerifyVendor(std::string Message);
+
+ /** \brief Called when a file is finished being retrieved.
*
- * \param URIDesc A long description of the list file to download.
+ * If the file was not downloaded to DestFile, a copy process is
+ * set up to copy it to DestFile; otherwise, Complete is set to \b
+ * true and the file is moved to its final location.
*
- * \param ShortDesc A short description of the list file to download.
+ * \param Message The message block received from the fetch
+ * subprocess.
+ */
+ void RetrievalDone(std::string Message);
+
+ /** \brief Called when authentication succeeded.
*
- * \param ExpectedHashes The list file's hashsums which are expected.
+ * Sanity-checks the authenticated file, queues up the individual
+ * index files for download, and saves the signature in the lists
+ * directory next to the authenticated list file.
+ *
+ * \param Message The message block received from the fetch
+ * subprocess.
*/
- pkgAcqSubIndex(pkgAcquire *Owner, std::string const &URI,std::string const &URIDesc,
- std::string const &ShortDesc, HashStringList const &ExpectedHashes);
+ void AuthDone(std::string Message);
+
+ std::string URIDesc;
+ std::string ShortDesc;
+
+ /** \brief The URI of the meta-index file for the detached signature */
+ std::string MetaIndexSigURI;
+
+ /** \brief A "URI-style" description of the meta-index file */
+ std::string MetaIndexSigURIDesc;
+
+ /** \brief A brief description of the meta-index file */
+ std::string MetaIndexSigShortDesc;
+
+ /** \brief delayed constructor */
+ void Init(std::string URIDesc, std::string ShortDesc);
+
+ public:
+
+ // Specialized action members
+ virtual void Failed(std::string Message,pkgAcquire::MethodConfig *Cnf);
+ virtual void Done(std::string Message,unsigned long long Size, HashStringList const &Hashes,
+ pkgAcquire::MethodConfig *Cnf);
+ virtual std::string Custom600Headers() const;
+ virtual std::string DescURI() {return RealURI; };
+ virtual void Finished();
+
+ /** \brief Create a new pkgAcqMetaIndex. */
+ pkgAcqMetaIndex(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
+ std::string URI,std::string URIDesc, std::string ShortDesc,
+ std::string MetaIndexSigURI, std::string MetaIndexSigURIDesc, std::string MetaIndexSigShortDesc,
+ const std::vector<IndexTarget*>* IndexTargets,
+ indexRecords* MetaIndexParser);
+};
+ /*}}}*/
+/** \brief An item repsonsible for downloading clearsigned metaindexes {{{*/
+class pkgAcqMetaClearSig : public pkgAcqMetaIndex
+{
+ void *d;
+
+ /** \brief The URI of the meta-index file for the detached signature */
+ std::string MetaIndexURI;
+
+ /** \brief A "URI-style" description of the meta-index file */
+ std::string MetaIndexURIDesc;
+
+ /** \brief A brief description of the meta-index file */
+ std::string MetaIndexShortDesc;
+
+ /** \brief The URI of the detached meta-signature file if the clearsigned one failed. */
+ std::string MetaSigURI;
+
+ /** \brief A "URI-style" description of the meta-signature file */
+ std::string MetaSigURIDesc;
+
+ /** \brief A brief description of the meta-signature file */
+ std::string MetaSigShortDesc;
+
+public:
+ virtual void Failed(std::string Message,pkgAcquire::MethodConfig *Cnf);
+ virtual std::string Custom600Headers() const;
+ virtual void Done(std::string Message,unsigned long long Size, HashStringList const &Hashes,
+ pkgAcquire::MethodConfig *Cnf);
+
+ /** \brief Create a new pkgAcqMetaClearSig. */
+ pkgAcqMetaClearSig(pkgAcquire *Owner,
+ std::string const &URI, std::string const &URIDesc, std::string const &ShortDesc,
+ std::string const &MetaIndexURI, std::string const &MetaIndexURIDesc, std::string const &MetaIndexShortDesc,
+ std::string const &MetaSigURI, std::string const &MetaSigURIDesc, std::string const &MetaSigShortDesc,
+ const std::vector<IndexTarget*>* IndexTargets,
+ indexRecords* MetaIndexParser);
+ virtual ~pkgAcqMetaClearSig();
};
/*}}}*/
+
/** \brief Common base class for all classes that deal with fetching {{{
indexes
*/
class pkgAcqBaseIndex : public pkgAcquire::Item
{
+ void *d;
+
protected:
/** \brief Pointer to the IndexTarget data
*/
const struct IndexTarget * Target;
indexRecords *MetaIndexParser;
+ /** \brief The MetaIndex Key */
+ std::string MetaKey;
pkgAcqBaseIndex(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
struct IndexTarget const * const Target,
HashStringList const &ExpectedHashes,
indexRecords *MetaIndexParser)
- : Item(Owner, ExpectedHashes), Target(Target),
+ : Item(Owner, ExpectedHashes, TransactionManager), Target(Target),
MetaIndexParser(MetaIndexParser) {};
-
};
/*}}}*/
/** \brief An item that is responsible for fetching an index file of {{{
@@ -404,6 +619,8 @@ class pkgAcqBaseIndex : public pkgAcquire::Item
*/
class pkgAcqDiffIndex : public pkgAcqBaseIndex
{
+ void *d;
+
protected:
/** \brief If \b true, debugging information will be written to std::clog. */
bool Debug;
@@ -423,6 +640,10 @@ class pkgAcqDiffIndex : public pkgAcqBaseIndex
*/
std::string Description;
+ /** \brief If the copy step of the packages file is done
+ */
+ bool PackagesFileReadyInPartial;
+
public:
// Specialized action members
virtual void Failed(std::string Message,pkgAcquire::MethodConfig *Cnf);
@@ -457,6 +678,7 @@ class pkgAcqDiffIndex : public pkgAcqBaseIndex
* \param ExpectedHashes The list file's hashsums which are expected.
