diff options
-rw-r--r-- | apt-pkg/acquire-item.cc | 9 | ||||
-rw-r--r-- | apt-pkg/acquire-item.h | 4 | ||||
-rwxr-xr-x | test/integration/test-apt-update-unauth | 28 |
3 files changed, 29 insertions, 12 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 0cae5308e..c819afd9b 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1051,7 +1051,8 @@ void pkgAcqIndex::ReverifyAfterIMS() to the uncompressed version of the file. If this is so the file is copied into the partial directory. In all other cases the file is decompressed with a compressed uri. */ -void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList const &Hashes, +void pkgAcqIndex::Done(string Message, unsigned long long Size, + HashStringList const &Hashes, pkgAcquire::MethodConfig *Cfg) { Item::Done(Message,Size,Hashes,Cfg); @@ -1164,7 +1165,7 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList con string decompProg; // If we enable compressed indexes, queue for hash verification - if (_config->FindB("Acquire::GzipIndexes",false) && compExt == "gz" && !Local) + if (_config->FindB("Acquire::GzipIndexes",false) && compExt == "gz") { DestFile = _config->FindDir("Dir::State::lists"); DestFile += URItoFileName(RealURI) + ".gz"; @@ -1682,6 +1683,8 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/ std::cerr << "Signature verification succeeded: " << DestFile << std::endl; +// we ensure this by other means +#if 0 // do not trust any previously unverified content that we may have string LastGoodSigFile = _config->FindDir("Dir::State::lists").append("partial/").append(URItoFileName(RealURI)); if (DestFile != SigFile) @@ -1702,7 +1705,7 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/ unlink(index.c_str()); } } - +#endif // Download further indexes with verification QueueIndexes(true); diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index ae53fc6ac..49f057b43 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -859,10 +859,6 @@ class pkgAcqIndex : public pkgAcqBaseIndex */ bool Erase; - // FIXME: - // Unused, used to be used to verify that "Packages: " header was there - bool __DELME_ON_NEXT_ABI_BREAK_Verify; - /** \brief The object that is actually being fetched (minus any * compression-related extensions). */ diff --git a/test/integration/test-apt-update-unauth b/test/integration/test-apt-update-unauth index 13487603c..4e08b5e35 100755 --- a/test/integration/test-apt-update-unauth +++ b/test/integration/test-apt-update-unauth @@ -17,23 +17,41 @@ insertsource 'unstable' 'foo' 'all' '1.0' setupaptarchive changetowebserver +# FIXME: +# - also check the unauth -> auth success case, i.e. that all files are +# reverified runtest() { # start unauthenticated find rootdir/var/lib/apt/lists/ -type f | xargs rm -f rm -f aptarchive/dists/unstable/*Release* + # remove uncompressed version + find aptarchive/ -name Packages | xargs rm -f aptget update -qq # become authenticated generatereleasefiles signreleasefiles - # and ensure we do download the data again - msgtest "Check that the data is check when going to authenticated" - if aptget update |grep -q Hit; then - msgfail - else + # and ensure we re-check the downloaded data + msgtest "Check rollback on going from unauth -> auth" + + # change the local packages file + PKGS=$(ls rootdir/var/lib/apt/lists/*Packages*) + echo "meep" > $PKGS + ls -l rootdir/var/lib/apt/lists > lists.before + + # update and ensure all is reverted on the hashsum failure + aptget update -o Debug::Acquire::Transaction=1 -o Debug::pkgAcquire::Auth=1 -o Debug::pkgAcquire::worker=0 > output.log 2>&1 || true + + # ensure we have before what we have after + ls -l rootdir/var/lib/apt/lists > lists.after + if diff -u lists.before lists.after; then msgpass + else + #cat output.log + msgfail fi + } for COMPRESSEDINDEXES in 'false' 'true'; do |