summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2017-05-29 12:37:08 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2017-06-26 23:31:15 +0200
commitcbbf185c3c55effe47f218a07e7b1f324973a8a6 (patch)
tree9ec40ff5439d1d3ccedb7fb143e3fd32e1348c6d
parent188f297a2af4c15cb1d502360d1e478644b5b810 (diff)
fail InRelease on non-404 HTTP errorcodes
There are very many HTTP errorcodes which indicate that the repository isn't available at the moment or the connection has some kind of problem. Given that we do not require Release files the result was that these errors were ignored and the user presented with a message like "Repository is no longer signed" which sends the user in the wrong direction. Instead of trying to figure out which http errorcodes indicate a global problem we accept only 404 for ignoring and consider all the rest as hard errors now causing us to stop instantly after the InRelease file and print the errorcode (with short description from server) received.
-rw-r--r--apt-pkg/acquire-item.cc6
-rwxr-xr-xtest/integration/test-ubuntu-bug-346386-apt-get-update-paywall9
2 files changed, 14 insertions, 1 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 3ce0f25cf..574ef4939 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1717,7 +1717,11 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
if (AuthPass == false)
{
- if (Status == StatAuthError || Status == StatTransientNetworkError)
+ auto const failreason = LookupTag(Message, "FailReason");
+ auto const httperror = "HttpError";
+ if (Status == StatAuthError || Status == StatTransientNetworkError ||
+ (strncmp(failreason.c_str(), httperror, strlen(httperror)) == 0 &&
+ failreason != "HttpError404"))
{
// if we expected a ClearTextSignature (InRelease) but got a network
// error or got a file, but it wasn't valid, we end up here (see VerifyDone).
diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
index a756b5df2..46c7c5672 100755
--- a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
+++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
@@ -70,3 +70,12 @@ partial' ls "$LISTS"
runtests '^E:.*Clearsigned file .*NOSPLIT.*'
webserverconfig 'aptwebserver::overwrite::.*InRelease::filename' '/404'
runtests '^E:.*Signed file .*NODATA.*'
+
+webserverconfig 'aptwebserver::overwrite::.*::filename' '/404'
+webserverconfig 'aptwebserver::httpcode::404' '511 Network Authentication Required'
+rm -rf rootdir/var/lib/apt/lists
+testfailureequal "Err:1 http://localhost:${APTHTTPPORT} unstable InRelease
+ 511 Network Authentication Required
+Reading package lists...
+E: Failed to fetch http://localhost:${APTHTTPPORT}/dists/unstable/InRelease 511 Network Authentication Required
+E: Some index files failed to download. They have been ignored, or old ones used instead." apt update