4 files changed, 29 insertions, 5 deletions

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 611876dd2..7fcc5867a 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1324,9 +1324,13 @@ bool pkgAcqMetaBase::CheckDownloadDone(pkgAcqTransactionItem * const I, const st
    // Save the final base URI we got this Release file from
    if (I->UsedMirror.empty() == false && _config->FindB("Acquire::SameMirrorForAllIndexes", true))
    {
-      if (APT::String::Endswith(I->Desc.URI, "InRelease"))
+      auto InReleasePath = Target.Option(IndexTarget::INRELEASE_PATH);
+      if (InReleasePath.empty())
+	 InReleasePath = "InRelease";
+
+      if (APT::String::Endswith(I->Desc.URI, InReleasePath))
       {
-	 TransactionManager->BaseURI = I->Desc.URI.substr(0, I->Desc.URI.length() - strlen("InRelease"));
+	 TransactionManager->BaseURI = I->Desc.URI.substr(0, I->Desc.URI.length() - InReleasePath.length());
 	 TransactionManager->UsedMirror = I->UsedMirror;
       }
       else if (APT::String::Endswith(I->Desc.URI, "Release"))
@@ -1871,6 +1875,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
       auto const failreason = LookupTag(Message, "FailReason");
       auto const httperror = "HttpError";
       if (Status == StatAuthError ||
+	  Target.Option(IndexTarget::INRELEASE_PATH).empty() == false || /* do not fallback if InRelease was requested */
 	  (strncmp(failreason.c_str(), httperror, strlen(httperror)) == 0 &&
 	   failreason != "HttpError404"))
       {
@@ -1880,7 +1885,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
 	 // as this is gonna fail anyway and instead abort our try (LP#346386)
 	 _error->PushToStack();
 	 _error->Error(_("Failed to fetch %s  %s"), Target.URI.c_str(), ErrorText.c_str());
-	 if (AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
+	 if (Target.Option(IndexTarget::INRELEASE_PATH).empty() == true && AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
 	    _error->RevertToStack();
 	 else
 	    return;
@@ -1941,7 +1946,19 @@ pkgAcqMetaIndex::pkgAcqMetaIndex(pkgAcquire * const Owner,		/*{{{*/
    Desc.Description = DataTarget.Description;
    Desc.Owner = this;
    Desc.ShortDesc = DataTarget.ShortDesc;
-   Desc.URI = DataTarget.URI;
+
+   // Rewrite the description URI if INRELEASE_PATH was specified so
+   // we download the specified file instead.
+   auto InReleasePath = DataTarget.Option(IndexTarget::INRELEASE_PATH);
+   if (InReleasePath.empty() == false && APT::String::Endswith(DataTarget.URI, "/InRelease"))
+   {
+      Desc.URI = DataTarget.URI.substr(0, DataTarget.URI.size() - strlen("InRelease")) + InReleasePath;
+   }
+   else
+   {
+      Desc.URI = DataTarget.URI;
+   }
+
    QueueURI(Desc);
 }
 									/*}}}*/
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 2688052a4..59a26390e 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -1092,6 +1092,10 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type		/*{{{*/
       if (GetBoolOption(Options, "allow-downgrade-to-insecure", _config->FindB("Acquire::AllowDowngradeToInsecureRepositories")))
 	 ReleaseOptions.emplace("ALLOW_DOWNGRADE_TO_INSECURE", "true");
 
+      auto InReleasePath = Options.find("inrelease-path");
+      if (InReleasePath != Options.end())
+	 ReleaseOptions.emplace("INRELEASE_PATH", InReleasePath->second);
+
       debReleaseIndex * Deb = nullptr;
       std::string const FileName = URItoFileName(constructMetaIndexURI(URI, Dist, "Release"));
       for (auto const &I: List)
diff --git a/apt-pkg/indexfile.cc b/apt-pkg/indexfile.cc
index 679e2eab8..96ae2f93b 100644
--- a/apt-pkg/indexfile.cc
+++ b/apt-pkg/indexfile.cc
@@ -149,6 +149,7 @@ std::string IndexTarget::Option(OptionKeys const EnumKey) const		/*{{{*/
       APT_CASE(ALLOW_INSECURE);
       APT_CASE(ALLOW_WEAK);
       APT_CASE(ALLOW_DOWNGRADE_TO_INSECURE);
+      APT_CASE(INRELEASE_PATH);
 #undef APT_CASE
       case FILENAME:
       {
diff --git a/apt-pkg/indexfile.h b/apt-pkg/indexfile.h
index 7ebbd66f1..31b95172e 100644
--- a/apt-pkg/indexfile.h
+++ b/apt-pkg/indexfile.h
@@ -72,7 +72,8 @@ class IndexTarget							/*{{{*/
 	 std::string const &LongDesc, std::string const &URI, bool const IsOptional,
 	 bool const KeepCompressed, std::map<std::string, std::string> const &Options);
 
-   enum OptionKeys {
+   enum OptionKeys
+   {
       SITE,
       RELEASE,
       COMPONENT,
@@ -95,6 +96,7 @@ class IndexTarget							/*{{{*/
       ALLOW_INSECURE,
       ALLOW_WEAK,
       ALLOW_DOWNGRADE_TO_INSECURE,
+      INRELEASE_PATH,
    };
    std::string Option(OptionKeys const Key) const;
    bool OptionBool(OptionKeys const Key) const;