* merged changes from the conference

Patches applied: * apt@arch.ubuntu.com/apt--experimental--0.6--base-0 tag of apt@arch.ubuntu.com/apt--MAIN--0--patch-1190 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-1 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-2 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-3 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-4 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-5 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-6 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-7 Merge working copy of v0.6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-8 0.6.0 is headed for experimental, not unstable * apt@arch.ubuntu.com/apt--experimental--0.6--patch-9 Date * apt@arch.ubuntu.com/apt--experimental--0.6--patch-10 Update LIB_APT_PKG_MAJOR * apt@arch.ubuntu.com/apt--experimental--0.6--patch-11 - Fix a heap corruption bug in pkgSrcRecords::pkgSrcRec... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-12 Resynch * apt@arch.ubuntu.com/apt--experimental--0.6--patch-13 * Merge apt 0.5.17 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-14 * Rearrange Release file authentication code to be more... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-15 * Convert distribution "../project/experimental" to "ex... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-16 Merge 1.11 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-17 Merge 1.7 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-18 Merge 1.10 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-19 * Make a number of Release file errors into warnings; f... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-20 * Add space between package names when multiple unauthe... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-21 * Provide apt-key with a secret keyring and a trustdb, ... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-22 * Fix typo in apt-key(8) (standard input is '-', not '/') * apt@arch.ubuntu.com/apt--experimental--0.6--patch-23 0.6.2 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-24 Resynch * apt@arch.ubuntu.com/apt--experimental--0.6--patch-25 * Fix MetaIndexURI for flat ("foo/") sources * apt@arch.ubuntu.com/apt--experimental--0.6--patch-26 0.6.3 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-27 * Use the top-level Release file in LoadReleaseInfo, ra... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-28 0.6.4 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-29 Clarify * apt@arch.ubuntu.com/apt--experimental--0.6--patch-30 * Move the authentication check into a separate functio... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-31 * Fix display of unauthenticated packages when they are... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-32 * Move the authentication check into a separate functio... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-33 * Restore the ugly hack I removed from indexRecords::Lo... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-34 0.6.6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-35 * Forgot to revert part of the changes to tagfile in 0.... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-36 * Add a config option and corresponding command line option * apt@arch.ubuntu.com/apt--experimental--0.6--patch-37 0.6.8 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-38 hopefully avoid more segfaults * apt@arch.ubuntu.com/apt--experimental--0.6--patch-39 XXX * apt@arch.ubuntu.com/apt--experimental--0.6--patch-40 * Another tagfile workaround * apt@arch.ubuntu.com/apt--experimental--0.6--patch-41 * Use "Codename" (woody, sarge, etc.) to supply the val... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-42 * Support IMS requests of Release.gpg and Release * apt@arch.ubuntu.com/apt--experimental--0.6--patch-43 * Have pkgAcquireIndex calculate an MD5 sum if one is n... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-44 * Merge 0.5.18 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-45 apt (0.6.13) experimental; urgency=low * apt@arch.ubuntu.com/apt--experimental--0.6--patch-46 0.6.13 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-47 Merge 0.5.20 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-48 The source list works a bit differently in 0.6; fix the... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-49 * s/Debug::Acquire::gpg/&v/ * apt@arch.ubuntu.com/apt--experimental--0.6--patch-50 * Honor the [vendor] syntax in sources.list again (thou... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-51 * Don't ship vendors.list(5) since it isn't used yet * apt@arch.ubuntu.com/apt--experimental--0.6--patch-52 * Revert change from 0.6.10; it was right in the first ... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-53 * Fix some cases where the .gpg file could be left in p... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-54 Print a warning if gnupg is not installed * apt@arch.ubuntu.com/apt--experimental--0.6--patch-55 * Handle more IMS stuff correctly * apt@arch.ubuntu.com/apt--experimental--0.6--patch-56 0.6.17 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-57 * Merge 0.5.21 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-58 * Add new Debian Archive Automatic Signing Key to the d... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-59 0.6.18 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-60 * Merge 0.5.22 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-61 * Convert apt-key(8) to docbook XML * apt@arch.ubuntu.com/apt--experimental--0.6--patch-62 Merge 0.5.23 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-63 Remove bogus partial 0.5.22 changelog entry * apt@arch.ubuntu.com/apt--experimental--0.6--patch-64 Make the auth warning a bit less redundant * apt@arch.ubuntu.com/apt--experimental--0.6--patch-65 * Merge 0.5.24 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-66 * Make the unauthenticated packages prompt more intuiti... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-67 Merge 0.5.25 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-68 * Remove obsolete pkgIterator::TargetVer() (Closes: #230159) * apt@arch.ubuntu.com/apt--experimental--0.6--patch-69 * Reverse test in CheckAuth to match new prompt (Closes... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-70 Update version * apt@arch.ubuntu.com/apt--experimental--0.6--patch-71 Fix backwards sense of CheckAuth prompt * apt@arch.ubuntu.com/apt--experimental--0.6--patch-72 0.6.24 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-73 Close bug * apt@arch.ubuntu.com/apt--experimental--0.6--patch-74 * Fix handling of two-part sources for sources.list deb... