summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Vogt <michael.vogt@ubuntu.com>2011-08-05 12:26:35 +0200
committerMichael Vogt <michael.vogt@ubuntu.com>2011-08-05 12:26:35 +0200
commit3568a640bd363409cdeb1cb69eaa3261c79f2ff2 (patch)
tree03f428bb0b412809a86e70100461e32545b9dea1
parent515d18c9b271e4188dd4c59939c3c3cfeaf575a8 (diff)
* apt-pkg/acquire-item.cc:
- if no Release.gpg file is found, still load the hashes for verification (closes: #636314) and add test
-rw-r--r--apt-pkg/acquire-item.cc5
-rw-r--r--debian/changelog3
-rwxr-xr-xtest/integration/test-hashsum-verification7
3 files changed, 13 insertions, 2 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 215615bdd..ebd8d5a12 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1258,8 +1258,9 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string Hash, /*{{{*
if (SigFile == "")
{
// There was no signature file, so we are finished. Download
- // the indexes without verification.
- QueueIndexes(false);
+ // the indexes and do hashsum verification
+ MetaIndexParser->Load(DestFile);
+ QueueIndexes(true);
}
else
{
diff --git a/debian/changelog b/debian/changelog
index 1dec5dce0..f162e20f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,9 @@ apt (0.8.15.6) unstable; urgency=low
(LP: #812862)
* test/integration/test-hashsum-verification:
- add regression test for hashsum verification
+ * apt-pkg/acquire-item.cc:
+ - if no Release.gpg file is found, still load the hashes for
+ verification (closes: #636314) and add test
-- Michael Vogt <mvo@debian.org> Tue, 12 Jul 2011 11:54:47 +0200
diff --git a/test/integration/test-hashsum-verification b/test/integration/test-hashsum-verification
index 29420c098..033096ee8 100755
--- a/test/integration/test-hashsum-verification
+++ b/test/integration/test-hashsum-verification
@@ -70,6 +70,13 @@ runtest() {
msgtest 'No Packages file in /var/lib/apt/lists'
[ "$(ls rootdir/var/lib/apt/lists/*Package* 2>/dev/null)" = "" ] && msgpass || msgfail
+ # now with the unsigned Release file
+ rm -rf rootdir/var/lib/apt/lists
+ rm aptarchive/InRelease aptarchive/Release.gpg
+ msgtest 'unsigned apt-get update gets the expected hashsum mismatch'
+ aptget update 2>&1 | grep "Hash Sum mismatch" > /dev/null && msgpass || msgfail
+
+
}
runtest