summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--apt-pkg/acquire-item.cc42
-rwxr-xr-xtest/integration/test-ubuntu-bug-346386-apt-get-update-paywall10
-rwxr-xr-xtest/integration/test-ubuntu-bug-784473-InRelease-one-message-only4
3 files changed, 40 insertions, 16 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index fcfdd50ea..c3b6f0e6a 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1487,6 +1487,36 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
DestFile += URItoFileName(RealURI);
PartialFile = "";
+ // FIXME: duplicated code from pkgAcqMetaIndex
+ if (AuthPass == true)
+ {
+ if(FileExists(Final))
+ {
+ Status = StatTransientNetworkError;
+ _error->Warning(_("An error occurred during the signature "
+ "verification. The repository is not updated "
+ "and the previous index files will be used. "
+ "GPG error: %s: %s\n"),
+ Desc.Description.c_str(),
+ LookupTag(Message,"Message").c_str());
+ RunScripts("APT::Update::Auth-Failure");
+ return;
+ } else if (LookupTag(Message,"Message").find("NODATA") != string::npos) {
+ /* Invalid signature file, reject (LP: #346386) (Closes: #627642) */
+ _error->Error(_("GPG error: %s: %s"),
+ Desc.Description.c_str(),
+ LookupTag(Message,"Message").c_str());
+ Status = StatError;
+ return;
+ } else {
+ _error->Warning(_("GPG error: %s: %s"),
+ Desc.Description.c_str(),
+ LookupTag(Message,"Message").c_str());
+ }
+ // gpgv method failed
+ ReportMirrorFailure("GPGFailure");
+ }
+
// FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor
if (Cnf->LocalOnly == true ||
StringToBool(LookupTag(Message,"Transient-Failure"),false) == false)
@@ -1871,15 +1901,11 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message) /*{{{*/
void pkgAcqMetaIndex::Failed(string Message,
pkgAcquire::MethodConfig * /*Cnf*/)
{
+ string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+
if (AuthPass == true)
{
- // gpgv method failed, if we have a good signature
- string LastGoodSigFile = _config->FindDir("Dir::State::lists");
- LastGoodSigFile += URItoFileName(RealURI);
- if (DestFile != SigFile)
- LastGoodSigFile.append(".gpg");
-
- if(FileExists(LastGoodSigFile))
+ if(FileExists(Final))
{
Status = StatTransientNetworkError;
_error->Warning(_("An error occurred during the signature "
@@ -2011,8 +2037,8 @@ void pkgAcqMetaClearSig::Done(std::string Message,unsigned long long Size,
// Release/Release.gpg, see #346386
if (FileExists(DestFile) && !StartsWithGPGClearTextSignature(DestFile))
{
- //_error->Error(_("Does not start with a clear sign signature"));
pkgAcquire::Item::Failed(Message, Cnf);
+ ErrorText = _("Does not start with a cleartext signature");
return;
}
pkgAcqMetaIndex::Done(Message, Size, Hashes, Cnf);
diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
index 8e50843f3..388c2bfdb 100755
--- a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
+++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
@@ -37,8 +37,8 @@ ensure_n_canary_strings_in_dir() {
LISTS='rootdir/var/lib/apt/lists'
rm -rf rootdir/var/lib/apt/lists
-msgtest 'Got expected NODATA failure in' 'apt-get update'
-aptget update -qq 2>&1 | grep -q 'E: GPG error.*NODATA' && msgpass || msgfail
+msgtest 'Got expected failure message' 'apt-get update'
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail
ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
testequal 'partial' ls $LISTS
@@ -48,8 +48,8 @@ for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do
echo 'peng neee-wom' > $LISTS/localhost:8080_dists_stable_${f}
done
-msgtest 'Got expected NODATA failure in' 'apt-get update'
-aptget update -qq 2>&1 | grep -q 'E: GPG error.*NODATA' && msgpass || msgfail
+msgtest 'Got expected failure message in' 'apt-get update'
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail
ensure_n_canary_strings_in_dir $LISTS 'peng neee-wom' 4
ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
@@ -58,7 +58,7 @@ ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
echo 'peng neee-wom' > $LISTS/localhost:8080_dists_stable_InRelease
rm -f $LISTS/localhost:8080_dists_stable_Release $LISTS/localhost:8080_dists_stable_Release.gpg
msgtest 'excpected failure of' 'apt-get update'
-aptget update -qq 2>&1 | grep -q 'E: GPG error.*NODATA' && msgpass || msgfail
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail
ensure_n_canary_strings_in_dir $LISTS 'peng neee-wom' 3
ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
index 50ca2bf57..09315868b 100755
--- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
+++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
@@ -28,12 +28,10 @@ MD5Sum:
done
msgtest 'The unsigned garbage before signed block is' 'ignored'
-testsuccess --nomsg aptget update
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail
ROOTDIR="$(readlink -f .)"
testequal "Package files:
100 ${ROOTDIR}/rootdir/var/lib/dpkg/status
release a=now
- 500 file:${ROOTDIR}/aptarchive/ unstable/main i386 Packages
- release a=unstable,n=sid,c=main
Pinned packages:" aptcache policy