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-75 0.6.25 * apt@packages.debian.org/apt--authentication--0--base-0 tag of apt@arch.ubuntu.com/apt--experimental--0.6--patch-75 * apt@packages.debian.org/apt--authentication--0--patch-1 Michael Vogt's merge of apt--experimental--0 onto apt--main--0 * apt@packages.debian.org/apt--authentication--0--patch-2 Merge from apt--main--0 * apt@packages.debian.org/apt--authentication--0--patch-3 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-4 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-5 Update version number in configure.in * apt@packages.debian.org/apt--authentication--0--patch-6 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-7 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-8 Merge from mvo's branch * apt@packages.debian.org/apt--authentication--0--patch-9 Merge from mvo's tree * apt@packages.debian.org/apt--authentication--0--patch-10 Merge from mvo * apt@packages.debian.org/apt--authentication--0--patch-11 Fix permissions AGAIN * apt@packages.debian.org/apt--bzip2-debs--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-30 * apt@packages.debian.org/apt--bzip2-debs--0--patch-1 Create baz branch * apt@packages.debian.org/apt--bzip2-debs--0--patch-2 Implement data.tar.bz2 support * apt@packages.debian.org/apt--main--0--patch-30 Fix changelog * apt@packages.debian.org/apt--main--0--patch-31 Fix permissions again * apt@packages.debian.org/apt--main--0--patch-32 Fix permissions again * apt@packages.debian.org/apt--main--0--patch-33 Use baz instead of tla * apt@packages.debian.org/apt--main--0--patch-34 Merge bzip2-debs branch * apt@packages.debian.org/apt--main--0--patch-35 Fix changelog * apt@packages.debian.org/apt--main--0--patch-36 untagged-source precious * apt@packages.debian.org/apt--main--0--patch-37 Add .arch-inventory files * apt@packages.debian.org/apt--main--0--patch-38 Fix permissions again * apt@packages.debian.org/apt--main--0--patch-39 Merge apt--authentication--0 * apt@packages.debian.org/apt--main--0--patch-40 Merge misc-abi-changes * apt@packages.debian.org/apt--main--0--patch-41 Merge from mvo * apt@packages.debian.org/apt--misc-abi-changes--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-16 * apt@packages.debian.org/apt--misc-abi-changes--0--patch-1 Fix apt-get -s remove to not display the candidate version * apt@packages.debian.org/apt--misc-abi-changes--0--patch-2 Merge from main * apt@packages.debian.org/apt--misc-abi-changes--0--patch-3 Use pid_t throughout to hold process IDs * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--base-0 tag of michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-1 * star-merged matt's changes (bz2 support for data-members in debs) * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-2 * ignore errors when a Packages.bz2/Sources.bz2 can't be found and try with Packages.gz/Sources.gz again * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-34 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-1 * merged matt's tree (with all those apt-authentication changes) * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-2 don't display a error if a bzip2 package can not be downloaded, just ignore (Ign) it * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-3 * "chmod 755 cmdline/apt-key", changed version to 0.6.27ubuntu1 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-4 * fix for a stupid merge error (from 0.5->0.6) * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-5 * unstable should really be hoary * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-6 * stronger dependencies for libapt-pkg-dev (depends on the source version of apt and apt-watch now) * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-7 * distro really should be hoary, not unstable :/ * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-8 * documented the "--allow-unauthenticated" switch * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-1 tag of apt@packages.debian.org/apt--authentication--0--base-0 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-2 merged "tla apply-delta -A foo@ apt@arch.ubuntu.com/apt--MAIN--0--patch-1190 apt@arch.ubuntu.com/apt--MAIN--0--patch-1343" and cleaned up conflicts * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-3 * missing bits from the merge added * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-4 * star-merged with apt@packages.debian.org/apt--main--0 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-5 * tree-synced to the apt--authentication tree * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-6 * use the ubuntu-key in this version * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-7 * imported the patches from mdz * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-8 * apt-get update --print-uris works now as before (fallback to 0.5.x behaviour) * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-9 * fix for the "if any source unauthenticated, all other sources are unauthenticated too" problem * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-10 * reworked the "--print-uris" patch. it no longer uses: "APT::Get::Print-URIs" in the library * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-11 * version of the library set to 3.6 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12 * changelog finallized, will upload to people.ubuntulinux.org/~mvo/apt-authentication * michael.vogt@canonical.com--2004/apt--main-authentication--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-22 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-1 * star-merge from apt--experimental--0.6 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-2 * compile failure fix for methods/http.cc, po-file fixes
author: Michael Vogt <mvo@debian.org> 2004-12-20 10:10:33 +0000
committer: Michael Vogt <mvo@debian.org> 2004-12-20 10:10:33 +0000
commit: b3d44315ee812ba2d0a99751695b5a4314407ec2 (patch)
tree: 134ad0fa45505ee80c8fd3b3a52679daae76de6f /apt-pkg/acquire-item.cc
parent: 96b83b826ef733fa4fdfe99dd5009cba5af9a2c4 (diff)
1 files changed, 412 insertions, 51 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 6227888b6..f40c6a50d 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: acquire-item.cc,v 1.46 2003/02/02 22:19:17 jgg Exp $
+// $Id: acquire-item.cc,v 1.46.2.9 2004/01/16 18:51:11 mdz Exp $
 /* ######################################################################
 
