From fe0f7911b650918e1d511b3453664a07f6d966d0 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 20 Jan 2011 14:53:52 +0100 Subject: - try downloading clearsigned InRelease before trying Release.gpg * apt-pkg/deb/deblistparser.cc: - rewrite LoadReleaseInfo to cope with clearsigned Releasefiles --- apt-pkg/acquire-item.cc | 54 ++++++++++++++++++-- apt-pkg/acquire-item.h | 33 +++++++++++++ apt-pkg/deb/debindexfile.cc | 8 ++- apt-pkg/deb/deblistparser.cc | 114 ++++++++++++++++++++++++++++++------------- apt-pkg/deb/debmetaindex.cc | 34 ++++++------- apt-pkg/indexcopy.cc | 3 +- apt-pkg/indexrecords.cc | 17 ++++--- apt-pkg/tagfile.cc | 10 ++-- apt-pkg/tagfile.h | 2 + 9 files changed, 205 insertions(+), 70 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index d4e90b552..2cd6ab359 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1077,6 +1077,8 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string Hash, /*{{{* { string FinalFile = _config->FindDir("Dir::State::lists"); FinalFile += URItoFileName(RealURI); + if (SigFile == DestFile) + SigFile = FinalFile; Rename(DestFile,FinalFile); chmod(FinalFile.c_str(),0644); DestFile = FinalFile; @@ -1110,6 +1112,8 @@ void pkgAcqMetaIndex::RetrievalDone(string Message) /*{{{*/ { string FinalFile = _config->FindDir("Dir::State::lists"); FinalFile += URItoFileName(RealURI); + if (SigFile == DestFile) + SigFile = FinalFile; DestFile = FinalFile; } Complete = true; @@ -1141,6 +1145,10 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/ // Download further indexes with verification QueueIndexes(true); + // is it a clearsigned MetaIndex file? + if (DestFile == SigFile) + return; + // Done, move signature file into position string VerifiedSigFile = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI) + ".gpg"; @@ -1300,13 +1308,20 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) if (AuthPass == true) { // gpgv method failed, if we have a good signature - string LastGoodSigFile = _config->FindDir("Dir::State::lists") + - "partial/" + URItoFileName(RealURI) + ".gpg.reverify"; + string LastGoodSigFile = _config->FindDir("Dir::State::lists"); + if (DestFile == SigFile) + LastGoodSigFile.append(URItoFileName(RealURI)); + else + LastGoodSigFile.append("partial/").append(URItoFileName(RealURI)).append(".gpg.reverify"); + if(FileExists(LastGoodSigFile)) { - string VerifiedSigFile = _config->FindDir("Dir::State::lists") + - URItoFileName(RealURI) + ".gpg"; - Rename(LastGoodSigFile,VerifiedSigFile); + if (DestFile != SigFile) + { + string VerifiedSigFile = _config->FindDir("Dir::State::lists") + + URItoFileName(RealURI) + ".gpg"; + Rename(LastGoodSigFile,VerifiedSigFile); + } Status = StatTransientNetworkError; _error->Warning(_("A error occurred during the signature " "verification. The repository is not updated " @@ -1330,6 +1345,35 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) QueueIndexes(false); } /*}}}*/ +pkgAcqMetaClearSig::pkgAcqMetaClearSig(pkgAcquire *Owner, /*{{{*/ + string const &URI, string const &URIDesc, string const &ShortDesc, + string const &MetaIndexURI, string const &MetaIndexURIDesc, string const &MetaIndexShortDesc, + string const &MetaSigURI, string const &MetaSigURIDesc, string const &MetaSigShortDesc, + const vector* IndexTargets, + indexRecords* MetaIndexParser) : + pkgAcqMetaIndex(Owner, URI, URIDesc, ShortDesc, "", IndexTargets, MetaIndexParser), + MetaIndexURI(MetaIndexURI), MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc), + MetaSigURI(MetaSigURI), MetaSigURIDesc(MetaSigURIDesc), MetaSigShortDesc(MetaSigShortDesc) +{ + SigFile = DestFile; +} + /*}}}*/ +void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*{{{*/ +{ + if (AuthPass == false) + { + new pkgAcqMetaSig(Owner, + MetaSigURI, MetaSigURIDesc, MetaSigShortDesc, + MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc, + IndexTargets, MetaIndexParser); + if (Cnf->LocalOnly == true || + StringToBool(LookupTag(Message, "Transient-Failure"), false) == false) + Dequeue(); + } + else + pkgAcqMetaIndex::Failed(Message, Cnf); +} + /*}}}*/ // AcqArchive::AcqArchive - Constructor /*{{{*/ // --------------------------------------------------------------------- /* This just sets up the initial fetch environment and queues the first diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index d97a96a0f..581761e32 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -772,6 +772,39 @@ class pkgAcqMetaIndex : public pkgAcquire::Item indexRecords* MetaIndexParser); }; /*}}}*/ +/** \brief An item repsonsible for downloading clearsigned metaindexes {{{*/ +class pkgAcqMetaClearSig : public pkgAcqMetaIndex +{ + /** \brief The URI of the meta-index file for the detached signature */ + string MetaIndexURI; + + /** \brief A "URI-style" description of the meta-index file */ + string MetaIndexURIDesc; + + /** \brief A brief description of the meta-index file */ + string MetaIndexShortDesc; + + /** \brief The URI of the detached meta-signature file if the clearsigned one failed. */ + string MetaSigURI; + + /** \brief A "URI-style" description of the meta-signature file */ + string MetaSigURIDesc; + + /** \brief A brief description of the meta-signature file */ + string MetaSigShortDesc; + +public: + void Failed(string Message,pkgAcquire::MethodConfig *Cnf); + + /** \brief Create a new pkgAcqMetaClearSig. */ + pkgAcqMetaClearSig(pkgAcquire *Owner, + string const &URI, string const &URIDesc, string const &ShortDesc, + string const &MetaIndexURI, string const &MetaIndexURIDesc, string const &MetaIndexShortDesc, + string const &MetaSigURI, string const &MetaSigURIDesc, string const &MetaSigShortDesc, + const vector* IndexTargets, + indexRecords* MetaIndexParser); +}; + /*}}}*/ /** \brief An item that is responsible for fetching a package file. {{{ * * If the package file already exists in the cache, nothing will be diff --git a/apt-pkg/deb/debindexfile.cc b/apt-pkg/deb/debindexfile.cc index af1209ccb..9961b5ae4 100644 --- a/apt-pkg/deb/debindexfile.cc +++ b/apt-pkg/deb/debindexfile.cc @@ -324,8 +324,14 @@ bool debPackagesIndex::Merge(pkgCacheGenerator &Gen,OpProgress *Prog) const return _error->Error("Problem with MergeList %s",PackageFile.c_str()); // Check the release file - string ReleaseFile = debReleaseIndex(URI,Dist).MetaIndexFile("Release"); + string ReleaseFile = debReleaseIndex(URI,Dist).MetaIndexFile("InRelease"); + bool releaseExists = false; if (FileExists(ReleaseFile) == true) + releaseExists = true; + else + ReleaseFile = debReleaseIndex(URI,Dist).MetaIndexFile("Release"); + + if (releaseExists == true || FileExists(ReleaseFile) == true) { FileFd Rel(ReleaseFile,FileFd::ReadOnly); if (_error->PendingError() == true) diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc index 1b3bfd6ae..9201e6a54 100644 --- a/apt-pkg/deb/deblistparser.cc +++ b/apt-pkg/deb/deblistparser.cc @@ -783,45 +783,89 @@ bool debListParser::Step() bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator &FileI, FileFd &File, string component) { - pkgTagFile Tags(&File, File.Size() + 256); // XXX - pkgTagSection Section; - if (Tags.Step(Section) == false) - return false; - - // FIXME: Do we need it now for multi-arch? - // mvo: I don't think we need to fill that in (it's unused since apt-0.6) -// FileI->Architecture = WriteUniqString(Arch); - // apt-secure does no longer download individual (per-section) Release // file. to provide Component pinning we use the section name now FileI->Component = WriteUniqString(component); - const char *Start; - const char *Stop; - if (Section.Find("Suite",Start,Stop) == true) - FileI->Archive = WriteUniqString(Start,Stop - Start); - if (Section.Find("Component",Start,Stop) == true) - FileI->Component = WriteUniqString(Start,Stop - Start); - if (Section.Find("Version",Start,Stop) == true) - FileI->Version = WriteUniqString(Start,Stop - Start); - if (Section.Find("Origin",Start,Stop) == true) - FileI->Origin = WriteUniqString(Start,Stop - Start); - if (Section.Find("Codename",Start,Stop) == true) - FileI->Codename = WriteUniqString(Start,Stop - Start); - if (Section.Find("Label",Start,Stop) == true) - FileI->Label = WriteUniqString(Start,Stop - Start); - if (Section.Find("Architecture",Start,Stop) == true) - FileI->Architecture = WriteUniqString(Start,Stop - Start); - - if (Section.FindFlag("NotAutomatic",FileI->Flags, - pkgCache::Flag::NotAutomatic) == false) - _error->Warning("Bad NotAutomatic flag"); - if (Section.FindFlag("ButAutomaticUpgrades",FileI->Flags, - pkgCache::Flag::ButAutomaticUpgrades) == false) - _error->Warning("Bad ButAutomaticUpgrades flag"); - // overrule the NotAutomatic setting if needed as they are both present for compatibility - else if ((FileI->Flags & pkgCache::Flag::ButAutomaticUpgrades) == pkgCache::Flag::ButAutomaticUpgrades) - FileI->Flags &= ~pkgCache::Flag::NotAutomatic; + FILE* release = fdopen(dup(File.Fd()), "r"); + if (release == NULL) + return false; + + char buffer[101]; + bool gpgClose = false; + while (fgets(buffer, sizeof(buffer), release) != NULL) + { + size_t len = 0; + + // Skip empty lines + for (; buffer[len] == '\r' && buffer[len] == '\n'; ++len); + if (buffer[len] == '\0') + continue; + + // only evalute the first GPG section + if (strncmp("-----", buffer, 5) == 0) + { + if (gpgClose == true) + break; + gpgClose = true; + continue; + } + + // seperate the tag from the data + for (; buffer[len] != ':' && buffer[len] != '\0'; ++len); + if (buffer[len] == '\0') + continue; + char* dataStart = buffer + len; + for (++dataStart; *dataStart == ' '; ++dataStart); + char* dataEnd = dataStart; + for (++dataEnd; *dataEnd != '\0'; ++dataEnd); + + // which datastorage need to be updated + map_ptrloc* writeTo = NULL; + if (buffer[0] == ' ') + ; + #define APT_PARSER_WRITETO(X, Y) else if (strncmp(Y, buffer, len) == 0) writeTo = &X; + APT_PARSER_WRITETO(FileI->Archive, "Suite") + APT_PARSER_WRITETO(FileI->Component, "Component") + APT_PARSER_WRITETO(FileI->Version, "Version") + APT_PARSER_WRITETO(FileI->Origin, "Origin") + APT_PARSER_WRITETO(FileI->Codename, "Codename") + APT_PARSER_WRITETO(FileI->Label, "Label") + #undef APT_PARSER_WRITETO + #define APT_PARSER_FLAGIT(X) else if (strncmp(#X, buffer, len) == 0) \ + pkgTagSection::FindFlag(FileI->Flags, pkgCache::Flag:: X, dataStart, dataEnd-1); + APT_PARSER_FLAGIT(NotAutomatic) + APT_PARSER_FLAGIT(ButAutomaticUpgrades) + #undef APT_PARSER_FLAGIT + + // load all data from the line and save it + string data; + if (writeTo != NULL) + data.append(dataStart, dataEnd); + if (sizeof(buffer) - 1 == (dataEnd - buffer)) + { + while (fgets(buffer, sizeof(buffer), release) != NULL) + { + if (writeTo != NULL) + data.append(buffer); + if (strlen(buffer) != sizeof(buffer) - 1) + break; + } + } + if (writeTo != NULL) + { + // remove spaces and stuff from the end of the data line + for (std::string::reverse_iterator s = data.rbegin(); + s != data.rend(); ++s) + { + if (*s != '\r' && *s != '\n' && *s != ' ') + break; + *s = '\0'; + } + *writeTo = WriteUniqString(data); + } + } + fclose(release); return !