From 1dca8dc55c1fcf4bda07a7e8285de7f225448697 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 16 Apr 2014 15:28:23 +0200 Subject: load the size from the metaindex into the fetcher to have even more accurate progress information --- apt-pkg/indexrecords.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index e31f889ad..2260a4ae1 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -41,7 +41,7 @@ class indexRecords indexRecords(const std::string ExpectedDist); // Lookup function - virtual const checkSum *Lookup(const std::string MetaKey); + virtual checkSum *Lookup(const std::string MetaKey); /** \brief tests if a checksum for this file is available */ bool Exists(std::string const &MetaKey) const; std::vector MetaKeys(); -- cgit v1.2.3 From b3501edb7091ca3aa6c2d6d96dc667b8161dd2b9 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 19 Aug 2013 00:00:23 +0200 Subject: use HashStringList in the acquire system It is not very extensible to have the supported Hashes hardcoded everywhere and especially if it is part of virtual method names. It is also possible that a method does not support the 'best' hash (yet), so we might end up not being able to verify a file even though we have a common subset of supported hashes. And those are just two of the cases in which it is handy to have a more dynamic selection. The downside is that this is a MAJOR API break, but the HashStringList has a string constructor for compatibility, so with a bit of luck the few frontends playing with the acquire system directly are okay. --- apt-pkg/indexrecords.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index 2260a4ae1..14b03c4d5 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -55,11 +55,21 @@ class indexRecords virtual ~indexRecords(){}; }; +#if __GNUC__ >= 4 + // ensure that con- & de-structor don't trigger this warning + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif struct indexRecords::checkSum { std::string MetaKeyFilename; - HashString Hash; + HashStringList Hashes; unsigned long long Size; + + APT_DEPRECATED HashString Hash; }; +#if __GNUC__ >= 4 + #pragma GCC diagnostic pop +#endif #endif -- cgit v1.2.3 From a2fdb57ff93c1b1f35b796c3c99878ec3ae54a06 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 22 May 2014 17:36:09 +0200 Subject: Add APT::Acquire::$(host)::By-Hash=1 knob, add Acquire-By-Hash to Release file The by-hash can be configured on a per-hostname basis and a Release file can indicate that it has by-hash support via a new flag. The location of the hash now matches the AptByHash spec --- apt-pkg/indexrecords.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index 14b03c4d5..bb0fd5564 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -26,12 +26,15 @@ class indexRecords public: struct checkSum; std::string ErrorText; + // dpointer (for later9 + void * d; protected: std::string Dist; std::string Suite; std::string ExpectedDist; time_t ValidUntil; + bool SupportsAcquireByHash; std::map Entries; @@ -49,6 +52,7 @@ class indexRecords virtual bool Load(std::string Filename); std::string GetDist() const; std::string GetSuite() const; + bool GetSupportsAcquireByHash() const; time_t GetValidUntil() const; virtual bool CheckDist(const std::string MaybeDist) const; std::string GetExpectedDist() const; -- cgit v1.2.3 From 3809194b662f48733916e6248cd0c141f281313d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 29 Sep 2014 15:41:12 +0200 Subject: mark private methods as hidden We are the only possible users of private methods, so we are also the only users who can potentially export them via using them in inline methods. The point is: We don't need these symbols exported if we don't do this, so marking them as hidden removes some methods from the API without breaking anything as nobody could have used them. Git-Dch: Ignore --- apt-pkg/indexrecords.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index bb0fd5564..f2d2c775c 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -21,7 +21,7 @@ class indexRecords { - bool parseSumData(const char *&Start, const char *End, std::string &Name, + APT_HIDDEN bool parseSumData(const char *&Start, const char *End, std::string &Name, std::string &Hash, unsigned long long &Size); public: struct checkSum; -- cgit v1.2.3 From 862bafea48af2ceaf96345db237b461307a021f6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 13 Oct 2014 08:05:57 +0200 Subject: do not inline virtual destructors with d-pointers Reimplementing an inline method is opening a can of worms we don't want to open if we ever want to us a d-pointer in those classes, so we do the only thing which can save us from hell: move the destructors into the cc sources and we are good. Technically not an ABI break as the methods inline or not do the same (nothing), so a program compiled against the old version still works with the new version (beside that this version is still in experimental, so nothing really has been build against this library anyway). Git-Dch: Ignore --- apt-pkg/indexrecords.