*/
pkgAcqDiffIndex(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
struct IndexTarget const * const Target,
HashStringList const &ExpectedHashes,
indexRecords *MetaIndexParser);
@@ -475,6 +697,8 @@ class pkgAcqDiffIndex : public pkgAcqBaseIndex
*/
class pkgAcqIndexMergeDiffs : public pkgAcqBaseIndex
{
+ void *d;
+
protected:
/** \brief If \b true, debugging output will be written to
@@ -545,6 +769,7 @@ class pkgAcqIndexMergeDiffs : public pkgAcqBaseIndex
* check if it was the last one to complete the download step
*/
pkgAcqIndexMergeDiffs(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
struct IndexTarget const * const Target,
HashStringList const &ExpectedHash,
indexRecords *MetaIndexParser,
@@ -565,6 +790,8 @@ class pkgAcqIndexMergeDiffs : public pkgAcqBaseIndex
*/
class pkgAcqIndexDiffs : public pkgAcqBaseIndex
{
+ void *d;
+
private:
/** \brief Queue up the next diff download.
@@ -646,7 +873,7 @@ class pkgAcqIndexDiffs : public pkgAcqBaseIndex
virtual void Done(std::string Message,unsigned long long Size, HashStringList const &Hashes,
pkgAcquire::MethodConfig *Cnf);
- virtual std::string DescURI() {return RealURI + "Index";};
+ virtual std::string DescURI() {return RealURI + "IndexDiffs";};
/** \brief Create an index diff item.
*
@@ -673,6 +900,7 @@ class pkgAcqIndexDiffs : public pkgAcqBaseIndex
* that depends on it.
*/
pkgAcqIndexDiffs(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
struct IndexTarget const * const Target,
HashStringList const &ExpectedHash,
indexRecords *MetaIndexParser,
@@ -689,6 +917,8 @@ class pkgAcqIndexDiffs : public pkgAcqBaseIndex
*/
class pkgAcqIndex : public pkgAcqBaseIndex
{
+ void *d;
+
protected:
/** \brief If \b true, the index file has been decompressed. */
@@ -699,9 +929,6 @@ class pkgAcqIndex : public pkgAcqBaseIndex
*/
bool Erase;
- // Unused, used to be used to verify that "Packages: " header was there
- bool __DELME_ON_NEXT_ABI_BREAK_Verify;
-
/** \brief The object that is actually being fetched (minus any
* compression-related extensions).
*/
@@ -716,13 +943,15 @@ class pkgAcqIndex : public pkgAcqBaseIndex
/** \brief Do the changes needed to fetch via AptByHash (if needed) */
void InitByHashIfNeeded(const std::string MetaKey);
- /** \brief Get the full pathname of the final file for the given URI
+ /** \brief Auto select the right compression to use */
+ void AutoSelectCompression();
+
+ /** \brief Get the full pathname of the final file for the current URI
*/
- std::string GetFinalFilename(std::string const &URI,
- std::string const &compExt);
+ std::string GetFinalFilename() const;
/** \brief Schedule file for verification after a IMS hit */
- void ReverifyAfterIMS(std::string const &FileName);
+ void ReverifyAfterIMS();
public:
@@ -753,12 +982,12 @@ class pkgAcqIndex : public pkgAcqBaseIndex
* fallback is ".gz" or none.
*/
pkgAcqIndex(pkgAcquire *Owner,std::string URI,std::string URIDesc,
- std::string ShortDesc, HashStringList const &ExpectedHashes,
- std::string compressExt="");
- pkgAcqIndex(pkgAcquire *Owner,
+ std::string ShortDesc, HashStringList const &ExpectedHashes);
+ pkgAcqIndex(pkgAcquire *Owner, pkgAcqMetaBase *TransactionManager,
IndexTarget const * const Target,
HashStringList const &ExpectedHash,
indexRecords *MetaIndexParser);
+
void Init(std::string const &URI, std::string const &URIDesc,
std::string const &ShortDesc);
};
@@ -772,6 +1001,8 @@ class pkgAcqIndex : public pkgAcqBaseIndex
*/
class pkgAcqIndexTrans : public pkgAcqIndex
{
+ void *d;
+
public:
virtual void Failed(std::string Message,pkgAcquire::MethodConfig *Cnf);
@@ -788,15 +1019,21 @@ class pkgAcqIndexTrans : public pkgAcqIndex
*
* \param ShortDesc A brief description of this index file.
*/
- pkgAcqIndexTrans(pkgAcquire *Owner,std::string URI,std::string URIDesc,
+ pkgAcqIndexTrans(pkgAcquire *Owner,
+ std::string URI,std::string URIDesc,
std::string ShortDesc);
- pkgAcqIndexTrans(pkgAcquire *Owner, IndexTarget const * const Target,
- HashStringList const &ExpectedHashes, indexRecords *MetaIndexParser);
+ pkgAcqIndexTrans(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
+ IndexTarget const * const Target,
+ HashStringList const &ExpectedHashes,
+ indexRecords *MetaIndexParser);
};
/*}}}*/
/** \brief Information about an index file. */ /*{{{*/
class IndexTarget
{
+ void *d;
+
public:
/** \brief A URI from which the index file can be downloaded. */
std::string URI;
@@ -815,224 +1052,18 @@ class IndexTarget
virtual bool IsOptional() const {
return false;
}
- virtual bool IsSubIndex() const {
- return false;
- }
};
/*}}}*/
/** \brief Information about an optional index file. */ /*{{{*/
class OptionalIndexTarget : public IndexTarget
{
+ void *d;
+
virtual bool IsOptional() const {
return true;
}
};
/*}}}*/
-/** \brief Information about an subindex index file. */ /*{{{*/
-class SubIndexTarget : public IndexTarget
-{
- virtual bool IsSubIndex() const {
- return true;
- }
-};
- /*}}}*/
-/** \brief Information about an subindex index file. */ /*{{{*/
-class OptionalSubIndexTarget : public OptionalIndexTarget
-{
- virtual bool IsSubIndex() const {
- return true;
- }
-};
- /*}}}*/
-
-/** \brief An acquire item that downloads the detached signature {{{
- * of a meta-index (Release) file, then queues up the release
- * file itself.
- *
- * \todo Why protected members?
- *
- * \sa pkgAcqMetaIndex
- */
-class pkgAcqMetaSig : public pkgAcquire::Item
-{
- protected:
- /** \brief The last good signature file */
- std::string LastGoodSig;
-
- /** \brief The URI of the signature file. Unlike Desc.URI, this is
- * never modified; it is used to determine the file that is being
- * downloaded.