    Acquire Item - Item to acquire
@@ -19,9 +19,11 @@
 #include <apt-pkg/acquire-item.h>
 #include <apt-pkg/configuration.h>
 #include <apt-pkg/sourcelist.h>
+#include <apt-pkg/vendorlist.h>
 #include <apt-pkg/error.h>
 #include <apt-pkg/strutl.h>
 #include <apt-pkg/fileutl.h>
+#include <apt-pkg/md5.h>
 
 #include <apti18n.h>
     
@@ -32,7 +34,7 @@
 #include <stdio.h>
 									/*}}}*/
 
-using std::string;
+using namespace std;
 
 // Acquire::Item::Item - Constructor					/*{{{*/
 // ---------------------------------------------------------------------
@@ -134,8 +136,9 @@ void pkgAcquire::Item::Rename(string From,string To)
 /* The package file is added to the queue and a second class is 
    instantiated to fetch the revision file */   
 pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner,
-			 string URI,string URIDesc,string ShortDesc) :
-                      Item(Owner), RealURI(URI)
+			 string URI,string URIDesc,string ShortDesc,
+			 string ExpectedMD5, string comprExt) :
+   Item(Owner), RealURI(URI), ExpectedMD5(ExpectedMD5)
 {
    Decompression = false;
    Erase = false;
@@ -143,11 +146,17 @@ pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner,
    DestFile = _config->FindDir("Dir::State::lists") + "partial/";
    DestFile += URItoFileName(URI);
 
