diff options
-rw-r--r-- | apt-pkg/acquire-item.cc | 17 | ||||
-rwxr-xr-x | test/integration/test-apt-update-repeated-ims-hit | 73 |
2 files changed, 79 insertions, 11 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index a108eb213..062b39cad 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -3265,19 +3265,14 @@ void pkgAcqIndex::StageDownloadDone(string const &Message) // we need to verify the file against the current Release file again // on if-modfied-since hit to avoid a stale attack against us - if(StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) + if (StringToBool(LookupTag(Message, "IMS-Hit"), false)) { - // copy FinalFile into partial/ so that we check the hash again - string const FinalFile = GetExistingFilename(GetFinalFileNameFromURI(Target.URI)); - if (symlink(FinalFile.c_str(), DestFile.c_str()) != 0) - _error->WarningE("pkgAcqIndex::StageDownloadDone", "Symlinking final file %s back to %s failed", FinalFile.c_str(), DestFile.c_str()); - else - { - EraseFileName = DestFile; - Filename = DestFile; - } + Filename = GetExistingFilename(GetFinalFileNameFromURI(Target.URI)); + EraseFileName = DestFile = flCombine(flNotFile(DestFile), flNotDir(Filename)); + if (symlink(Filename.c_str(), DestFile.c_str()) != 0) + _error->WarningE("pkgAcqIndex::StageDownloadDone", "Symlinking file %s to %s failed", Filename.c_str(), DestFile.c_str()); Stage = STAGE_DECOMPRESS_AND_VERIFY; - Desc.URI = "store:" + Filename; + Desc.URI = "store:" + DestFile; QueueURI(Desc); SetActiveSubprocess(::URI(Desc.URI).Access); return; diff --git a/test/integration/test-apt-update-repeated-ims-hit b/test/integration/test-apt-update-repeated-ims-hit new file mode 100755 index 000000000..8630ff5ee --- /dev/null +++ b/test/integration/test-apt-update-repeated-ims-hit @@ -0,0 +1,73 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" +setupenvironment +configarchitecture 'amd64' +configcompression '.' 'bz2' + +echo 'Package: apt +Priority: important +Section: admin +Installed-Size: 5984 +Maintainer: APT Development Team <deity@lists.debian.org> +Architecture: i386 +Version: 0.8.7 +Filename: pool/main/a/apt/apt_0.8.7_i386.deb +Size: 2140230 +MD5sum: 74769bfbcef9ebc4fa74f7a5271b9c08 +Description: Advanced front-end for dpkg +Description-md5: d41ee493aa9fcc6cbc9ce4eb7069959c' > aptarchive/Packages +compressfile aptarchive/Packages + +echo "Package: apt +Description-en: Advanced front-end for dpkg + This is Debian's next generation front-end for the dpkg package manager. + It provides the apt-get utility and APT dselect method that provides a + simpler, safer way to install and upgrade packages. +$MD5Sum" > aptarchive/en +compressfile aptarchive/en + +echo "APT::FTPArchive::Release::Patterns:: \"en\"; +APT::FTPArchive::Release::Patterns:: \"en.*\";" > rootdir/etc/apt/apt.conf.d/ftparchivepattern + +export APT_DONT_SIGN='InRelease' +setupaptarchive --no-update +rm -f aptarchive/Packages aptarchive/en + +rm -f rootdir/etc/apt/trusted.gpg.d/* +sed -i -e 's#^deb #deb [trusted=yes] #' rootdir/etc/apt/sources.list.d/* + +APTARCHIVE="$(readlink -f ./aptarchive)" +GPGERROR="W: GPG error: file:$APTARCHIVE Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A90D141DBAC8DAE" + +msgmsg 'Running update again does not change result' '0' +testwarningmsg "$GPGERROR" apt update +listcurrentlistsdirectory > lists.before +testsuccess grep 'aptarchive_en$' lists.before +testsuccess grep 'aptarchive_Packages$' lists.before +testsuccess grep 'aptarchive_Release$' lists.before +testfailure grep 'aptarchive_Release.gpg$' lists.before + +for i in $(seq 1 3); do + msgmsg 'Running update again does not change result' "$i" + testwarningmsg "$GPGERROR" apt update +done + +find rootdir/var/lib/apt/lists -name '*Release*' -delete +msgmsg 'Running update with a repository gaining hashsums' +testwarningmsg "$GPGERROR" apt update + +changetowebserver +find aptarchive -name '*Release*' -delete +rm -rf rootdir/var/lib/apt/lists + +msgmsg 'Running update with no indexes' '0' +testsuccess apt update +listcurrentlistsdirectory > lists.before +for i in $(seq 1 3); do + msgmsg 'Running update with no indexes' "$i" + testsuccess apt update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::Transaction=1 + testfileequal lists.before "$(listcurrentlistsdirectory)" +done |