diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-11-11 13:05:38 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-11-11 23:40:39 +0100 |
commit | d0c7d4d6328418b7c9f434a3398e5f7e08b7359c (patch) | |
tree | 4a29050c1cff44bea2b192350733dfa16707ad2c | |
parent | a9b724eedd0c9d8c36725c5b8f57d51ea9f7dcd1 (diff) |
don't warn if untransformed distribution matches
A suite or codename entry in the Release file is checked against the
distribution field in the sources.list entry that lead to the download of that
Release file. This distribution entry can contain slashes in the distribution
field:
deb http://security.debian.org/debian wheezy/updates main
However, the Release file may only contain "wheezy" in the Codename field and
not "wheezy/updates". So a transformation needs to take place that removes the
last / and everything that comes after (e.g. "/updates"). This fails, however,
for valid cases like a reprepro snapshot where the given Codename contains
slashes but is perfectly fine and doesn't need to be transformed. Since that
transformation is essentially just a workaround for special cases like the
security repository, it should be checked if the literal Codename without any
transformations happened is valid and only if isn't the dist should be checked
against the transformated one.
This way special cases like security.debian.org are handled and reprepro
snapshots work too.
The initial patch was taken as insperationto move whole transformation
to CheckDist() which makes this method more accepting & easier to use
(but according to codesearch.d.n we are the only users anyhow).
Thanks: Lukas Anzinger for initial patch
Closes: 644610
-rw-r--r-- | apt-pkg/acquire-item.cc | 45 | ||||
-rw-r--r-- | apt-pkg/metaindex.cc | 26 | ||||
-rwxr-xr-x | test/integration/test-bug-841874-warning-for-mismatching-distribution | 11 |
3 files changed, 37 insertions, 45 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 163743ce0..54cb9db71 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1561,24 +1561,6 @@ void pkgAcqMetaClearSig::QueueIndexes(bool const verify) /*{{{*/ /*}}}*/ bool pkgAcqMetaBase::VerifyVendor(string const &) /*{{{*/ { - string Transformed = TransactionManager->MetaIndexParser->GetExpectedDist(); - - if (Transformed == "../project/experimental") - { - Transformed = "experimental"; - } - - auto pos = Transformed.rfind('/'); - if (pos != string::npos) - { - Transformed = Transformed.substr(0, pos); - } - - if (Transformed == ".") - { - Transformed = ""; - } - if (TransactionManager->MetaIndexParser->GetValidUntil() > 0) { time_t const invalid_since = time(NULL) - TransactionManager->MetaIndexParser->GetValidUntil(); @@ -1613,30 +1595,19 @@ bool pkgAcqMetaBase::VerifyVendor(string const &) /*{{{*/ TransactionManager->LastMetaIndexParser = NULL; } - if (_config->FindB("Debug::pkgAcquire::Auth", false)) + if (_config->FindB("Debug::pkgAcquire::Auth", false)) { std::cerr << "Got Codename: " << TransactionManager->MetaIndexParser->GetCodename() << std::endl; + std::cerr << "Got Suite: " << TransactionManager->MetaIndexParser->GetSuite() << std::endl; std::cerr << "Expecting Dist: " << TransactionManager->MetaIndexParser->GetExpectedDist() << std::endl; - std::cerr << "Transformed Dist: " << Transformed << std::endl; - } - - if (TransactionManager->MetaIndexParser->CheckDist(Transformed) == false) - { - // This might become fatal one day -// Status = StatAuthError; -// ErrorText = "Conflicting distribution; expected " -// + MetaIndexParser->GetExpectedDist() + " but got " -// + MetaIndexParser->GetCodename(); -// return false; - if (!Transformed.empty()) - { - _error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"), - Desc.Description.c_str(), - Transformed.c_str(), - TransactionManager->MetaIndexParser->GetCodename().c_str()); - } } + // One day that might become fatal… + auto const ExpectedDist = TransactionManager->MetaIndexParser->GetExpectedDist(); + auto const NowCodename = TransactionManager->MetaIndexParser->GetCodename(); + if (TransactionManager->MetaIndexParser->CheckDist(ExpectedDist) == false) + _error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"), + Desc.Description.c_str(), ExpectedDist.c_str(), NowCodename.c_str()); return true; } /*}}}*/ diff --git a/apt-pkg/metaindex.cc b/apt-pkg/metaindex.cc index 281824855..8b31051fb 100644 --- a/apt-pkg/metaindex.cc +++ b/apt-pkg/metaindex.cc @@ -57,15 +57,25 @@ APT_PURE bool metaIndex::GetSupportsAcquireByHash() const { return SupportsAcqui APT_PURE time_t metaIndex::GetValidUntil() const { return ValidUntil; } APT_PURE time_t metaIndex::GetDate() const { return this->Date; } APT_PURE metaIndex::TriState metaIndex::GetLoadedSuccessfully() const { return LoadedSuccessfully; } - -APT_PURE bool metaIndex::CheckDist(string const &MaybeDist) const -{ - return (this->Codename == MaybeDist - || this->Suite == MaybeDist); -} -APT_PURE std::string metaIndex::GetExpectedDist() const +APT_PURE std::string metaIndex::GetExpectedDist() const { return Dist; } + /*}}}*/ +bool metaIndex::CheckDist(string const &MaybeDist) const /*{{{*/ { - return Dist; + if (MaybeDist.empty() || this->Codename == MaybeDist || this->Suite == MaybeDist) + return true; + + std::string Transformed = MaybeDist; + if (Transformed == "../project/experimental") + Transformed = "experimental"; + + auto const pos = Transformed.rfind('/'); + if (pos != string::npos) + Transformed = Transformed.substr(0, pos); + + if (Transformed == ".") + Transformed.clear(); + + return Transformed.empty() || this->Codename == Transformed || this->Suite == Transformed; } /*}}}*/ APT_PURE metaIndex::checkSum *metaIndex::Lookup(string const &MetaKey) const /*{{{*/ diff --git a/test/integration/test-bug-841874-warning-for-mismatching-distribution b/test/integration/test-bug-841874-warning-for-mismatching-distribution index 9b9f1982e..7502eefc3 100755 --- a/test/integration/test-bug-841874-warning-for-mismatching-distribution +++ b/test/integration/test-bug-841874-warning-for-mismatching-distribution @@ -36,3 +36,14 @@ testfailure apt show foo ln -s "${APTARCHIVE}/dists/testing" "${APTARCHIVE}/dists/stretch/updates" testsuccess apt update testsuccess apt show foo + +# … but only if needed +rm -rf rootdir/var/lib/apt/lists +sed -i -e 's#stretch#buster#g' rootdir/etc/apt/sources.list.d/* +sed -i -e 's#^Codename: stretch$#Codename: buster/updates#g' $(find ./aptarchive -name 'Release') +signreleasefiles +testfailure apt update +testfailure apt show foo +ln -s "${APTARCHIVE}/dists/testing" "${APTARCHIVE}/dists/buster" +testsuccess apt update +testsuccess apt show foo |