-   // Create the item
-   if(FileExists("/usr/bin/bzip2"))
-      Desc.URI = URI + ".bz2"; 
-   else
-      Desc.URI = URI + ".gz"; 
+   if(comprExt.empty()) 
+   {
+      // autoselect 
+      if(FileExists("/usr/bin/bzip2"))
+	 Desc.URI = URI + ".bz2"; 
+      else
+	 Desc.URI = URI + ".gz"; 
+   } else {
+      Desc.URI = URI + comprExt; 
+   }
+
    Desc.Description = URIDesc;
    Desc.Owner = this;
    Desc.ShortDesc = ShortDesc;
@@ -176,7 +185,13 @@ void pkgAcqIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
    // no .bz2 found, retry with .gz
    if(Desc.URI.substr(Desc.URI.size()-3,Desc.URI.size()-1) == "bz2") {
       Desc.URI = Desc.URI.substr(0,Desc.URI.size()-3) + "gz"; 
-      QueueURI(Desc);
+
+      // retry with a gzip one 
+      new pkgAcqIndex(Owner, RealURI, Desc.Description,Desc.ShortDesc, 
+		      ExpectedMD5, string(".gz"));
+      Status = StatDone;
+      Complete = false;
+      Dequeue();
       return;
    }
 
@@ -199,6 +214,28 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string MD5,
 
    if (Decompression == true)
    {
+      if (_config->FindB("Debug::pkgAcquire::Auth", false))
+      {
+         std::cerr << std::endl << RealURI << ": Computed MD5: " << MD5;
+         std::cerr << "  Expected MD5: " << ExpectedMD5 << std::endl;
+      }
+
+      if (MD5.empty())
+      {
+         MD5Summation sum;
+         FileFd Fd(DestFile, FileFd::ReadOnly);
+         sum.AddFD(Fd.Fd(), Fd.Size());
+         Fd.Close();
+         MD5 = (string)sum.Result();
+      }
+
+      if (!ExpectedMD5.empty() && MD5 != ExpectedMD5)
+      {
+         Status = StatAuthError;
+         ErrorText = _("MD5Sum mismatch");
+         Rename(DestFile,DestFile + ".FAILED");
+         return;
+      }
       // Done, move it into position
       string FinalFile = _config->FindDir("Dir::State::lists");
       FinalFile += URItoFileName(RealURI);
@@ -226,7 +263,7 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string MD5,
       // The files timestamp matches
       if (StringToBool(LookupTag(Message,"Alt-IMS-Hit"),false) == true)
 	 return;
-      
+
       Decompression = true;
       Local = true;
       DestFile += ".decomp";
@@ -269,31 +306,45 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string MD5,
    QueueURI(Desc);
    Mode = decompProg;
 }
-									/*}}}*/
 
-// AcqIndexRel::pkgAcqIndexRel - Constructor				/*{{{*/
-// ---------------------------------------------------------------------
-/* The Release file is added to the queue */
-pkgAcqIndexRel::pkgAcqIndexRel(pkgAcquire *Owner,
-			    string URI,string URIDesc,string ShortDesc) :
-                      Item(Owner), RealURI(URI)
+pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner,
+			     string URI,string URIDesc,string ShortDesc,
+			     string MetaIndexURI, string MetaIndexURIDesc,
+			     string MetaIndexShortDesc,
+			     const vector<IndexTarget*>* IndexTargets,
+			     indexRecords* MetaIndexParser) :
+   Item(Owner), RealURI(URI), MetaIndexURI(MetaIndexURI),
+   MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc)
 {
+   this->MetaIndexParser = MetaIndexParser;
+   this->IndexTargets = IndexTargets;
    DestFile = _config->FindDir("Dir::State::lists") + "partial/";
    DestFile += URItoFileName(URI);
-   
+
    // Create the item
-   Desc.URI = URI;
    Desc.Description = URIDesc;
-   Desc.ShortDesc = ShortDesc;
    Desc.Owner = this;
+   Desc.ShortDesc = ShortDesc;
+   Desc.URI = URI;
+   
+      
+   string Final = _config->FindDir("Dir::State::lists");
+   Final += URItoFileName(RealURI);
+   struct stat Buf;
+   if (stat(Final.c_str(),&Buf) == 0)
+   {
+      // File was already in place.  It needs to be re-verified
+      // because Release might have changed, so Move it into partial
+      Rename(Final,DestFile);
+   }
 
