summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Vogt <mvo@ubuntu.com>2014-10-03 00:39:20 +0200
committerMichael Vogt <mvo@ubuntu.com>2014-10-03 00:39:20 +0200
commit1d970e6ce97385ed719a1ca169ec5cc7bfb82fea (patch)
tree44992266c207c0dd5147121f28c14bb33096e710
parent1ce243188c2ba218f5dce8ec8b40556d58ed8ec2 (diff)
really do not download Release if InRelease does not verify
-rw-r--r--apt-pkg/acquire-item.cc44
1 files changed, 24 insertions, 20 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 0a128f7d5..3c66369cf 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -2175,26 +2175,6 @@ void pkgAcqMetaIndex::Failed(string Message,
return;
}
- /* Always move the meta index, even if gpgv failed. This ensures
- * that PackageFile objects are correctly filled in */
- if (FileExists(DestFile))
- {
- string FinalFile = _config->FindDir("Dir::State::lists");
- FinalFile += URItoFileName(RealURI);
- /* InRelease files become Release files, otherwise
- * they would be considered as trusted later on */
- if (SigFile == DestFile) {
- RealURI = RealURI.replace(RealURI.rfind("InRelease"), 9,
- "Release");
- FinalFile = FinalFile.replace(FinalFile.rfind("InRelease"), 9,
- "Release");
- SigFile = FinalFile;
- }
-
- // Done, queue for rename on transaction finished
- TransactionManager->TransactionStageCopy(this, DestFile, FinalFile);
- }
-
_error->Warning(_("The data from '%s' is not signed. Packages "
"from that repository can not be authenticated."),
URIDesc.c_str());
@@ -2204,11 +2184,35 @@ void pkgAcqMetaIndex::Failed(string Message,
// only allow going further if the users explicitely wants it
if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
{
+ /* Always move the meta index, even if gpgv failed. This ensures
+ * that PackageFile objects are correctly filled in */
+ if (FileExists(DestFile))
+ {
+ string FinalFile = _config->FindDir("Dir::State::lists");
+ FinalFile += URItoFileName(RealURI);
+ /* InRelease files become Release files, otherwise
+ * they would be considered as trusted later on */
+ if (SigFile == DestFile) {
+ RealURI = RealURI.replace(RealURI.rfind("InRelease"), 9,
+ "Release");
+ FinalFile = FinalFile.replace(FinalFile.rfind("InRelease"), 9,
+ "Release");
+ SigFile = FinalFile;
+ }
+
+ // Done, queue for rename on transaction finished
+ TransactionManager->TransactionStageCopy(this, DestFile, FinalFile);
+ }
+
QueueIndexes(false);
} else {
// warn if the repository is unsinged
_error->Warning("Use --allow-insecure-repositories to force the update");
+ TransactionManager->AbortTransaction();
+ Status = StatError;
+ return;
}
+
}
/*}}}*/