- */
- std::string RealURI;
-
- /** \brief The URI of the meta-index file to be fetched after the signature. */
- std::string MetaIndexURI;
-
- /** \brief A "URI-style" description of the meta-index file to be
- * fetched after the signature.
- */
- std::string MetaIndexURIDesc;
-
- /** \brief A brief description of the meta-index file to be fetched
- * after the signature.
- */
- std::string MetaIndexShortDesc;
-
- /** \brief A package-system-specific parser for the meta-index file. */
- indexRecords* MetaIndexParser;
-
- /** \brief The index files which should be looked up in the meta-index
- * and then downloaded.
- *
- * \todo Why a list of pointers instead of a list of structs?
- */
- const std::vector<IndexTarget*>* IndexTargets;
-
- public:
-
- // Specialized action members
- virtual void Failed(std::string Message,pkgAcquire::MethodConfig *Cnf);
- virtual void Done(std::string Message,unsigned long long Size, HashStringList const &Hashes,
- pkgAcquire::MethodConfig *Cnf);
- virtual std::string Custom600Headers() const;
- virtual std::string DescURI() {return RealURI; };
-
- /** \brief Create a new pkgAcqMetaSig. */
- pkgAcqMetaSig(pkgAcquire *Owner,std::string URI,std::string URIDesc, std::string ShortDesc,
- std::string MetaIndexURI, std::string MetaIndexURIDesc, std::string MetaIndexShortDesc,
- const std::vector<IndexTarget*>* IndexTargets,
- indexRecords* MetaIndexParser);
- virtual ~pkgAcqMetaSig();
-};
- /*}}}*/
-/** \brief An item that is responsible for downloading the meta-index {{{
- * file (i.e., Release) itself and verifying its signature.
- *
- * Once the download and verification are complete, the downloads of
- * the individual index files are queued up using pkgAcqDiffIndex.
- * If the meta-index file had a valid signature, the expected hashsums
- * of the index files will be the md5sums listed in the meta-index;
- * otherwise, the expected hashsums will be "" (causing the
- * authentication of the index files to be bypassed).
- */
-class pkgAcqMetaIndex : public pkgAcquire::Item
-{
- protected:
- /** \brief The URI that is actually being downloaded; never
- * modified by pkgAcqMetaIndex.
- */
- std::string RealURI;
-
- /** \brief The file in which the signature for this index was stored.
- *
- * If empty, the signature and the md5sums of the individual
- * indices will not be checked.
- */
- std::string SigFile;
-
- /** \brief The index files to download. */
- const std::vector<IndexTarget*>* IndexTargets;
-
- /** \brief The parser for the meta-index file. */
- indexRecords* MetaIndexParser;
-
- /** \brief If \b true, the index's signature is currently being verified.
- */
- bool AuthPass;
- // required to deal gracefully with problems caused by incorrect ims hits
- bool IMSHit;
-
- /** \brief Check that the release file is a release file for the
- * correct distribution.
- *
- * \return \b true if no fatal errors were encountered.
- */
- bool VerifyVendor(std::string Message);
-
- /** \brief Called when a file is finished being retrieved.
- *
- * If the file was not downloaded to DestFile, a copy process is
- * set up to copy it to DestFile; otherwise, Complete is set to \b
- * true and the file is moved to its final location.
- *
- * \param Message The message block received from the fetch
- * subprocess.
- */
- void RetrievalDone(std::string Message);
-
- /** \brief Called when authentication succeeded.
- *
- * Sanity-checks the authenticated file, queues up the individual
- * index files for download, and saves the signature in the lists
- * directory next to the authenticated list file.
- *
- * \param Message The message block received from the fetch
- * subprocess.
- */
- void AuthDone(std::string Message);
-
- /** \brief Starts downloading the individual index files.
- *
- * \param verify If \b true, only indices whose expected hashsum
- * can be determined from the meta-index will be downloaded, and
- * the hashsums of indices will be checked (reporting
- * #StatAuthError if there is a mismatch). If verify is \b false,
- * no hashsum checking will be performed.
- */
- void QueueIndexes(bool verify);
-
- public:
-
- // Specialized action members
- virtual void Failed(std::string Message,pkgAcquire::MethodConfig *Cnf);
- virtual void Done(std::string Message,unsigned long long Size, HashStringList const &Hashes,
- pkgAcquire::MethodConfig *Cnf);
- virtual std::string Custom600Headers() const;
- virtual std::string DescURI() {return RealURI; };
-
- /** \brief Create a new pkgAcqMetaIndex. */
- pkgAcqMetaIndex(pkgAcquire *Owner,
- std::string URI,std::string URIDesc, std::string ShortDesc,
- std::string SigFile,
- const std::vector<IndexTarget*>* IndexTargets,
- indexRecords* MetaIndexParser);
-};
- /*}}}*/
-/** \brief An item repsonsible for downloading clearsigned metaindexes {{{*/
-class pkgAcqMetaClearSig : public pkgAcqMetaIndex
-{
- /** \brief The URI of the meta-index file for the detached signature */
- std::string MetaIndexURI;
-
- /** \brief A "URI-style" description of the meta-index file */
- std::string MetaIndexURIDesc;
-
- /** \brief A brief description of the meta-index file */
- std::string MetaIndexShortDesc;
-
- /** \brief The URI of the detached meta-signature file if the clearsigned one failed. */
- std::string MetaSigURI;
-
- /** \brief A "URI-style" description of the meta-signature file */
- std::string MetaSigURIDesc;
-
- /** \brief A brief description of the meta-signature file */
- std::string MetaSigShortDesc;
-
-public:
- void Failed(std::string Message,pkgAcquire::MethodConfig *Cnf);
- virtual std::string Custom600Headers() const;
-
- /** \brief Create a new pkgAcqMetaClearSig. */
- pkgAcqMetaClearSig(pkgAcquire *Owner,
- std::string const &URI, std::string const &URIDesc, std::string const &ShortDesc,
- std::string const &MetaIndexURI, std::string const &MetaIndexURIDesc, std::string const &MetaIndexShortDesc,
- std::string const &MetaSigURI, std::string const &MetaSigURIDesc, std::string const &MetaSigShortDesc,
- const std::vector<IndexTarget*>* IndexTargets,
- indexRecords* MetaIndexParser);
- virtual ~pkgAcqMetaClearSig();
-};
- /*}}}*/
/** \brief An item that is responsible for fetching a package file. {{{
*
* If the package file already exists in the cache, nothing will be
@@ -1040,6 +1071,8 @@ public:
*/
class pkgAcqArchive : public pkgAcquire::Item
{
+ void *d;
+
protected:
/** \brief The package version being fetched. */
pkgCache::VerIterator Version;
@@ -1118,6 +1151,8 @@ class pkgAcqArchive : public pkgAcquire::Item
*/
class pkgAcqFile : public pkgAcquire::Item
{
+ void *d;
+
/** \brief How many times to retry the download, set from
* Acquire::Retries.
