From 197c53951430bcb267ddd6e398439a8a5d9a83ad Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Wed, 22 Nov 2017 13:42:31 +0100
Subject: if insecure repo is allowed continue on all http errors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If a InRelease file fails to download with a non-404 error
we assumed there is some general problem with repository like
a webportal or your are blocked from access (wrong auth, Tor, …).

Turns out some server like S3 return 403 if a file doesn't exist.
Allowing this in general seems like a step backwards as 403 is a
reasonable response if auth failed, so failing here seems better
than letting those users run into problems.

What we can do is show our insecure warnings through and allow the
failures for insecure repos: If the repo is signed it is easy to add
an InRelease file and if not you are setup for trouble anyhow.

References: cbbf185c3c55effe47f218a07e7b1f324973a8a6
---
 apt-pkg/acquire-item.cc | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'apt-pkg')

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 1b0d6c592..b13bd203b 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1784,18 +1784,27 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
 
    if (AuthPass == false)
    {
+      if (Status == StatTransientNetworkError)
+      {
+	 TransactionManager->AbortTransaction();
+	 return;
+      }
       auto const failreason = LookupTag(Message, "FailReason");
       auto const httperror = "HttpError";
-      if (Status == StatAuthError || Status == StatTransientNetworkError ||
-	    (strncmp(failreason.c_str(), httperror, strlen(httperror)) == 0 &&
-	     failreason != "HttpError404"))
+      if (Status == StatAuthError ||
+	  (strncmp(failreason.c_str(), httperror, strlen(httperror)) == 0 &&
+	   failreason != "HttpError404"))
       {
 	 // if we expected a ClearTextSignature (InRelease) but got a network
 	 // error or got a file, but it wasn't valid, we end up here (see VerifyDone).
 	 // As these is usually called by web-portals we do not try Release/Release.gpg
 	 // as this is gonna fail anyway and instead abort our try (LP#346386)
-	 TransactionManager->AbortTransaction();
-	 return;
+	 _error->PushToStack();
+	 _error->Error(_("Failed to fetch %s  %s"), Target.URI.c_str(), ErrorText.c_str());
+	 if (AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
+	    _error->RevertToStack();
+	 else
+	    return;
       }
 
       // Queue the 'old' InRelease file for removal if we try Release.gpg
-- 
cgit v1.2.3