From 698f9e3f9877be2aa181d6e40d3dc5c41ea318b7 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Tue, 16 Jan 2018 16:53:46 +0100 Subject: Introduce inrelease-path option for sources.list Allow specifying an alternative path to the InRelease file, so you can have multiple versions of a repository, for example. Enabling this option disables fallback to Release and Release.gpg, so setting it to InRelease can be used to ensure that only that will be tried. We add two test cases: One for checking that it works, and another for checking that the fallback does not happen. Closes: #886745 --- apt-pkg/acquire-item.cc | 25 +++++++++++++++++++++---- apt-pkg/deb/debmetaindex.cc | 4 ++++ apt-pkg/indexfile.cc | 1 + apt-pkg/indexfile.h | 4 +++- doc/sources.list.5.xml | 9 +++++++++ test/integration/test-apt-by-hash-update | 28 ++++++++++++++++++++++++++++ 6 files changed, 66 insertions(+), 5 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 611876dd2..7fcc5867a 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1324,9 +1324,13 @@ bool pkgAcqMetaBase::CheckDownloadDone(pkgAcqTransactionItem * const I, const st // Save the final base URI we got this Release file from if (I->UsedMirror.empty() == false && _config->FindB("Acquire::SameMirrorForAllIndexes", true)) { - if (APT::String::Endswith(I->Desc.URI, "InRelease")) + auto InReleasePath = Target.Option(IndexTarget::INRELEASE_PATH); + if (InReleasePath.empty()) + InReleasePath = "InRelease"; + + if (APT::String::Endswith(I->Desc.URI, InReleasePath)) { - TransactionManager->BaseURI = I->Desc.URI.substr(0, I->Desc.URI.length() - strlen("InRelease")); + TransactionManager->BaseURI = I->Desc.URI.substr(0, I->Desc.URI.length() - InReleasePath.length()); TransactionManager->UsedMirror = I->UsedMirror; } else if (APT::String::Endswith(I->Desc.URI, "Release")) @@ -1871,6 +1875,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c auto const failreason = LookupTag(Message, "FailReason"); auto const httperror = "HttpError"; if (Status == StatAuthError || + Target.Option(IndexTarget::INRELEASE_PATH).empty() == false || /* do not fallback if InRelease was requested */ (strncmp(failreason.c_str(), httperror, strlen(httperror)) == 0 && failreason != "HttpError404")) { @@ -1880,7 +1885,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c // as this is gonna fail anyway and instead abort our try (LP#346386) _error->PushToStack(); _error->Error(_("Failed to fetch %s %s"), Target.URI.c_str(), ErrorText.c_str()); - if (AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) + if (Target.Option(IndexTarget::INRELEASE_PATH).empty() == true && AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) _error->RevertToStack(); else return; @@ -1941,7 +1946,19 @@ pkgAcqMetaIndex::pkgAcqMetaIndex(pkgAcquire * const Owner, /*{{{*/ Desc.Description = DataTarget.Description; Desc.Owner = this; Desc.ShortDesc = DataTarget.ShortDesc; - Desc.URI = DataTarget.URI; + + // Rewrite the description URI if INRELEASE_PATH was specified so + // we download the specified file instead. + auto InReleasePath = DataTarget.Option(IndexTarget::INRELEASE_PATH); + if (InReleasePath.empty() == false && APT::String::Endswith(DataTarget.URI, "/InRelease")) + { + Desc.URI = DataTarget.URI.substr(0, DataTarget.URI.size() - strlen("InRelease")) + InReleasePath; + } + else + { + Desc.URI = DataTarget.URI; + } + QueueURI(Desc); } /*}}}*/ diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 2688052a4..59a26390e 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -1092,6 +1092,10 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ if (GetBoolOption(Options, "allow-downgrade-to-insecure", _config->FindB("Acquire::AllowDowngradeToInsecureRepositories"))) ReleaseOptions.emplace("ALLOW_DOWNGRADE_TO_INSECURE", "true"); + auto