*/
diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc
index 8119e4487..ec565fcfa 100644
--- a/apt-pkg/acquire.cc
+++ b/apt-pkg/acquire.cc
@@ -37,6 +37,7 @@
#include <sys/time.h>
#include <sys/select.h>
#include <errno.h>
+#include <sys/stat.h>
#include <apti18n.h>
/*}}}*/
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index df409fa36..c5eb56f0e 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -1525,7 +1525,7 @@ bool FileFd::Read(void *To,unsigned long long Size,unsigned long long *Actual)
int err;
char const * const errmsg = BZ2_bzerror(d->bz2, &err);
if (err != BZ_IO_ERROR)
- return FileFdError("BZ2_bzread: %s (%d: %s)", _("Read error"), err, errmsg);
+ return FileFdError("BZ2_bzread: %s %s (%d: %s)", FileName.c_str(), _("Read error"), err, errmsg);
}
#endif
#ifdef HAVE_LZMA
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 73010e867..f2d637676 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -265,26 +265,26 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
// this is normally created in pkgAcqMetaSig, but if we run
// in --print-uris mode, we add it here
if (tryInRelease == false)
- new pkgAcqMetaIndex(Owner, MetaIndexURI("Release"),
- MetaIndexInfo("Release"), "Release",
- MetaIndexURI("Release.gpg"),
- ComputeIndexTargets(),
- new indexRecords (Dist));
+ new pkgAcqMetaIndex(Owner, NULL,
+ MetaIndexURI("Release"),
+ MetaIndexInfo("Release"), "Release",
+ MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
+ ComputeIndexTargets(),
+ new indexRecords (Dist));
}
-
if (tryInRelease == true)
- new pkgAcqMetaClearSig(Owner, MetaIndexURI("InRelease"),
- MetaIndexInfo("InRelease"), "InRelease",
+ new pkgAcqMetaClearSig(Owner,
+ MetaIndexURI("InRelease"), MetaIndexInfo("InRelease"), "InRelease",
MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
ComputeIndexTargets(),
new indexRecords (Dist));
else
- new pkgAcqMetaSig(Owner, MetaIndexURI("Release.gpg"),
- MetaIndexInfo("Release.gpg"), "Release.gpg",
- MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
- ComputeIndexTargets(),
- new indexRecords (Dist));
+ new pkgAcqMetaIndex(Owner, NULL,
+ MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
+ MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
+ ComputeIndexTargets(),
+ new indexRecords (Dist));
return true;
}
diff --git a/methods/copy.cc b/methods/copy.cc
index f542a27c0..a23c0316c 100644
--- a/methods/copy.cc
+++ b/methods/copy.cc
@@ -67,6 +67,14 @@ bool CopyMethod::Fetch(FetchItem *Itm)
Res.LastModified = Buf.st_mtime;
Res.IMSHit = false;
URIStart(Res);
+
+ // when the files are identical, just compute the hashes
+ if(File == Itm->DestFile)
+ {
+ CalculateHashes(Res);
+ URIDone(Res);
+ return true;
+ }
// just calc the hashes if the source and destination are identical
if (File == Itm->DestFile)
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 02fb8c356..7e8500c51 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -160,7 +160,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
waitpid(pid, &status, 0);
if (Debug == true)
{
- std::clog << "apt-key exited\n";
+ ioprintf(std::clog, "gpgv exited with status %i\n", WEXITSTATUS(status));
}
if (WEXITSTATUS(status) == 0)
diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated
index 2cee13923..d73097b54 100755
--- a/test/integration/test-apt-get-source-authenticated
+++ b/test/integration/test-apt-get-source-authenticated
@@ -21,7 +21,7 @@ APTARCHIVE=$(readlink -f ./aptarchive)
rm -f $APTARCHIVE/dists/unstable/*Release*
# update without authenticated InRelease file
-testsuccess aptget update
+testsuccess aptget update --allow-unauthenticated
# this all should fail
testfailure aptget install -y foo
diff --git a/test/integration/test-apt-get-update-unauth-warning b/test/integration/test-apt-get-update-unauth-warning
new file mode 100755
index 000000000..b1c676738
--- /dev/null
+++ b/test/integration/test-apt-get-update-unauth-warning
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# ensure we print warnings for unauthenticated repositories
+#
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+# a "normal" package with source and binary
+buildsimplenativepackage 'foo' 'all' '2.0'
+
+setupaptarchive --no-update
+
+APTARCHIVE=$(readlink -f ./aptarchive)
+rm -f $APTARCHIVE/dists/unstable/*Release*
+
+# update without authenticated files leads to warning
+testequal "Ign file: unstable InRelease
+Ign file: unstable Release
+Reading package lists...
+W: The data from 'file: unstable Release' is not signed. Packages from that repository can not be authenticated.
+W: Use --allow-unauthenticated to force the update" aptget update
+
+# no package foo
+testequal "Listing..." apt list foo
+
+# allow override
+testequal "Ign file: unstable InRelease
+Ign file: unstable Release
+Reading package lists...
+W: The data from 'file: unstable Release' is not signed. Packages from that repository can not be authenticated." aptget update --allow-unauthenticated
+
+# ensure we can not install the package
+testequal "WARNING: The following packages cannot be authenticated!
