diff options
author | Julian Andres Klode <jak@debian.org> | 2023-03-06 09:21:27 +0000 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2023-03-06 09:21:27 +0000 |
commit | a4aa4c61498fd542ff65b340157db3a4a0a87f60 (patch) | |
tree | 397fe4f1153fb9493bf97e95d00bea9ac4c06b7e | |
parent | 6ba6b29e37a7e7b867a88f1d74e7dcfd7f83c30e (diff) | |
parent | 937221fde2a5ca989a0b80728cd3ba3639f9f20e (diff) |
Merge branch 'fix/unconditional-trusted' into 'main'
Do not store trusted=yes Release file unconditionally
See merge request apt-team/apt!289
-rw-r--r-- | apt-pkg/acquire-item.cc | 9 | ||||
-rw-r--r-- | test/integration/framework | 8 | ||||
-rwxr-xr-x | test/integration/test-apt-update-failure-propagation | 3 | ||||
-rwxr-xr-x | test/integration/test-releasefile-date-older | 28 |
4 files changed, 41 insertions, 7 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 2014a50d5..7df6483ba 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -2030,7 +2030,6 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c string const PartialRelease = GetPartialFileNameFromURI(DetachedDataTarget.URI); string const FinalInRelease = GetFinalFilename(); Rename(DestFile, PartialRelease); - TransactionManager->TransactionStageCopy(this, PartialRelease, FinalRelease); LoadLastMetaIndexParser(TransactionManager, FinalRelease, FinalInRelease); // we parse the indexes here because at this point the user wanted @@ -2038,7 +2037,10 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c if (TransactionManager->MetaIndexParser->Load(PartialRelease, &ErrorText) == false || VerifyVendor(Message) == false) /* expired Release files are still a problem you need extra force for */; else + { + TransactionManager->TransactionStageCopy(this, PartialRelease, FinalRelease); TransactionManager->QueueIndexes(true); + } } } } @@ -2247,9 +2249,10 @@ void pkgAcqMetaSig::Failed(string const &Message,pkgAcquire::MethodConfig const if (MetaIndex->VerifyVendor(Message) == false) /* expired Release files are still a problem you need extra force for */; else + { + TransactionManager->TransactionStageCopy(MetaIndex, MetaIndex->DestFile, FinalRelease); TransactionManager->QueueIndexes(GoodLoad); - - TransactionManager->TransactionStageCopy(MetaIndex, MetaIndex->DestFile, FinalRelease); + } } else if (TransactionManager->IMSHit == false) Rename(MetaIndex->DestFile, MetaIndex->DestFile + ".FAILED"); diff --git a/test/integration/framework b/test/integration/framework index d50b63518..264c228d0 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1204,16 +1204,16 @@ generatereleasefiles() { msgninfo "\tGenerate Release files for flat… " aptftparchiverelease ./aptarchive > aptarchive/Release fi + if [ -n "$VALIDUNTIL" ]; then + sed -i "/^Date: / a\ +Valid-Until: $(date -u -d "$VALIDUNTIL" -R)" $(find ./aptarchive -name 'Release') + fi if [ -n "$DATE" -a "$DATE" != "now" ]; then for release in $(find ./aptarchive -name 'Release'); do sed -i "s/^Date: .*$/Date: $(date -u -d "$DATE" -R)/" "$release" touch -d "$DATE" "$release" done fi - if [ -n "$VALIDUNTIL" ]; then - sed -i "/^Date: / a\ -Valid-Until: $(date -u -d "$VALIDUNTIL" -R)" $(find ./aptarchive -name 'Release') - fi msgdone "info" } diff --git a/test/integration/test-apt-update-failure-propagation b/test/integration/test-apt-update-failure-propagation index 8c7fd3b7e..f8de3b5c7 100755 --- a/test/integration/test-apt-update-failure-propagation +++ b/test/integration/test-apt-update-failure-propagation @@ -26,6 +26,9 @@ for FILE in rootdir/etc/apt/sources.list.d/*-sid-* ; do sed -i -e 's#https:#http:#' -e "s#:${APTHTTPSPORT}/#:${APTHTTPPORT}/#" "$FILE" done +# these tests are designed to fail, retries are just a waste of time here +echo 'Acquire::Retries 0;' > rootdir/etc/apt/apt.conf.d/disable-retries.conf + pretest() { msgmsg "$@" rm -rf rootdir/var/lib/apt/lists diff --git a/test/integration/test-releasefile-date-older b/test/integration/test-releasefile-date-older index e38ddc3c5..81c71ea9a 100755 --- a/test/integration/test-releasefile-date-older +++ b/test/integration/test-releasefile-date-older @@ -102,3 +102,31 @@ generatereleasefiles 'now' 'now + 2 days' sed -i '/^Date: / d' $(find ./aptarchive -name 'Release') signreleasefiles testwarning aptget update + +# the repo is now signed by unknown key, but marked as trusted +rm -rf rootdir/etc/apt/trusted.gpg.d +sed -i -e 's#\(deb\(-src\)\?\) #\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/* + +msgmsg 'Forgot to disable in follow-up' 'Check-Date' +rm -rf rootdir/var/lib/apt/lists +generatereleasefiles 'now + 3 days' 'now + 7 days' +signreleasefiles +testfailure aptget update +testwarning aptget update -o Acquire::Check-Date=no +listcurrentlistsdirectory > listsdir.lst +generatereleasefiles 'now + 5 days' 'now + 13 days' +signreleasefiles +testfailure aptget update +testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" +testwarning aptget update -o Acquire::Check-Date=no +testsuccess cmp "$(find aptarchive/ -name 'InRelease')" "$(find rootdir/var/lib/apt/ -name '*_Release')" + +msgmsg 'Force-Trusted InRelease file is silently ignored' 'new Date is before old Date' +rm -rf rootdir/var/lib/apt/lists +generatereleasefiles 'now' 'now + 7 days' +signreleasefiles +testwarning aptget update +listcurrentlistsdirectory > listsdir.lst +redatereleasefiles 'now - 2 days' +testwarning aptget update +testfileequal 'listsdir.lst' "$(listcurrentlistsdirectory)" |