From 2737f28a1cb2d03c66d2a7edd04215566903dbf1 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 21 Jul 2014 11:19:37 +0200 Subject: Download Release first, then Release.gpg The old way of handling this was that pkgAcqMetaIndex was responsible to check/move both Release and Release.gpg in place. This breaks the assumption of the transaction that each pkgAcquire::Item has a single File that its responsible for. --- apt-pkg/acquire-item.cc | 93 ++++++++++++++------------- apt-pkg/acquire-item.h | 35 +++++----- apt-pkg/deb/debmetaindex.cc | 16 ++--- methods/gpgv.cc | 2 +- test/integration/test-apt-update-transactions | 1 + 5 files changed, 79 insertions(+), 68 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 81afdf4b1..fa41bca7a 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -88,7 +88,8 @@ pkgAcquire::Item::~Item() void pkgAcquire::Item::Failed(string Message,pkgAcquire::MethodConfig *Cnf) { Status = StatIdle; - ErrorText = LookupTag(Message,"Message"); + if(ErrorText == "") + ErrorText = LookupTag(Message,"Message"); UsedMirror = LookupTag(Message,"UsedMirror"); if (QueueCounter <= 1) { @@ -1314,19 +1315,20 @@ void pkgAcqIndexTrans::Failed(string Message,pkgAcquire::MethodConfig *Cnf) Item::Failed(Message,Cnf); } /*}}}*/ -pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner, /*{{{*/ +pkgAcqMetaSig::pkgAcqMetaSig(pkgAcqMetaIndex *MetaOwner, /*{{{*/ string URI,string URIDesc,string ShortDesc, - string MetaIndexURI, string MetaIndexURIDesc, - string MetaIndexShortDesc, + string MetaIndexFile, const vector* IndexTargets, indexRecords* MetaIndexParser) : - Item(Owner, HashStringList()), RealURI(URI), MetaIndexURI(MetaIndexURI), - MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc), - MetaIndexParser(MetaIndexParser), IndexTargets(IndexTargets) + Item(MetaOwner->GetOwner(), HashStringList()), RealURI(URI), + MetaIndexParser(MetaIndexParser), MetaIndexFile(MetaIndexFile), + IndexTargets(IndexTargets), AuthPass(false) { DestFile = _config->FindDir("Dir::State::lists") + "partial/"; DestFile += URItoFileName(URI); + TransactionID = (unsigned long)MetaOwner; + // remove any partial downloaded sig-file in partial/. // it may confuse proxies and is too small to warrant a // partial download anyway @@ -1337,7 +1339,8 @@ pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner, /*{{{*/ Desc.Owner = this; Desc.ShortDesc = ShortDesc; Desc.URI = URI; - + +#if 0 string Final = _config->FindDir("Dir::State::lists"); Final += URItoFileName(RealURI); if (RealFileExists(Final) == true) @@ -1350,9 +1353,9 @@ pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner, /*{{{*/ LastGoodSig = DestFile+".reverify"; Rename(Final,LastGoodSig); } - +#endif // we expect the indextargets + one additional Release file - ExpectedAdditionalItems = IndexTargets->size() + 1; + //ExpectedAdditionalItems = IndexTargets->size() + 1; QueueURI(Desc); } @@ -1404,10 +1407,17 @@ void pkgAcqMetaSig::Done(string Message,unsigned long long Size, HashStringList return; } - Complete = true; + // queue for verify + if(AuthPass == false) + { + AuthPass = true; + Desc.URI = "gpgv:" + DestFile; + DestFile = MetaIndexFile; + QueueURI(Desc); + return; + } - // at this point pkgAcqMetaIndex takes over - ExpectedAdditionalItems = 0; + Complete = true; // put the last known good file back on i-m-s hit (it will // be re-verified again) @@ -1416,10 +1426,13 @@ void pkgAcqMetaSig::Done(string Message,unsigned long long Size, HashStringList Rename(LastGoodSig, DestFile); // queue for copy - PartialFile = DestFile; + PartialFile = _config->FindDir("Dir::State::lists") + "partial/"; + PartialFile += URItoFileName(RealURI); + DestFile = _config->FindDir("Dir::State::lists"); DestFile += URItoFileName(RealURI); +#if 0 // queue a pkgAcqMetaIndex to be verified against the sig we just retrieved pkgAcqMetaIndex *metaindex = new pkgAcqMetaIndex( Owner, MetaIndexURI, MetaIndexURIDesc, @@ -1427,15 +1440,12 @@ void pkgAcqMetaSig::Done(string Message,unsigned long long Size, HashStringList MetaIndexParser); TransactionID = (unsigned long)metaindex; +#endif } /*}}}*/ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ { string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI); - - // at this point pkgAcqMetaIndex takes over - ExpectedAdditionalItems = 0; - // if we get a network error we fail gracefully if(Status == StatTransientNetworkError) { @@ -1451,11 +1461,11 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ // Delete any existing sigfile when the acquire failed unlink(Final.c_str()); - +#if 0 // queue a pkgAcqMetaIndex with no sigfile new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc, - "", IndexTargets, MetaIndexParser); - + "", IndexTargets, MetaIndexParser); +#endif if (Cnf->LocalOnly == true || StringToBool(LookupTag(Message,"Transient-Failure"),false) == false) { @@ -1471,11 +1481,13 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ /*}}}*/ pkgAcqMetaIndex::pkgAcqMetaIndex(pkgAcquire *Owner, /*{{{*/ string URI,string URIDesc,string ShortDesc, - string SigFile, + string MetaIndexSigURI,string MetaIndexSigURIDesc, string MetaIndexSigShortDesc, const vector* IndexTargets, indexRecords* MetaIndexParser) : - Item(Owner, HashStringList()), RealURI(URI), SigFile(SigFile), IndexTargets(IndexTargets), - MetaIndexParser(MetaIndexParser), AuthPass(false), IMSHit(false) + Item(Owner, HashStringList()), RealURI(URI), IndexTargets(IndexTargets), + MetaIndexParser(MetaIndexParser), AuthPass(false), IMSHit(false), + MetaIndexSigURI(MetaIndexSigURI), MetaIndexSigURIDesc(MetaIndexSigURIDesc), + MetaIndexSigShortDesc(MetaIndexSigShortDesc) { DestFile = _config->FindDir("Dir::State::lists") + "partial/"; DestFile += URItoFileName(URI); @@ -1490,7 +1502,6 @@ pkgAcqMetaIndex::pkgAcqMetaIndex(pkgAcquire *Owner, /*{{{*/ // we expect more item ExpectedAdditionalItems = IndexTargets->size(); - QueueURI(Desc); } /*}}}*/ @@ -1534,10 +1545,9 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long long Size,HashStringList if (SigFile == "") { - // There was no signature file, so we are finished. Download - // the indexes and do only hashsum verification if possible + // load indexes, the signature will downloaded afterwards MetaIndexParser->Load(DestFile); - QueueIndexes(false); + QueueIndexes(true); } else { @@ -1615,6 +1625,13 @@ void pkgAcqMetaIndex::RetrievalDone(string Message) /*{{{*/ } DestFile = FinalFile; } + + // queue a signature + if(SigFile != DestFile) + new pkgAcqMetaSig(this, MetaIndexSigURI, MetaIndexSigURIDesc, + MetaIndexSigShortDesc, DestFile, IndexTargets, + MetaIndexParser); + Complete = true; } /*}}}*/ @@ -1659,16 +1676,6 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/ /*}}}*/ void pkgAcqMetaIndex::QueueIndexes(bool verify) /*{{{*/ { -#if 0 - /* Reject invalid, existing Release files (LP: #346386) (Closes: #627642) - * FIXME: Disabled; it breaks unsigned repositories without hashes */ - if (!verify && FileExists(DestFile) && !MetaIndexParser->Load(DestFile)) - { - Status = StatError; - ErrorText = MetaIndexParser->ErrorText; - return; - } -#endif bool transInRelease = false; { std::vector const keys = MetaIndexParser->MetaKeys(); @@ -1919,9 +1926,9 @@ pkgAcqMetaClearSig::pkgAcqMetaClearSig(pkgAcquire *Owner, /*{{{*/ string const &MetaSigURI, string const &MetaSigURIDesc, string const &MetaSigShortDesc, const vector* IndexTargets, indexRecords* MetaIndexParser) : - pkgAcqMetaIndex(Owner, URI, URIDesc, ShortDesc, "", IndexTargets, MetaIndexParser), - MetaIndexURI(MetaIndexURI), MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc), - MetaSigURI(MetaSigURI), MetaSigURIDesc(MetaSigURIDesc), MetaSigShortDesc(MetaSigShortDesc) + pkgAcqMetaIndex(Owner, URI, URIDesc, ShortDesc, MetaSigURI, MetaSigURIDesc,MetaSigShortDesc, IndexTargets, MetaIndexParser), + MetaIndexURI(MetaIndexURI), MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc), + MetaSigURI(MetaSigURI), MetaSigURIDesc(MetaSigURIDesc), MetaSigShortDesc(MetaSigShortDesc) { SigFile = DestFile; @@ -1983,9 +1990,9 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /* if (FileExists(FinalFile)) unlink(FinalFile.c_str()); - new pkgAcqMetaSig(Owner, - MetaSigURI, MetaSigURIDesc, MetaSigShortDesc, + new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc, + MetaSigURI, MetaSigURIDesc, MetaSigShortDesc, IndexTargets, MetaIndexParser); if (Cnf->LocalOnly == true || StringToBool(LookupTag(Message, "Transient-Failure"), false) == false) diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index 6c9fec695..6235c353b 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -450,6 +450,15 @@ class pkgAcqMetaIndex : public pkgAcquire::Item * no hashsum checking will be performed. */ void QueueIndexes(bool verify); + + /** \brief The URI of the meta-index file for the detached