+ foo
+E: There are problems and -y was used without --force-yes" aptget install -qq -y foo
diff --git a/test/integration/test-apt-update-ims b/test/integration/test-apt-update-ims
new file mode 100755
index 000000000..3bd6e843c
--- /dev/null
+++ b/test/integration/test-apt-update-ims
@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'amd64'
+
+buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable'
+
+setupaptarchive
+changetowebserver
+
+testsuccess aptget update
+
+# check that I-M-S header is kept in redirections
+testequal "Hit http://localhost:8080 unstable InRelease
+Hit http://localhost:8080 unstable/main Sources
+Hit http://localhost:8080 unstable/main amd64 Packages
+Hit http://localhost:8080 unstable/main Translation-en
+Reading package lists..." aptget update
+
+# ensure that we still do a hash check on ims hit
+msgtest 'Test I-M-S reverify'
+aptget update -o Debug::pkgAcquire::Auth=1 2>&1 | grep -A1 'RecivedHash:' | grep -q -- '- SHA' && msgpass || msgfail
diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback
new file mode 100755
index 000000000..4e8ea9916
--- /dev/null
+++ b/test/integration/test-apt-update-nofallback
@@ -0,0 +1,207 @@
+#!/bin/sh
+#
+# ensure we never fallback from a signed to a unsigned repo
+#
+# hash checks are done in
+#
+set -e
+
+simulate_mitm_and_inject_evil_package()
+{
+ rm -f $APTARCHIVE/dists/unstable/InRelease
+ rm -f $APTARCHIVE/dists/unstable/Release.gpg
+ inject_evil_package
+}
+
+inject_evil_package()
+{
+ cat > $APTARCHIVE/dists/unstable/main/binary-i386/Packages <<EOF
+Package: evil
+Installed-Size: 29
+Maintainer: Joe Sixpack <joe@example.org>
+Architecture: all
+Version: 1.0
+Filename: pool/evil_1.0_all.deb
+Size: 1270
+Description: an autogenerated evil package
+EOF
+ # avoid ims hit
+ touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages
+}
+
+assert_update_is_refused_and_last_good_state_used()
+{
+ testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
+
+ assert_repo_is_intact
+}
+
+assert_repo_is_intact()
+{
+ testequal "foo/unstable 2.0 all" apt list -q
+ testsuccess "" aptget install -y -s foo
+ testfailure "" aptget install -y evil
+
+ LISTDIR=rootdir/var/lib/apt/lists
+ if ! ( ls $LISTDIR/*InRelease >/dev/null 2>&1 ||
+ ls $LISTDIR/*Release.gpg >/dev/null 2>&1 ); then
+ echo "Can not find InRelease/Release.gpg in $(ls $LISTDIR)"
+ msgfail
+ fi
+}
+
+setupaptarchive_with_lists_clean()
+{
+ setupaptarchive --no-update
+ rm -f rootdir/var/lib/apt/lists/_*
+ #rm -rf rootdir/var/lib/apt/lists
+}
+
+test_from_inrelease_to_unsigned()
+{
+ # setup archive with InRelease file
+ setupaptarchive_with_lists_clean
+ testsuccess aptget update
+
+ simulate_mitm_and_inject_evil_package
+ assert_update_is_refused_and_last_good_state_used
+}
+
+test_from_release_gpg_to_unsigned()
+{
+ # setup archive with Release/Release.gpg (but no InRelease)
+ setupaptarchive_with_lists_clean
+ rm $APTARCHIVE/dists/unstable/InRelease
+ testsuccess aptget update
+
+ simulate_mitm_and_inject_evil_package
+ assert_update_is_refused_and_last_good_state_used
+}
+
+test_cve_2012_0214()
+{
+ # see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/947108
+ #
+ # it was possible to MITM the download so that InRelease/Release.gpg
+ # are not delivered (404) and a altered Release file was send
+ #
+ # apt left the old InRelease file in /var/lib/apt/lists and downloaded
+ # the unauthenticated Release file too giving the false impression that
+ # Release was authenticated
+ #
+ # Note that this is pretty much impossible nowdays because:
+ # a) InRelease is left as is, not split to InRelease/Release as it was
+ # in the old days
+ # b) we refuse to go from signed->unsigned
+ #
+ # Still worth having a regression test the simulates the condition
+
+ # setup archive with InRelease
+ setupaptarchive_with_lists_clean
+ testsuccess aptget update
+
+ # do what CVE-2012-0214 did
+ rm $APTARCHIVE/dists/unstable/InRelease
+ rm $APTARCHIVE/dists/unstable/Release.gpg
+ inject_evil_package
+ # build valid Release file
+ aptftparchive -qq release ./aptarchive > aptarchive/dists/unstable/Release
+
+ assert_update_is_refused_and_last_good_state_used
+
+ # ensure there is no _Release file downloaded
+ testfailure ls rootdir/var/lib/apt/lists/*_Release
+}
+
+test_subvert_inrelease()
+{
+ # setup archive with InRelease
+ setupaptarchive_with_lists_clean
+ testsuccess aptget update
+
+ # replace InRelease with something else
+ mv $APTARCHIVE/dists/unstable/Release $APTARCHIVE/dists/unstable/InRelease
+
+ testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease Does not start with a cleartext signature
+
+E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
+
+ # ensure we keep the repo
+ assert_repo_is_intact
+}
+
+test_inrelease_to_invalid_inrelease()
+{
+ # setup archive with InRelease
+ setupaptarchive_with_lists_clean
+ testsuccess aptget update
+
+ # now remove InRelease and subvert Release do no longer verify
+ sed -i 's/Codename.*/Codename: evil!'/ $APTARCHIVE/dists/unstable/InRelease
+ inject_evil_package
+
+ testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures were invalid: BADSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>
+
+W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease
+
+W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
+
+ # ensure we keep the repo
+ assert_repo_is_intact
+ testfailure grep "evil" rootdir/var/lib/apt/lists/*InRelease
+}
+
+test_release_gpg_to_invalid_release_release_gpg()
+{
+ # setup archive with InRelease
