From 7abcfdde365d2f1110b1f1189e3fce04abdac98c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 1 Aug 2014 17:13:15 +0200 Subject: check hashes of compressed files as well --- apt-pkg/acquire-item.cc | 14 ++++++++++++++ test/integration/test-apt-update-rollback | 29 +++++++++++++++++------------ 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 43c09e7b5..c75ef36a9 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1178,6 +1178,20 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList con unlink(DestFile.c_str()); #endif return; + } else { + // FIXME: use the same method to find + // check the compressed hash too + if(MetaKey != "" && Hashes.size() > 0) + { + indexRecords::checkSum *Record = MetaIndexParser->Lookup(MetaKey); + if(Record && Record->Hashes.usable() && Hashes != Record->Hashes) + { + RenameOnError(HashSumMismatch); + printHashSumComparision(RealURI, Record->Hashes, Hashes); + Failed(Message, Cfg); + return; + } + } } Erase = false; diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 4eef2aecf..b8a2b0791 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -61,9 +61,7 @@ test_inrelease_to_broken_hash_reverts_all() { # test the error condition testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease -W: Failed to fetch copy:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch - -W: Failed to fetch copy:${APTARCHIVE}/dists/unstable/main/binary-i386/Packages +W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # ensure that the Packages file is also rolled back @@ -108,9 +106,7 @@ W: Failed to fetch file:$APTARCHIVE/dists/unstable/Release W: Failed to fetch file:$APTARCHIVE/dists/unstable/Release.gpg -W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch - -W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/binary-i386/Packages +W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # -o Debug::acquire::transaction=1 @@ -139,9 +135,7 @@ E: There are problems and -y was used without --force-yes" aptget install -qq -y testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease -W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch - -W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/binary-i386/Packages +W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq @@ -166,6 +160,19 @@ W: Some index files failed to download. They have been ignored, or old ones used testsuccess ls rootdir/var/lib/apt/lists/*_InRelease } +test_inrelease_to_broken_gzip() { + msgmsg "Test InRelease to broken gzip" + create_fresh_archive + # append junk at the end of the gzip, this + echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz + # remove uncompressed file, otherwise apt will just fallback fetching + # that + rm $APTARCHIVE/dists/unstable/main/source/Sources + avoid_ims_hit + + testfailure aptget update +} + TESTDIR=$(readlink -f $(dirname $0)) . $TESTDIR/framework @@ -190,10 +197,8 @@ APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )" test_inrelease_to_new_inrelease test_inrelease_to_broken_hash_reverts_all - test_inreleae_to_valid_release test_inreleae_to_release_reverts_all - test_unauthenticated_to_invalid_inrelease - test_inrelease_to_unauth_inrelease +test_inrelease_to_broken_gzip -- cgit v1.2.3