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index f2d2c775c..e1a2c0f74 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -56,7 +56,7 @@ class indexRecords time_t GetValidUntil() const; virtual bool CheckDist(const std::string MaybeDist) const; std::string GetExpectedDist() const; - virtual ~indexRecords(){}; + virtual ~indexRecords(); }; #if __GNUC__ >= 4 -- cgit v1.2.3 From 07cb47e71f4de7e3c57f9dcfbfb82e4e5566aed6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 13 Oct 2014 08:12:06 +0200 Subject: trusted=yes sources are secure, we just don't know why Do not require a special flag to be present to update trusted=yes sources as this flag in the sources.list is obviously special enough. Note that this is just disabling the error message, the user will still be warned about all the (possible) failures the repository generated, it is just triggering the acceptance of the warnings on a source-by-source level. Similarily, the trusted=no flag doesn't require the user to pass additional flags to update, if the repository looks fine in the view of apt it will update just fine. The unauthenticated warnings will "just" be presented then the data is used. In case you wonder: Both was the behavior in previous versions, too. --- apt-pkg/indexrecords.h | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index e1a2c0f74..88a06779c 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -26,9 +26,12 @@ class indexRecords public: struct checkSum; std::string ErrorText; - // dpointer (for later9 + + private: + enum APT_HIDDEN { ALWAYS_TRUSTED, NEVER_TRUSTED, CHECK_TRUST } Trusted; + // dpointer (for later) void * d; - + protected: std::string Dist; std::string Suite; @@ -40,8 +43,7 @@ class indexRecords public: - indexRecords(); - indexRecords(const std::string ExpectedDist); + indexRecords(const std::string &ExpectedDist = ""); // Lookup function virtual checkSum *Lookup(const std::string MetaKey); @@ -50,12 +52,27 @@ class indexRecords std::vector MetaKeys(); virtual bool Load(std::string Filename); + virtual bool CheckDist(const std::string MaybeDist) const; + std::string GetDist() const; std::string GetSuite() const; bool GetSupportsAcquireByHash() const; time_t GetValidUntil() const; - virtual bool CheckDist(const std::string MaybeDist) const; std::string GetExpectedDist() const; + + /** \brief check if source is marked as always trusted */ + bool IsAlwaysTrusted() const; + /** \brief check if source is marked as never trusted */ + bool IsNeverTrusted() const; + + /** \brief sets an explicit trust value + * + * \b true means that the source should always be considered trusted, + * while \b false marks a source as always untrusted, even if we have + * a valid signature and everything. + */ + void SetTrusted(bool const Trusted); + virtual ~indexRecords(); }; -- cgit v1.2.3 From 586d8704716a10e0f8b9c400cab500f5353eebe6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 26 Oct 2014 23:17:03 +0100 Subject: replace ignore-deprecated #pragma dance with _Pragma For compatibility we use/provide and fill quiet some deprecated methods and fields, which subsequently earns us a warning for using them. These warnings therefore have to be disabled for these codeparts and that is what this change does now in a slightly more elegant way. Git-Dch: Ignore --- apt-pkg/indexrecords.h | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index 88a06779c..06b9dafa6 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -76,11 +76,7 @@ class indexRecords virtual ~indexRecords(); }; -#if __GNUC__ >= 4 - // ensure that con- & de-structor don't trigger this warning - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wdeprecated-declarations" -#endif +APT_IGNORE_DEPRECATED_PUSH struct indexRecords::checkSum { std::string MetaKeyFilename; @@ -89,8 +85,6 @@ struct indexRecords::checkSum APT_DEPRECATED HashString Hash; }; -#if __GNUC__ >= 4 - #pragma GCC diagnostic pop -#endif +APT_IGNORE_DEPRECATED_POP #endif -- cgit v1.2.3 From fa5404ab01bdf06eaf147d9f133139e6c89b906a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 7 Nov 2014 18:18:14 +0100 Subject: explicit overload methods instead of adding parameters Adding a new parameter (with a default) is an ABI break, but you can overload a method, which is "just" an API break for everyone doing references to this method (aka: nobody). Git-Dch: Ignore --- apt-pkg/indexrecords.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index 06b9dafa6..35e534c12 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -42,8 +42,12 @@ class indexRecords std::map Entries; public: - +#if APT_PKG_ABI >= 413 indexRecords(const std::string &ExpectedDist = ""); +#else + indexRecords(); + indexRecords(const std::string ExpectedDist); +#endif // Lookup function virtual checkSum *Lookup(const std::string MetaKey); -- cgit v1.2.3 From 6bf93605fdb8e858d3f0a79a124c1d39f760094d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 May 2015 22:15:06 +0200 Subject: treat older Release files than we already have as an IMSHit Valid-Until protects us from long-living downgrade attacks, but not all repositories have it and an attacker could still use older but still valid files to downgrade us. While this makes it sounds like a security improvement now, its a bit theoretical at best as an attacker with capabilities to pull this off could just as well always keep us days (but in the valid period) behind and always knows which state we have, as we tell him with the If-Modified-Since header. This is also why this is 'silently' ignored and treated as an IMSHit rather than screamed at the user as this can at best be an annoyance for attackers. An error here would 'regularily' be encountered by users by out-of-sync mirrors serving a single run (e.g. load balancer) or in two consecutive runs on the other hand, so it would just help teaching people ignore it. That said, most of the code churn is caused by enforcing this additional requirement. Crisscross from InRelease to Release.gpg is e.g. very unlikely in practice, but if we would ignore it an attacker could sidestep it this way. --- apt-pkg/indexrecords.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index 35e534c12..6ed5f0c2b 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -36,6 +36,7 @@ class indexRecords std::string Dist; std::string Suite; std::string ExpectedDist; + time_t Date; time_t ValidUntil; bool SupportsAcquireByHash; @@ -62,6 +63,7 @@ class indexRecords std::string GetSuite() const; bool GetSupportsAcquireByHash() const; time_t GetValidUntil() const; + time_t GetDate() const; std::string GetExpectedDist() const; /** \brief check if source is marked as always trusted */ -- cgit v1.2.3