+ setupaptarchive_with_lists_clean
+ rm $APTARCHIVE/dists/unstable/InRelease
+ testsuccess aptget update
+
+ # now subvert Release do no longer verify
+ echo "Some evil data" >> $APTARCHIVE/dists/unstable/Release
+ inject_evil_package
+
+ testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
+
+ assert_repo_is_intact
+ testfailure grep "evil" rootdir/var/lib/apt/lists/*Release
+}
+
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+# a "normal" package with source and binary
+buildsimplenativepackage 'foo' 'all' '2.0'
+
+# setup the archive and ensure we have a single package that installs fine
+setupaptarchive
+APTARCHIVE=$(readlink -f ./aptarchive)
+assert_repo_is_intact
+
+# test the various cases where a repo may go from signed->unsigned
+msgmsg "test_from_inrelease_to_unsigned"
+test_from_inrelease_to_unsigned
+
+msgmsg "test_from_release_gpg_to_unsigned"
+test_from_release_gpg_to_unsigned
+
+# ensure we do not regress on CVE-2012-0214
+msgmsg "test_cve_2012_0214"
+test_cve_2012_0214
+
+# ensure InRelase can not be subverted
+msgmsg "test_subvert_inrelease"
+test_subvert_inrelease
+
+# ensure we revert to last good state if InRelease does not verify
+msgmsg "test_inrelease_to_invalid_inrelease"
+test_inrelease_to_invalid_inrelease
+
+# ensure we revert to last good state if Release/Release.gpg does not verify
+msgmsg "test_release_gpg_to_invalid_release_release_gpg"
+test_release_gpg_to_invalid_release_release_gpg
diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback
new file mode 100755
index 000000000..e37be9554
--- /dev/null
+++ b/test/integration/test-apt-update-rollback
@@ -0,0 +1,196 @@
+#!/bin/sh
+#
+# test that apt-get update is transactional
+#
+set -e
+
+avoid_ims_hit() {
+ touch -d '+1hour' aptarchive/dists/unstable/main/binary-i386/Packages*
+ touch -d '+1hour' aptarchive/dists/unstable/main/source/Sources*
+ touch -d '+1hour' aptarchive/dists/unstable/*Release*
+
+ touch -d '-1hour' rootdir/var/lib/apt/lists/*
+}
+
+create_fresh_archive()
+{
+ rm -rf aptarchive/*
+ rm -f rootdir/var/lib/apt/lists/_* rootdir/var/lib/apt/lists/partial/*
+
+ insertpackage 'unstable' 'old' 'all' '1.0'
+
+ setupaptarchive
+}
+
+add_new_package() {
+ insertpackage "unstable" "new" "all" "1.0"
+ insertsource "unstable" "new" "all" "1.0"
+
+ setupaptarchive --no-update
+
+ avoid_ims_hit
+}
+
+break_repository_sources_index() {
+ printf "xxx" > $APTARCHIVE/dists/unstable/main/source/Sources
+ gzip -c $APTARCHIVE/dists/unstable/main/source/Sources > \
+ $APTARCHIVE/dists/unstable/main/source/Sources.gz
+ avoid_ims_hit
+}
+
+test_inrelease_to_new_inrelease() {
+ msgmsg "Test InRelease to new InRelease works fine"
+ create_fresh_archive
+ testequal "old/unstable 1.0 all" apt list -q
+
+ add_new_package
+
+ testsuccess aptget update -o Debug::Acquire::Transaction=1
+
+ testequal "new/unstable 1.0 all
+old/unstable 1.0 all" apt list -q
+}
+
+test_inrelease_to_broken_hash_reverts_all() {
+ msgmsg "Test InRelease to broken InRelease reverts everything"
+ create_fresh_archive
+ add_new_package
+ # break the Sources file
+ break_repository_sources_index
+
+ # test the error condition
+ testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch
+
+E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
+ # ensure that the Packages file is also rolled back
+ testequal "E: Unable to locate package new" aptget install new -s -qq
+}
+
+test_inreleae_to_valid_release() {
+ msgmsg "Test InRelease to valid Release"
+ create_fresh_archive
+ add_new_package
+ # switch to a unsinged repo now
+ rm $APTARCHIVE/dists/unstable/InRelease
+ rm $APTARCHIVE/dists/unstable/Release.gpg
+ avoid_ims_hit
+
+ # update fails
+ testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
+
+ # test that we can install the new packages but do no longer have a sig
+ testsuccess aptget install old -s
+ testfailure aptget install new -s
+ testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
+ testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
+}
+
+test_inreleae_to_release_reverts_all() {
+ msgmsg "Test InRelease to broken Release reverts everything"
+ create_fresh_archive
+
+ # switch to a unsinged repo now
+ add_new_package
+ rm $APTARCHIVE/dists/unstable/InRelease
+ rm $APTARCHIVE/dists/unstable/Release.gpg
+ # break it
+ break_repository_sources_index
+
+ # ensure error
+ testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
+
+ # ensure that the Packages file is also rolled back
+ testsuccess aptget install old -s
+ testfailure aptget install new -s
+ testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
+ testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
+}
+
+test_unauthenticated_to_invalid_inrelease() {
+ msgmsg "Test UnAuthenticated to invalid InRelease reverts everything"
+ create_fresh_archive
+ rm -rf rootdir/var/lib/apt/lists/*
+ rm $APTARCHIVE/dists/unstable/InRelease
+ rm $APTARCHIVE/dists/unstable/Release.gpg
+ avoid_ims_hit
+
+ testsuccess aptget update -qq --allow-unauthenticated
+ testequal "WARNING: The following packages cannot be authenticated!
+ old
+E: There are problems and -y was used without --force-yes" aptget install -qq -y old
+
+ # go to authenticated but not correct
+ add_new_package
+ break_repository_sources_index
+
+ testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch
+
+E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
+
+ testfailure ls rootdir/var/lib/apt/lists/*_InRelease
+ testequal "WARNING: The following packages cannot be authenticated!