    QueueURI(Desc);
 }
 									/*}}}*/
-// AcqIndexRel::Custom600Headers - Insert custom request headers	/*{{{*/
+// pkgAcqMetaSig::Custom600Headers - Insert custom request headers	/*{{{*/
 // ---------------------------------------------------------------------
 /* The only header we use is the last-modified header. */
-string pkgAcqIndexRel::Custom600Headers()
+string pkgAcqMetaSig::Custom600Headers()
 {
    string Final = _config->FindDir("Dir::State::lists");
    Final += URItoFileName(RealURI);
@@ -304,14 +355,9 @@ string pkgAcqIndexRel::Custom600Headers()
    
    return "\nIndex-File: true\nLast-Modified: " + TimeRFC1123(Buf.st_mtime);
 }
-									/*}}}*/
-// AcqIndexRel::Done - Item downloaded OK				/*{{{*/
-// ---------------------------------------------------------------------
-/* The release file was not placed into the download directory then
-   a copy URI is generated and it is copied there otherwise the file
-   in the partial directory is moved into .. and the URI is finished. */
-void pkgAcqIndexRel::Done(string Message,unsigned long Size,string MD5,
-			  pkgAcquire::MethodConfig *Cfg)
+
+void pkgAcqMetaSig::Done(string Message,unsigned long Size,string MD5,
+			 pkgAcquire::MethodConfig *Cfg)
 {
    Item::Done(Message,Size,MD5,Cfg);
 
@@ -323,34 +369,34 @@ void pkgAcqIndexRel::Done(string Message,unsigned long Size,string MD5,
       return;
    }
 
-   Complete = true;
-   
-   // The files timestamp matches
-   if (StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
-      return;
-   
-   // We have to copy it into place
    if (FileName != DestFile)
    {
+      // We have to copy it into place
       Local = true;
       Desc.URI = "copy:" + FileName;
       QueueURI(Desc);
       return;
    }
-   
-   // Done, move it into position
-   string FinalFile = _config->FindDir("Dir::State::lists");
-   FinalFile += URItoFileName(RealURI);
-   Rename(DestFile,FinalFile);
-   
-   chmod(FinalFile.c_str(),0644);
+
+   Complete = true;
+
+   // queue a pkgAcqMetaIndex to be verified against the sig we just retrieved
+   new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc,
+		       DestFile, IndexTargets, MetaIndexParser);
+
 }
 									/*}}}*/
-// AcqIndexRel::Failed - Silence failure messages for missing rel files	/*{{{*/
-// ---------------------------------------------------------------------
-/* */
-void pkgAcqIndexRel::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
+void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
 {
+   // Delete any existing sigfile, so that this source isn't
+   // mistakenly trusted
+   string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+   unlink(Final.c_str());
+
+   // queue a pkgAcqMetaIndex with no sigfile
+   new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc,
+		       "", IndexTargets, MetaIndexParser);
+
    if (Cnf->LocalOnly == true || 
        StringToBool(LookupTag(Message,"Transient-Failure"),false) == false)
    {      
@@ -363,6 +409,284 @@ void pkgAcqIndexRel::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
    
