From 3568a640bd363409cdeb1cb69eaa3261c79f2ff2 Mon Sep 17 00:00:00 2001
From: Michael Vogt <michael.vogt@ubuntu.com>
Date: Fri, 5 Aug 2011 12:26:35 +0200
Subject: * apt-pkg/acquire-item.cc:   - if no Release.gpg file is found, still
 load the hashes for     verification (closes: #636314) and add test

---
 apt-pkg/acquire-item.cc                    | 5 +++--
 debian/changelog                           | 3 +++
 test/integration/test-hashsum-verification | 7 +++++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 215615bdd..ebd8d5a12 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1258,8 +1258,9 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string Hash,	/*{{{*
       if (SigFile == "")
       {
          // There was no signature file, so we are finished.  Download
-         // the indexes without verification.
-         QueueIndexes(false);
+         // the indexes and do hashsum verification
+         MetaIndexParser->Load(DestFile);
+         QueueIndexes(true);
       }
       else
       {
diff --git a/debian/changelog b/debian/changelog
index 1dec5dce0..f162e20f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,9 @@ apt (0.8.15.6) unstable; urgency=low
       (LP: #812862)
   * test/integration/test-hashsum-verification:
     - add regression test for hashsum verification
+  * apt-pkg/acquire-item.cc:
+    - if no Release.gpg file is found, still load the hashes for
+      verification (closes: #636314) and add test
 
  -- Michael Vogt <mvo@debian.org>  Tue, 12 Jul 2011 11:54:47 +0200
 
diff --git a/test/integration/test-hashsum-verification b/test/integration/test-hashsum-verification
index 29420c098..033096ee8 100755
--- a/test/integration/test-hashsum-verification
+++ b/test/integration/test-hashsum-verification
@@ -70,6 +70,13 @@ runtest() {
         msgtest 'No Packages file in /var/lib/apt/lists'
         [ "$(ls rootdir/var/lib/apt/lists/*Package* 2>/dev/null)" = "" ] && msgpass || msgfail 
         
+        # now with the unsigned Release file
+        rm -rf rootdir/var/lib/apt/lists
+        rm aptarchive/InRelease aptarchive/Release.gpg
+        msgtest 'unsigned apt-get update gets the expected hashsum mismatch'
+	aptget update 2>&1 | grep "Hash Sum mismatch" > /dev/null && msgpass || msgfail
+
+
 }
 
 runtest
-- 
cgit v1.2.3