+ old
+E: There are problems and -y was used without --force-yes" aptget install -qq -y old
+}
+
+test_inrelease_to_unauth_inrelease() {
+ msgmsg "Test InRelease to InRelease without sig"
+ create_fresh_archive
+ signreleasefiles 'Marvin Paranoid'
+ avoid_ims_hit
+
+ testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2
+
+W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease
+
+W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
+
+ testsuccess ls rootdir/var/lib/apt/lists/*_InRelease
+}
+
+test_inrelease_to_broken_gzip() {
+ msgmsg "Test InRelease to broken gzip"
+ create_fresh_archive
+ # append junk at the end of the gzip, this
+ echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz
+ # remove uncompressed file, otherwise apt will just fallback fetching
+ # that
+ rm $APTARCHIVE/dists/unstable/main/source/Sources
+ avoid_ims_hit
+
+ testfailure aptget update
+}
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+# setup the archive and ensure we have a single package that installs fine
+setupaptarchive
+APTARCHIVE=$(readlink -f ./aptarchive)
+ROOTDIR=${TMPWORKINGDIRECTORY}/rootdir
+APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )"
+
+# test the following cases:
+# - InRelease -> broken InRelease revert to previous state
+# - empty lists dir and broken remote leaves nothing on the system
+# - InRelease -> hashsum mismatch for one file reverts all files to previous state
+# - Release/Release.gpg -> hashsum mismatch
+# - InRelease -> Release with hashsum mismatch revert entire state and kills Release
+# - Release -> InRelease with broken Sig/Hash removes InRelease
+# going from Release/Release.gpg -> InRelease and vice versa
+# - unauthenticated -> invalid InRelease
+
+# stuff to do:
+# - ims-hit
+# - gzip-index tests
+
+test_inrelease_to_new_inrelease
+test_inrelease_to_broken_hash_reverts_all
+test_inreleae_to_valid_release
+test_inreleae_to_release_reverts_all
+test_unauthenticated_to_invalid_inrelease
+test_inrelease_to_unauth_inrelease
+test_inrelease_to_broken_gzip
diff --git a/test/integration/test-apt-update-transactions b/test/integration/test-apt-update-transactions
new file mode 100755
index 000000000..247334991
--- /dev/null
+++ b/test/integration/test-apt-update-transactions
@@ -0,0 +1,24 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+insertpackage 'unstable' 'foo' 'all' '1.0'
+
+setupaptarchive --no-update
+changetowebserver
+
+# break package file
+cat > aptarchive/dists/unstable/main/binary-i386/Packages <<EOF
+Package: bar
+EOF
+compressfile aptarchive/dists/unstable/main/binary-i386/Packages '+1hour'
+
+# ensure that a update will only succeed entirely or not at all
+testfailure aptget update
+testequal "partial" ls rootdir/var/lib/apt/lists
+
diff --git a/test/integration/test-apt-update-unauth b/test/integration/test-apt-update-unauth
index 13487603c..5db8a3c16 100755
--- a/test/integration/test-apt-update-unauth
+++ b/test/integration/test-apt-update-unauth
@@ -8,6 +8,8 @@ set -e
TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework
+umask 022
+
setupenvironment
configarchitecture "i386"
@@ -17,23 +19,41 @@ insertsource 'unstable' 'foo' 'all' '1.0'
setupaptarchive
changetowebserver
+# FIXME:
+# - also check the unauth -> auth success case, i.e. that all files are
+# reverified
runtest() {
# start unauthenticated
find rootdir/var/lib/apt/lists/ -type f | xargs rm -f
rm -f aptarchive/dists/unstable/*Release*
- aptget update -qq
+ # remove uncompressed version
+ find aptarchive/ -name Packages | xargs rm -f
+ aptget update -qq --allow-unauthenticated
# become authenticated
generatereleasefiles
signreleasefiles
- # and ensure we do download the data again
- msgtest "Check that the data is check when going to authenticated"
- if aptget update |grep -q Hit; then
- msgfail
- else
+ # and ensure we re-check the downloaded data
+ msgtest "Check rollback on going from unauth -> auth"
+
+ # change the local packages file
+ PKGS=$(ls rootdir/var/lib/apt/lists/*Packages*)
+ echo "meep" > $PKGS
+ ls -l rootdir/var/lib/apt/lists > lists.before
+
+ # update and ensure all is reverted on the hashsum failure
+ aptget update -o Debug::Acquire::Transaction=1 -o Debug::pkgAcquire::Auth=1 -o Debug::pkgAcquire::worker=0 > output.log 2>&1 || true
+
+ # ensure we have before what we have after
+ ls -l rootdir/var/lib/apt/lists > lists.after
+ if diff -u lists.before lists.after; then
msgpass
+ else
+ #cat output.log
+ msgfail
fi
+
}
for COMPRESSEDINDEXES in 'false' 'true'; do
diff --git a/test/integration/test-bug-596498-trusted-unsigned-repo b/test/integration/test-bug-596498-trusted-unsigned-repo
index 06c9c8285..973520a97 100755
--- a/test/integration/test-bug-596498-trusted-unsigned-repo
+++ b/test/integration/test-bug-596498-trusted-unsigned-repo
@@ -12,7 +12,7 @@ setupaptarchive
aptgetupdate() {
rm -rf rootdir/var/lib/apt/ rootdir/var/cache/apt/*.bin
- aptget update -qq
+ aptget update -qq --allow-unauthenticated
}
PKGTEXT="$(aptget install cool --assume-no -d | head -n 7)"
diff --git a/test/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted b/test/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted
index f93510fd7..276e10564 100755
--- a/test/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted
+++ b/test/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted
@@ -24,15 +24,18 @@ testfilemissing() {
testrun() {
rm -rf rootdir/var/lib/apt
- testsuccess aptget update
if [ "$1" = 'trusted' ]; then
+ testsuccess aptget update
+
testsuccess aptget download cool
testfileexists 'cool_1.0_i386.deb'
testsuccess aptget download cool --allow-unauthenticated
testfileexists 'cool_1.0_i386.deb'
else
+ testsuccess aptget update --allow-unauthenticated
+
testfailure aptget download cool
testfilemissing 'cool_1.0_i386.deb'