    Item::Failed(Message,Cnf);
 }
+
+pkgAcqMetaIndex::pkgAcqMetaIndex(pkgAcquire *Owner,
+				 string URI,string URIDesc,string ShortDesc,
+				 string SigFile,
+				 const vector<struct IndexTarget*>* IndexTargets,
+				 indexRecords* MetaIndexParser) :
+  Item(Owner), RealURI(URI), SigFile(SigFile)
+{
+   this->AuthPass = false;
+   this->MetaIndexParser = MetaIndexParser;
+   this->IndexTargets = IndexTargets;
+   DestFile = _config->FindDir("Dir::State::lists") + "partial/";
+   DestFile += URItoFileName(URI);
+
+   // Create the item
+   Desc.Description = URIDesc;
+   Desc.Owner = this;
+   Desc.ShortDesc = ShortDesc;
+   Desc.URI = URI;
+
+   QueueURI(Desc);
+}
+
+									/*}}}*/
+// pkgAcqMetaIndex::Custom600Headers - Insert custom request headers	/*{{{*/
+// ---------------------------------------------------------------------
+/* The only header we use is the last-modified header. */
+string pkgAcqMetaIndex::Custom600Headers()
+{
+   string Final = _config->FindDir("Dir::State::lists");
+   Final += URItoFileName(RealURI);
+   
+   struct stat Buf;
+   if (stat(Final.c_str(),&Buf) != 0)
+      return "\nIndex-File: true";
+   
+   return "\nIndex-File: true\nLast-Modified: " + TimeRFC1123(Buf.st_mtime);
+}
+
+void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string MD5,
+			   pkgAcquire::MethodConfig *Cfg)
+{
+   Item::Done(Message,Size,MD5,Cfg);
+
+   // MetaIndexes are done in two passes: one to download the
+   // metaindex with an appropriate method, and a second to verify it
+   // with the gpgv method
+
+   if (AuthPass == true)
+   {
+      AuthDone(Message);
+   }
+   else
+   {
+      RetrievalDone(Message);
+      if (!Complete)
+         // Still more retrieving to do
+         return;
+
+      if (SigFile == "")
+      {
+         // There was no signature file, so we are finished.  Download
+         // the indexes without verification.
+         QueueIndexes(false);
+      }
+      else
+      {
+         // There was a signature file, so pass it to gpgv for
+         // verification
+
+         if (_config->FindB("Debug::pkgAcquire::Auth", false))
+            std::cerr << "Metaindex acquired, queueing gpg verification ("
+                      << SigFile << "," << DestFile << ")\n";
+         AuthPass = true;
+         Desc.URI = "gpgv:" + SigFile;
+         QueueURI(Desc);
+         Mode = "gpgv";
+      }
+   }
+}
+
+void pkgAcqMetaIndex::RetrievalDone(string Message)
+{
+   // We have just finished downloading a Release file (it is not
+   // verified yet)
+
+   string FileName = LookupTag(Message,"Filename");
+   if (FileName.empty() == true)
+   {
+      Status = StatError;
+      ErrorText = "Method gave a blank filename";
+      return;
+   }
+
+   if (FileName != DestFile)
+   {
+      Local = true;
+      Desc.URI = "copy:" + FileName;
+      QueueURI(Desc);
+      return;
+   }
+
+   Complete = true;
+
+   string FinalFile = _config->FindDir("Dir::State::lists");
+   FinalFile += URItoFileName(RealURI);
+
+   // The files timestamp matches
+   if (StringToBool(LookupTag(Message,"IMS-Hit"),false) == false)
+   {
+      // Move it into position
+      Rename(DestFile,FinalFile);
+   }
+   DestFile = FinalFile;
+}
+
+void pkgAcqMetaIndex::AuthDone(string Message)
+{
+   // At this point, the gpgv method has succeeded, so there is a
+   // valid signature from a key in the trusted keyring.  We
+   // perform additional verification of its contents, and use them
+   // to verify the indexes we are about to download
+
+   if (!MetaIndexParser->Load(DestFile))
+   {
+      Status = StatAuthError;
+      ErrorText = MetaIndexParser->ErrorText;
+      return;
+   }
+
+   if (!VerifyVendor())
+   {
+      return;
+   }
+
+   if (_config->FindB("Debug::pkgAcquire::Auth", false))
+      std::cerr << "Signature verification succeeded: "
+                << DestFile << std::endl;
+
+   // Download further indexes with verification
+   QueueIndexes(true);
+
+   // Done, move signature file into position
+
+   string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
+      URItoFileName(RealURI) + ".gpg";
+   Rename(SigFile,VerifiedSigFile);
+   chmod(VerifiedSigFile.c_str(),0644);
+}
+
+void pkgAcqMetaIndex::QueueIndexes(bool verify)
+{
+   for (vector <struct IndexTarget*>::const_iterator Target = IndexTargets->begin();