signature */ + std::string MetaIndexSigURI; + + /** \brief A "URI-style" description of the meta-index file */ + std::string MetaIndexSigURIDesc; + + /** \brief A brief description of the meta-index file */ + std::string MetaIndexSigShortDesc; public: @@ -464,7 +473,7 @@ class pkgAcqMetaIndex : public pkgAcquire::Item /** \brief Create a new pkgAcqMetaIndex. */ pkgAcqMetaIndex(pkgAcquire *Owner, std::string URI,std::string URIDesc, std::string ShortDesc, - std::string SigFile, + std::string MetaIndexSigURI, std::string MetaIndexSigURIDesc, std::string MetaIndexSigShortDesc, const std::vector* IndexTargets, indexRecords* MetaIndexParser); }; @@ -1009,22 +1018,12 @@ class pkgAcqMetaSig : public pkgAcquire::Item */ std::string RealURI; - /** \brief The URI of the meta-index file to be fetched after the signature. */ - std::string MetaIndexURI; - - /** \brief A "URI-style" description of the meta-index file to be - * fetched after the signature. - */ - std::string MetaIndexURIDesc; - - /** \brief A brief description of the meta-index file to be fetched - * after the signature. - */ - std::string MetaIndexShortDesc; - /** \brief A package-system-specific parser for the meta-index file. */ indexRecords* MetaIndexParser; + /** \brief The file we need to verify */ + std::string MetaIndexFile; + /** \brief The index files which should be looked up in the meta-index * and then downloaded. * @@ -1032,6 +1031,9 @@ class pkgAcqMetaSig : public pkgAcquire::Item */ const std::vector* IndexTargets; + /** \brief if we are in fetching or download state */ + bool AuthPass; + public: // Specialized action members @@ -1042,8 +1044,9 @@ class pkgAcqMetaSig : public pkgAcquire::Item virtual std::string DescURI() const {return RealURI; }; /** \brief Create a new pkgAcqMetaSig. */ - pkgAcqMetaSig(pkgAcquire *Owner,std::string URI,std::string URIDesc, std::string ShortDesc, - std::string MetaIndexURI, std::string MetaIndexURIDesc, std::string MetaIndexShortDesc, + pkgAcqMetaSig(pkgAcqMetaIndex *MetaOwner, + std::string URI,std::string URIDesc, std::string ShortDesc, + std::string MetaIndexFile, const std::vector* IndexTargets, indexRecords* MetaIndexParser); virtual ~pkgAcqMetaSig(); diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 73010e867..98f99e888 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -267,24 +267,24 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const if (tryInRelease == false) new pkgAcqMetaIndex(Owner, MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release", - MetaIndexURI("Release.gpg"), + MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg", ComputeIndexTargets(), new indexRecords (Dist)); } if (tryInRelease == true) - new pkgAcqMetaClearSig(Owner, MetaIndexURI("InRelease"), - MetaIndexInfo("InRelease"), "InRelease", + new pkgAcqMetaClearSig(Owner, + MetaIndexURI("InRelease"), MetaIndexInfo("InRelease"), "InRelease", MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release", MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg", ComputeIndexTargets(), new indexRecords (Dist)); else - new pkgAcqMetaSig(Owner, MetaIndexURI("Release.gpg"), - MetaIndexInfo("Release.gpg"), "Release.gpg", - MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release", - ComputeIndexTargets(), - new indexRecords (Dist)); + new pkgAcqMetaIndex(Owner, + MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release", + MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg", + ComputeIndexTargets(), + new indexRecords (Dist)); return true; } diff --git a/methods/gpgv.cc b/methods/gpgv.cc index ae521a2ed..30fd217bd 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -159,7 +159,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, waitpid(pid, &status, 0); if (Debug == true) { - std::clog << "gpgv exited\n"; + ioprintf(std::clog, "gpgv exited with status %i\n", WEXITSTATUS(status)); } if (WEXITSTATUS(status) == 0) diff --git a/test/integration/test-apt-update-transactions b/test/integration/test-apt-update-transactions index ee8d20dbf..247334991 100755 --- a/test/integration/test-apt-update-transactions +++ b/test/integration/test-apt-update-transactions @@ -21,3 +21,4 @@ compressfile aptarchive/dists/unstable/main/binary-i386/Packages '+1hour' # ensure that a update will only succeed entirely or not at all testfailure aptget update testequal "partial" ls rootdir/var/lib/apt/lists + -- cgit v1.2.3