diff --git a/test/integration/test-bug-717891-abolute-uris-for-proxies b/test/integration/test-bug-717891-abolute-uris-for-proxies
index ac1d6ec11..a8947b5e2 100755
--- a/test/integration/test-bug-717891-abolute-uris-for-proxies
+++ b/test/integration/test-bug-717891-abolute-uris-for-proxies
@@ -12,7 +12,7 @@ setupaptarchive
changetowebserver --request-absolute='uri'
msgtest 'Check that absolute paths are' 'not accepted'
-testfailure --nomsg aptget update
+testfailure --nomsg aptget update --allow-unauthenticated
echo 'Acquire::http::Proxy "http://localhost:8080";' > rootdir/etc/apt/apt.conf.d/99proxy
diff --git a/test/integration/test-bug-728500-tempdir b/test/integration/test-bug-728500-tempdir
index bdc38c3ca..37e5a013e 100755
--- a/test/integration/test-bug-728500-tempdir
+++ b/test/integration/test-bug-728500-tempdir
@@ -17,7 +17,7 @@ msgtest 'Test apt-get update with incorrect' 'TMPDIR'
OUTPUT=$(mktemp)
addtrap "rm $OUTPUT;"
export TMPDIR=/does-not-exists
-if aptget update >${OUTPUT} 2>&1; then
+if aptget update -o Debug::Acquire::gpg=1 >${OUTPUT} 2>&1; then
msgpass
else
echo
diff --git a/test/integration/test-bug-738785-switch-protocol b/test/integration/test-bug-738785-switch-protocol
index 1e5748eae..4ff044515 100755
--- a/test/integration/test-bug-738785-switch-protocol
+++ b/test/integration/test-bug-738785-switch-protocol
@@ -60,4 +60,4 @@ mv rootdir/${COPYMETHODS}.bak rootdir/${COPYMETHODS}
# check that downgrades from https to http are not allowed
webserverconfig 'aptwebserver::support::http' 'true'
sed -i -e 's#:8080/redirectme#:4433/downgrademe#' -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/*
-testfailure aptget update
+testfailure aptget update --allow-unauthenticated
diff --git a/test/integration/test-hashsum-verification b/test/integration/test-hashsum-verification
index 2a400dcb4..2db2bab0f 100755
--- a/test/integration/test-hashsum-verification
+++ b/test/integration/test-hashsum-verification
@@ -70,9 +70,13 @@ runtest() {
rm -rf rootdir/var/lib/apt/lists
rm aptarchive/InRelease aptarchive/Release.gpg
msgtest 'unsigned apt-get update gets the expected hashsum mismatch'
- aptget update 2>&1 | grep "Hash Sum mismatch" > /dev/null && msgpass || msgfail
-
-
+ aptget update --allow-unauthenticated >output.log 2>&1 || true
+ if grep -q "Hash Sum mismatch" output.log; then
+ msgpass
+ else
+ cat output.log
+ msgfail
+ fi
}
for COMPRESSEDINDEXES in 'false' 'true'; do
diff --git a/test/integration/test-pdiff-usage b/test/integration/test-pdiff-usage
index 74749d6ab..e86963f28 100755
--- a/test/integration/test-pdiff-usage
+++ b/test/integration/test-pdiff-usage
@@ -159,6 +159,7 @@ SHA1-Patches:
" aptcache show apt newstuff
}
echo 'Debug::pkgAcquire::Diffs "true";
+Debug::Acquire::Transaction "true";
Debug::pkgAcquire::rred "true";' > rootdir/etc/apt/apt.conf.d/rreddebug.conf
testrun -o Acquire::PDiffs::Merge=0 -o APT::Get::List-Cleanup=1
diff --git a/test/integration/test-policy-pinning b/test/integration/test-policy-pinning
index 8eb4bcbad..2281d7a1d 100755
--- a/test/integration/test-policy-pinning
+++ b/test/integration/test-policy-pinning
@@ -28,7 +28,7 @@ Pinned packages:" aptcache policy $*
aptgetupdate() {
# just to be sure that no old files are used
rm -rf rootdir/var/lib/apt
- if aptget update -qq 2>&1 | grep '^E: '; then
+ if aptget update --allow-unauthenticated -qq 2>&1 | grep '^E: '; then
msgwarn 'apt-get update failed with an error'
fi
}
@@ -36,6 +36,7 @@ aptgetupdate() {
### not signed archive
aptgetupdate
+
testequalpolicy 100 500
testequalpolicy 990 500 -t now
diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
index f655ae2d8..df2c69cf6 100755
--- a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
+++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
@@ -36,8 +36,8 @@ ensure_n_canary_strings_in_dir() {
LISTS='rootdir/var/lib/apt/lists'
rm -rf rootdir/var/lib/apt/lists
-msgtest 'Got expected NODATA failure in' 'apt-get update'
-aptget update -qq 2>&1 | grep -q 'E: GPG error.*NODATA' && msgpass || msgfail
+msgtest 'Got expected failure message' 'apt-get update'
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail
ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
testequal 'partial' ls $LISTS
@@ -47,8 +47,8 @@ for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do
echo 'peng neee-wom' > $LISTS/localhost:8080_dists_stable_${f}
done
-msgtest 'Got expected NODATA failure in' 'apt-get update'
-aptget update -qq 2>&1 | grep -q 'E: GPG error.*NODATA' && msgpass || msgfail
+msgtest 'Got expected failure message in' 'apt-get update'
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail
ensure_n_canary_strings_in_dir $LISTS 'peng neee-wom' 4
ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
@@ -57,7 +57,7 @@ ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
echo 'peng neee-wom' > $LISTS/localhost:8080_dists_stable_InRelease
rm -f $LISTS/localhost:8080_dists_stable_Release $LISTS/localhost:8080_dists_stable_Release.gpg
msgtest 'excpected failure of' 'apt-get update'
-aptget update -qq 2>&1 | grep -q 'E: GPG error.*NODATA' && msgpass || msgfail
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail
ensure_n_canary_strings_in_dir $LISTS 'peng neee-wom' 3
ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
index 50ca2bf57..09315868b 100755
--- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
+++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
@@ -28,12 +28,10 @@ MD5Sum:
done
msgtest 'The unsigned garbage before signed block is' 'ignored'
-testsuccess --nomsg aptget update
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail
ROOTDIR="$(readlink -f .)"
testequal "Package files:
100 ${ROOTDIR}/rootdir/var/lib/dpkg/status
release a=now
- 500 file:${ROOTDIR}/aptarchive/ unstable/main i386 Packages
- release a=unstable,n=sid,c=main
Pinned packages:" aptcache policy