+        Target != IndexTargets->end();
+        Target++)
+   {
+      string ExpectedIndexMD5;
+      if (verify)
+      {
+         const indexRecords::checkSum *Record = MetaIndexParser->Lookup((*Target)->MetaKey);
+         if (!Record)
+         {
+            Status = StatAuthError;
+            ErrorText = "Unable to find expected entry  "
+               + (*Target)->MetaKey + " in Meta-index file (malformed Release file?)";
+            return;
+         }
+         ExpectedIndexMD5 = Record->MD5Hash;
+         if (_config->FindB("Debug::pkgAcquire::Auth", false))
+         {
+            std::cerr << "Queueing: " << (*Target)->URI << std::endl;
+            std::cerr << "Expected MD5: " << ExpectedIndexMD5 << std::endl;
+         }
+         if (ExpectedIndexMD5.empty())
+         {
+            Status = StatAuthError;
+            ErrorText = "Unable to find MD5 sum for "
+               + (*Target)->MetaKey + " in Meta-index file";
+            return;
+         }
+      }
+      
+      // Queue Packages file
+      new pkgAcqIndex(Owner, (*Target)->URI, (*Target)->Description,
+                      (*Target)->ShortDesc, ExpectedIndexMD5);
+   }
+}
+
+bool pkgAcqMetaIndex::VerifyVendor()
+{
+//    // Maybe this should be made available from above so we don't have
+//    // to read and parse it every time?
+//    pkgVendorList List;
+//    List.ReadMainList();
+
+//    const Vendor* Vndr = NULL;
+//    for (std::vector<string>::const_iterator I = GPGVOutput.begin(); I != GPGVOutput.end(); I++)
+//    {
+//       string::size_type pos = (*I).find("VALIDSIG ");
+//       if (_config->FindB("Debug::Vendor", false))
+//          std::cerr << "Looking for VALIDSIG in \"" << (*I) << "\": pos " << pos 
+//                    << std::endl;
+//       if (pos != std::string::npos)
+//       {
+//          string Fingerprint = (*I).substr(pos+sizeof("VALIDSIG"));
+//          if (_config->FindB("Debug::Vendor", false))
+//             std::cerr << "Looking for \"" << Fingerprint << "\" in vendor..." <<
+//                std::endl;
+//          Vndr = List.FindVendor(Fingerprint) != "";
+//          if (Vndr != NULL);
+//          break;
+//       }
+//    }
+
+   string Transformed = MetaIndexParser->GetExpectedDist();
+
+   if (Transformed == "../project/experimental")
+   {
+      Transformed = "experimental";
+   }
+
+   string::size_type pos = Transformed.rfind('/');
+   if (pos != string::npos)
+   {
+      Transformed = Transformed.substr(0, pos);
+   }
+
+   if (Transformed == ".")
+   {
+      Transformed = "";
+   }
+
+   if (_config->FindB("Debug::pkgAcquire::Auth", false)) 
+   {
+      std::cerr << "Got Codename: " << MetaIndexParser->GetDist() << std::endl;
+      std::cerr << "Expecting Dist: " << MetaIndexParser->GetExpectedDist() << std::endl;
+      std::cerr << "Transformed Dist: " << Transformed << std::endl;
+   }
+
+   if (MetaIndexParser->CheckDist(Transformed) == false)
+   {
+      // This might become fatal one day
+//       Status = StatAuthError;
+//       ErrorText = "Conflicting distribution; expected "
+//          + MetaIndexParser->GetExpectedDist() + " but got "
+//          + MetaIndexParser->GetDist();
+//       return false;
+      if (!Transformed.empty())
+      {
+         _error->Warning("Conflicting distribution: %s (expected %s but got %s)",
+                         Desc.Description.c_str(),
+                         Transformed.c_str(),
+                         MetaIndexParser->GetDist().c_str());
+      }
+   }
+
+   return true;
+}
+       								/*}}}*/
+// pkgAcqMetaIndex::Failed - no Release file present or no signature
+//      file present	                                        /*{{{*/
+// ---------------------------------------------------------------------
+/* */
+void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
+{
+   if (AuthPass == true)
+   {
+      // gpgv method failed
+      _error->Warning("GPG error: %s: %s",
+                      Desc.Description.c_str(),
+                      LookupTag(Message,"Message").c_str());
+   }
+
+   // No Release file was present, or verification failed, so fall
+   // back to queueing Packages files without verification
+   QueueIndexes(false);
+}
+
 									/*}}}*/
 
