From d0c7d4d6328418b7c9f434a3398e5f7e08b7359c Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 11 Nov 2016 13:05:38 +0100 Subject: don't warn if untransformed distribution matches A suite or codename entry in the Release file is checked against the distribution field in the sources.list entry that lead to the download of that Release file. This distribution entry can contain slashes in the distribution field: deb http://security.debian.org/debian wheezy/updates main However, the Release file may only contain "wheezy" in the Codename field and not "wheezy/updates". So a transformation needs to take place that removes the last / and everything that comes after (e.g. "/updates"). This fails, however, for valid cases like a reprepro snapshot where the given Codename contains slashes but is perfectly fine and doesn't need to be transformed. Since that transformation is essentially just a workaround for special cases like the security repository, it should be checked if the literal Codename without any transformations happened is valid and only if isn't the dist should be checked against the transformated one. This way special cases like security.debian.org are handled and reprepro snapshots work too. The initial patch was taken as insperationto move whole transformation to CheckDist() which makes this method more accepting & easier to use (but according to codesearch.d.n we are the only users anyhow). Thanks: Lukas Anzinger for initial patch Closes: 644610 --- apt-pkg/acquire-item.cc | 45 ++++------------------ apt-pkg/metaindex.cc | 26 +++++++++---- ...bug-841874-warning-for-mismatching-distribution | 11 ++++++ 3 files changed, 37 insertions(+), 45 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 163743ce0..54cb9db71 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1561,24 +1561,6 @@ void pkgAcqMetaClearSig::QueueIndexes(bool const verify) /*{{{*/ /*}}}*/ bool pkgAcqMetaBase::VerifyVendor(string const &) /*{{{*/ { - string Transformed = TransactionManager->MetaIndexParser->GetExpectedDist(); - - if (Transformed == "../project/experimental") - { - Transformed = "experimental"; - } - - auto pos = Transformed.rfind('/'); - if (pos != string::npos) - { - Transformed = Transformed.substr(0, pos); - } - - if (Transformed == ".") - { - Transformed = ""; - } - if (TransactionManager->MetaIndexParser->GetValidUntil() > 0) { time_t const invalid_since = time(NULL) - TransactionManager->MetaIndexParser->GetValidUntil(); @@ -1613,30 +1595,19 @@ bool pkgAcqMetaBase::VerifyVendor(string const &) /*{{{*/ TransactionManager->LastMetaIndexParser = NULL; } - if (_config->FindB("Debug::pkgAcquire::Auth", false)) + if (_config->FindB("Debug::pkgAcquire::Auth", false)) { std::cerr << "Got Codename: " << TransactionManager->MetaIndexParser->GetCodename() << std::endl; + std::cerr << "Got Suite: " << TransactionManager->MetaIndexParser->GetSuite() << std::endl; std::cerr << "Expecting Dist: " << TransactionManager->MetaIndexParser->GetExpectedDist() << std::endl; - std::cerr << "Transformed Dist: " << Transformed << std::endl; - } - - if (TransactionManager->MetaIndexParser->CheckDist(Transformed) == false) - { - // This might become fatal one day -// Status = StatAuthError; -// ErrorText = "Conflicting distribution; expected " -// + MetaIndexParser->GetExpectedDist() + " but got " -// + MetaIndexParser->GetCodename(); -// return false; - if (!Transformed.empty()) - { - _error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"), - Desc.Description.c_str(), - Transformed.c_str(), - TransactionManager->MetaIndexParser->GetCodename().c_str()); - } } + // One day that might become fatal… + auto const ExpectedDist = TransactionManager->MetaIndexParser->GetExpectedDist(); + auto const NowCodename = TransactionManager->MetaIndexParser->GetCodename(); + if (TransactionManager->MetaIndexParser->CheckDist(ExpectedDist) == false) + _error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"), + Desc.Description.c_str(), ExpectedDist.c_str(), NowCodename.c_str()); return true; } /*}}}*/ diff --git a/apt-pkg/metaindex.cc b/apt-pkg/metaindex.cc index 281824855..8b31051fb 100644 --- a/apt-pkg/metaindex.cc +++ b/apt-pkg/metaindex.cc @@ -57,15 +57,25 @@ APT_PURE bool metaIndex::GetSupportsAcquireByHash() const { return SupportsAcqui APT_PURE time_t metaIndex::GetValidUntil() const { return ValidUntil; } APT_PURE time_t metaIndex::GetDate() const { return this->Date; } APT_PURE metaIndex::TriState metaIndex::GetLoadedSuccessfully() const { return LoadedSuccessfully; } - -APT_PURE bool metaIndex::CheckDist(string const &MaybeDist) const -{ - return (this->Codename == MaybeDist - || this->Suite == MaybeDist); -} -APT_PURE std::string metaIndex::GetExpectedDist() const +APT_PURE std::string metaIndex::GetExpectedDist() const { return Dist; } + /*}}}*/ +bool metaIndex::CheckDist(string const &MaybeDist) const /*{{{*/ { - return Dist; + if (MaybeDist.empty() || this->Codename == MaybeDist || this->Suite == MaybeDist) + return true; + + std::string Transformed = MaybeDist; + if (Transformed == "../project/experimental") + Transformed = "experimental"; + + auto const pos = Transformed.rfind('/'); + if (pos != string::npos) + Transformed = Transformed.substr(0, pos); + + if (Transformed == ".") + Transformed.clear(); + + return Transformed.empty() || this->Codename == Transformed || this->Suite == Transformed; } /*}}}*/ APT_PURE metaIndex::checkSum *metaIndex::Lookup(string const &MetaKey) const /*{{{*/ diff --git a/test/integration/test-bug-841874-warning-for-mismatching-distribution b/test/integration/test-bug-841874-warning-for-mismatching-distribution index 9b9f1982e..7502eefc3 100755 --- a/test/integration/test-bug-841874-warning-for-mismatching-distribution +++ b/test/integration/test-bug-841874-warning-for-mismatching-distribution @@ -36,3 +36,14 @@ testfailure apt show foo ln -s "${APTARCHIVE}/dists/testing" "${APTARCHIVE}/dists/stretch/updates" testsuccess apt update testsuccess apt show foo + +# … but only if needed +rm -rf rootdir/var/lib/apt/lists +sed -i -e 's#stretch#buster#g' rootdir/etc/apt/sources.list.d/* +sed -i -e 's#^Codename: stretch$#Codename: buster/updates#g' $(find ./aptarchive -name 'Release') +signreleasefiles +testfailure apt update +testfailure apt show foo +ln -s "${APTARCHIVE}/dists/testing" "${APTARCHIVE}/dists/buster" +testsuccess apt update +testsuccess apt show foo -- cgit v1.2.3