1 files changed, 52 insertions, 18 deletions

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 88c25de43..1fa929aad 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -340,12 +340,6 @@ pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner,
       // File was already in place.  It needs to be re-verified
       // because Release might have changed, so Move it into partial
       Rename(Final,DestFile);
-      // unlink the file and do not try to use I-M-S and Last-Modified
-      // if the users proxy is broken
-      if(_config->FindB("Acquire::BrokenProxy", false) == true) {
-	 std::cerr << "forcing re-get of the signature file as requested" << std::endl;
-	 unlink(DestFile.c_str());
-      }
    }
 
    QueueURI(Desc);
@@ -395,18 +389,19 @@ void pkgAcqMetaSig::Done(string Message,unsigned long Size,string MD5,
 									/*}}}*/
 void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
 {
-   // Delete any existing sigfile, so that this source isn't
-   // mistakenly trusted
-   string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
-   unlink(Final.c_str());
 
-   // if we get a timeout if fail
+   // if we get a network error we fail gracefully
    if(LookupTag(Message,"FailReason") == "Timeout" || 
-      LookupTag(Message,"FailReason") == "TmpResolveFailure") {
+      LookupTag(Message,"FailReason") == "TmpResolveFailure" ||
+      LookupTag(Message,"FailReason") == "ConnectionRefused") {
       Item::Failed(Message,Cnf);
       return;
    }
 
+   // Delete any existing sigfile when the acquire failed
+   string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+   unlink(Final.c_str());
+
    // queue a pkgAcqMetaIndex with no sigfile
    new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc,
 		       "", IndexTargets, MetaIndexParser);
@@ -430,7 +425,7 @@ pkgAcqMetaIndex::pkgAcqMetaIndex(pkgAcquire *Owner,
 				 const vector<struct IndexTarget*>* IndexTargets,
 				 indexRecords* MetaIndexParser) :
    Item(Owner), RealURI(URI), SigFile(SigFile), AuthPass(false),
-   MetaIndexParser(MetaIndexParser), IndexTargets(IndexTargets)
+   MetaIndexParser(MetaIndexParser), IndexTargets(IndexTargets), IMSHit(false)
 {
    DestFile = _config->FindDir("Dir::State::lists") + "partial/";
    DestFile += URItoFileName(URI);
@@ -523,6 +518,9 @@ void pkgAcqMetaIndex::RetrievalDone(string Message)
       return;
    }
 
+   // see if the download was a IMSHit
+   IMSHit = StringToBool(LookupTag(Message,"IMS-Hit"),false);
+
    Complete = true;
 
    string FinalFile = _config->FindDir("Dir::State::lists");
@@ -551,7 +549,7 @@ void pkgAcqMetaIndex::AuthDone(string Message)
       return;
    }
 
-   if (!VerifyVendor())
+   if (!VerifyVendor(Message))
    {
       return;
    }
@@ -609,7 +607,7 @@ void pkgAcqMetaIndex::QueueIndexes(bool verify)
    }
 }
 
-bool pkgAcqMetaIndex::VerifyVendor()
+bool pkgAcqMetaIndex::VerifyVendor(string Message)
 {
 //    // Maybe this should be made available from above so we don't have
 //    // to read and parse it every time?
@@ -634,6 +632,22 @@ bool pkgAcqMetaIndex::VerifyVendor()
 //          break;
 //       }
 //    }
+   string::size_type pos;
+
+   // check for missing sigs (that where not fatal because otherwise we had
+   // bombed earlier)
+   string missingkeys;
+   string msg = _("There are no public key available for the "
+		  "following key IDs:\n");
+   pos = Message.find("NO_PUBKEY ");
+   if (pos != std::string::npos)
+   {
+      string::size_type start = pos+strlen("NO_PUBKEY ");
+      string Fingerprint = Message.substr(start, Message.find("\n")-start);
+      missingkeys += (Fingerprint);
+   }
+   if(!missingkeys.empty())
+      _error->Warning("%s", string(msg+missingkeys).c_str());
 
    string Transformed = MetaIndexParser->GetExpectedDist();
 
@@ -642,7 +656,7 @@ bool pkgAcqMetaIndex::VerifyVendor()
       Transformed = "experimental";
    }
 
-   string::size_type pos = Transformed.rfind('/');
+   pos = Transformed.rfind('/');
    if (pos != string::npos)
    {
       Transformed = Transformed.substr(0, pos);
@@ -688,10 +702,30 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
 {
    if (AuthPass == true)
    {
-      // gpgv method failed
+      // if we fail the authentication but got the file via a IMS-Hit 
+      // this means that the file wasn't downloaded and that it might be
+      // just stale (server problem, proxy etc). we delete what we have
+      // queue it again without i-m-s 
+      // alternatively we could just unlink the file and let the user try again
+      if (IMSHit)
+      {
+	 Complete = false;
+	 Local = false;
+	 AuthPass = false;
+	 unlink(DestFile.c_str());
+
+	 DestFile = _config->FindDir("Dir::State::lists") + "partial/";
+	 DestFile += URItoFileName(RealURI);
+	 Desc.URI = RealURI;
+	 QueueURI(Desc);
+	 return;
+      }
+
+      // gpgv method failed 
       _error->Warning("GPG error: %s: %s",
                       Desc.Description.c_str(),
                       LookupTag(Message,"Message").c_str());
+
    }
 
    // No Release file was present, or verification failed, so fall
@@ -1037,7 +1071,7 @@ pkgAcqFile::pkgAcqFile(pkgAcquire *Owner,string URI,string MD5,
       else
 	 PartialSize = Buf.st_size;
    }
-   
+
    QueueURI(Desc);
 }
 									/*}}}*/