diff options
| -rw-r--r-- | apt-pkg/acquire-item.cc | 12 | ||||
| -rwxr-xr-x | test/integration/test-bug-838779-untrusted-to-trusted-Release-hit | 46 |
2 files changed, 55 insertions, 3 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index bf1c68d82..9c6f85093 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1925,10 +1925,16 @@ void pkgAcqMetaSig::Done(string const &Message, HashStringList const &Hashes, } else if(MetaIndex->CheckAuthDone(Message) == true) { - if (TransactionManager->IMSHit == false) + auto const Releasegpg = GetFinalFilename(); + auto const Release = MetaIndex->GetFinalFilename(); + // if this is an IMS-Hit on Release ensure we also have the the Release.gpg file stored + // (previously an unknown pubkey) – but only if the Release file exists locally (unlikely + // event of InRelease removed from the mirror causing fallback but still an IMS-Hit) + if (TransactionManager->IMSHit == false || + (FileExists(Releasegpg) == false && FileExists(Release) == true)) { - TransactionManager->TransactionStageCopy(this, DestFile, GetFinalFilename()); - TransactionManager->TransactionStageCopy(MetaIndex, MetaIndex->DestFile, MetaIndex->GetFinalFilename()); + TransactionManager->TransactionStageCopy(this, DestFile, Releasegpg); + TransactionManager->TransactionStageCopy(MetaIndex, MetaIndex->DestFile, Release); } } else if (MetaIndex->Status != StatAuthError) diff --git a/test/integration/test-bug-838779-untrusted-to-trusted-Release-hit b/test/integration/test-bug-838779-untrusted-to-trusted-Release-hit new file mode 100755 index 000000000..6fcc2b8e1 --- /dev/null +++ b/test/integration/test-bug-838779-untrusted-to-trusted-Release-hit @@ -0,0 +1,46 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" +setupenvironment +configarchitecture 'amd64' + +buildsimplenativepackage 'foo' 'all' '1' 'stable' + +export APT_DONT_SIGN='' +setupaptarchive --no-update + +changetowebserver + +testsuccess aptget update +testdpkgnotinstalled 'foo' +testsuccess apt install foo -y +testdpkginstalled 'foo' +testsuccess apt purge foo -y +testdpkgnotinstalled 'foo' + +msgmsg 'Untrusted to trusted hit' 'InRelease' +rm -rf rootdir/var/lib/apt/lists rootdir/var/cache/apt/archives +mv rootdir/etc/apt/trusted.gpg.d rootdir/etc/apt/trusted.gpg.d-bak +testwarning aptget update +testfailure apt install foo -y +testdpkgnotinstalled 'foo' +mv rootdir/etc/apt/trusted.gpg.d-bak rootdir/etc/apt/trusted.gpg.d +testsuccess aptget update +testsuccess apt install foo -y +testdpkginstalled 'foo' +testsuccess apt purge foo -y +testdpkgnotinstalled 'foo' + +msgmsg 'Untrusted to trusted hit' 'Release.gpg' +find aptarchive -name 'InRelease' -delete +rm -rf rootdir/var/lib/apt/lists rootdir/var/cache/apt/archives +mv rootdir/etc/apt/trusted.gpg.d rootdir/etc/apt/trusted.gpg.d-bak +testwarning aptget update +testfailure apt install foo -y +testdpkgnotinstalled 'foo' +mv rootdir/etc/apt/trusted.gpg.d-bak rootdir/etc/apt/trusted.gpg.d +testsuccess aptget update +testsuccess apt install foo -y +testdpkginstalled 'foo' |