InReleasePath = Options.find("inrelease-path"); + if (InReleasePath != Options.end()) + ReleaseOptions.emplace("INRELEASE_PATH", InReleasePath->second); + debReleaseIndex * Deb = nullptr; std::string const FileName = URItoFileName(constructMetaIndexURI(URI, Dist, "Release")); for (auto const &I: List) diff --git a/apt-pkg/indexfile.cc b/apt-pkg/indexfile.cc index 679e2eab8..96ae2f93b 100644 --- a/apt-pkg/indexfile.cc +++ b/apt-pkg/indexfile.cc @@ -149,6 +149,7 @@ std::string IndexTarget::Option(OptionKeys const EnumKey) const /*{{{*/ APT_CASE(ALLOW_INSECURE); APT_CASE(ALLOW_WEAK); APT_CASE(ALLOW_DOWNGRADE_TO_INSECURE); + APT_CASE(INRELEASE_PATH); #undef APT_CASE case FILENAME: { diff --git a/apt-pkg/indexfile.h b/apt-pkg/indexfile.h index 7ebbd66f1..31b95172e 100644 --- a/apt-pkg/indexfile.h +++ b/apt-pkg/indexfile.h @@ -72,7 +72,8 @@ class IndexTarget /*{{{*/ std::string const &LongDesc, std::string const &URI, bool const IsOptional, bool const KeepCompressed, std::map const &Options); - enum OptionKeys { + enum OptionKeys + { SITE, RELEASE, COMPONENT, @@ -95,6 +96,7 @@ class IndexTarget /*{{{*/ ALLOW_INSECURE, ALLOW_WEAK, ALLOW_DOWNGRADE_TO_INSECURE, + INRELEASE_PATH, }; std::string Option(OptionKeys const Key) const; bool OptionBool(OptionKeys const Key) const; diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml index bfad35aa7..b19808636 100644 --- a/doc/sources.list.5.xml +++ b/doc/sources.list.5.xml @@ -343,6 +343,15 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [. default. + () + determines the path to the InRelease file, relative + to the normal position of an InRelease file. + By default, this option is unset and APT will try to fetch an InRelease + or, if that fails, a Release file and its associated Release.gpg file. By setting this option, + the specified path will be tried instead of the InRelease file, + and the fallback to Release files will be disabled. + + diff --git a/test/integration/test-apt-by-hash-update b/test/integration/test-apt-by-hash-update index 9701f97f9..f4794a84f 100755 --- a/test/integration/test-apt-by-hash-update +++ b/test/integration/test-apt-by-hash-update @@ -77,3 +77,31 @@ ensureitsbroken -o Acquire::By-Hash=0 sed -i "s#^\(deb\(-src\)\?\) \[by-hash=yes\] #\1 [by-hash=force] #" rootdir/etc/apt/sources.list.d/* ensureitworks #ensureitsbroken -o Acquire::By-Hash=0 + + + +msgmsg 'Test InRelease by-hash via' 'sources option' + +rm -rf aptarchive/dists +cp -a aptarchive/dists.bak aptarchive/dists +mkdir -p aptarchive/dists/unstable/by-hash/SHA256 +inrelease_hash=$(sha256sum aptarchive/dists/unstable/InRelease | awk '{print $1}') +mv aptarchive/dists/unstable/InRelease aptarchive/dists/unstable/by-hash/SHA256/$inrelease_hash +#ensureitworks -o Acquire::By-Hash=force +ensureitsbroken -o Acquire::By-Hash=1 +ensureitsbroken -o Acquire::By-Hash=0 + +sed -i "s#^\(deb\(-src\)\?\) \[by-hash=force\] #\1 [by-hash=force inrelease-path=by-hash/SHA256/$inrelease_hash] #" rootdir/etc/apt/sources.list.d/* +ensureitworks +#ensureitsbroken -o Acquire::By-Hash=0 + +msgmsg 'Test InRelease by-hash with' 'no fallback' + +rm -rf aptarchive/dists +cp -a aptarchive/dists.bak aptarchive/dists + +testfailureequal "Get:1 file:${TMPWORKINGDIRECTORY}/aptarchive unstable InRelease +Err:1 file:${TMPWORKINGDIRECTORY}/aptarchive unstable InRelease + File not found - ${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/by-hash/SHA256/${inrelease_hash} (2: No such file or directory) +Reading package lists... +E: Failed to fetch file://${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/InRelease File not found - ${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/by-hash/SHA256/${inrelease_hash} (2: No such file or directory)" aptget update -- cgit v1.2.3