_error->PendingError(); } diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 717d0bcde..e2c680b14 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -182,21 +182,15 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const new pkgAcqIndex(Owner, (*Target)->URI, (*Target)->Description, (*Target)->ShortDesc, HashString()); } - // this is normally created in pkgAcqMetaSig, but if we run - // in --print-uris mode, we add it here - new pkgAcqMetaIndex(Owner, MetaIndexURI("Release"), - MetaIndexInfo("Release"), "Release", - MetaIndexURI("Release.gpg"), - ComputeIndexTargets(), - new indexRecords (Dist)); - } - new pkgAcqMetaSig(Owner, MetaIndexURI("Release.gpg"), - MetaIndexInfo("Release.gpg"), "Release.gpg", - MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release", - ComputeIndexTargets(), - new indexRecords (Dist)); + new pkgAcqMetaClearSig(Owner, MetaIndexURI("InRelease"), + MetaIndexInfo("InRelease"), "InRelease", + MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release", + MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg", + ComputeIndexTargets(), + new indexRecords (Dist)); + // Queue the translations std::vector const lang = APT::Configuration::getLanguages(true); @@ -224,16 +218,20 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const bool debReleaseIndex::IsTrusted() const { - string VerifiedSigFile = _config->FindDir("Dir::State::lists") + - URItoFileName(MetaIndexURI("Release")) + ".gpg"; - if(_config->FindB("APT::Authentication::TrustCDROM", false)) if(URI.substr(0,strlen("cdrom:")) == "cdrom:") return true; - + + string VerifiedSigFile = _config->FindDir("Dir::State::lists") + + URItoFileName(MetaIndexURI("Release")) + ".gpg"; + if (FileExists(VerifiedSigFile)) return true; - return false; + + VerifiedSigFile = _config->FindDir("Dir::State::lists") + + URItoFileName(MetaIndexURI("InRelease")); + + return FileExists(VerifiedSigFile); } vector *debReleaseIndex::GetIndexFiles() { diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index f88d51fc5..c2ee1c347 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -722,7 +722,8 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG, } Args.push_back(FileGPG.c_str()); - Args.push_back(File.c_str()); + if (FileGPG != File) + Args.push_back(File.c_str()); Args.push_back(NULL); if (Debug == true) diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index eb9a36866..10e154ad2 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -55,14 +55,17 @@ bool indexRecords::Load(const string Filename) /*{{{*/ } pkgTagSection Section; - if (TagFile.Step(Section) == false) - { - strprintf(ErrorText, _("No sections in Release file %s"), Filename.c_str()); - return false; - } - const char *Start, *End; - Section.Get (Start, End, 0); + // Skip over sections beginning with ----- as this is an idicator for clearsigns + do { + if (TagFile.Step(Section) == false) + { + strprintf(ErrorText, _("No sections in Release file %s"), Filename.c_str()); + return false; + } + + Section.Get (Start, End, 0); + } while (End - Start > 5 && strncmp(Start, "-----", 5) == 0); Suite = Section.FindS("Suite"); Dist = Section.FindS("Codename"); diff --git a/apt-pkg/tagfile.cc b/apt-pkg/tagfile.cc index 96a681bec..4a2f3f7e6 100644 --- a/apt-pkg/tagfile.cc +++ b/apt-pkg/tagfile.cc @@ -399,9 +399,13 @@ bool pkgTagSection::FindFlag(const char *Tag,unsigned long &Flags, const char *Stop; if (Find(Tag,Start,Stop) == false) return true; - - switch (StringToBool(string(Start,Stop))) - { + return FindFlag(Flags, Flag, Start, Stop); +} +bool const pkgTagSection::FindFlag(unsigned long &Flags, unsigned long Flag, + char const* Start, char const* Stop) +{ + switch (StringToBool(string(Start, Stop))) + { case 0: Flags &= ~Flag; return true; diff --git a/apt-pkg/tagfile.h b/apt-pkg/tagfile.h index 6891c1d81..61491aa04 100644 --- a/apt-pkg/tagfile.h +++ b/apt-pkg/tagfile.h @@ -60,6 +60,8 @@ class pkgTagSection unsigned long long FindULL(const char *Tag, unsigned long long const &Default = 0) const; bool FindFlag(const char *Tag,unsigned long &Flags, unsigned long Flag) const; + bool static const FindFlag(unsigned long &Flags, unsigned long Flag, + const char* Start, const char* Stop); bool Scan(const char *Start,unsigned long MaxLength); inline unsigned long size() const {return Stop - Section;}; void Trim(); -- cgit v1.2.3