 // AcqArchive::AcqArchive - Constructor					/*{{{*/
@@ -373,7 +697,8 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *Owner,pkgSourceList *Sources,
 			     pkgRecords *Recs,pkgCache::VerIterator const &Version,
 			     string &StoreFilename) :
                Item(Owner), Version(Version), Sources(Sources), Recs(Recs), 
-               StoreFilename(StoreFilename), Vf(Version.FileList())
+               StoreFilename(StoreFilename), Vf(Version.FileList()), 
+	       Trusted(false)
 {
    Retries = _config->FindI("Acquire::Retries",0);
 
@@ -411,7 +736,25 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *Owner,pkgSourceList *Sources,
      	              QuoteString(Version.Arch(),"_:.") + 
 	              "." + flExtension(Parse.FileName());
    }
-      
+
+   // check if we have one trusted source for the package. if so, switch
+   // to "TrustedOnly" mode
+   for (pkgCache::VerFileIterator i = Version.FileList(); i.end() == false; i++)
+   {
+      pkgIndexFile *Index;
+      if (Sources->FindIndex(i.File(),Index) == false)
+         continue;
+      if (_config->FindB("Debug::pkgAcquire::Auth", false))
+      {
+         std::cerr << "Checking index: " << Index->Describe()
+                   << "(Trusted=" << Index->IsTrusted() << ")\n";
+      }
+      if (Index->IsTrusted()) {
+         Trusted = true;
+	 break;
+      }
+   }
+
    // Select a source
    if (QueueNext() == false && _error->PendingError() == false)
       _error->Error(_("I wasn't able to locate file for the %s package. "
@@ -437,6 +780,11 @@ bool pkgAcqArchive::QueueNext()
       if (Sources->FindIndex(Vf.File(),Index) == false)
 	    continue;
       
+      // only try to get a trusted package from another source if that source
+      // is also trusted
+      if(Trusted && !Index->IsTrusted()) 
+	 continue;
+
       // Grab the text package record
       pkgRecords::Parser &Parse = Recs->Lookup(Vf);
       if (_error->PendingError() == true)
@@ -449,6 +797,11 @@ bool pkgAcqArchive::QueueNext()
 			      "field for package %s."),
 			      Version.ParentPkg().Name());
 
+      Desc.URI = Index->ArchiveURI(PkgFile);
+      Desc.Description = Index->ArchiveInfo(Version);
+      Desc.Owner = this;
+      Desc.ShortDesc = Version.ParentPkg().Name();
+
       // See if we already have the file. (Legacy filenames)
       FileSize = Version->Size;
       string FinalFile = _config->FindDir("Dir::Cache::Archives") + flNotDir(PkgFile);
@@ -609,6 +962,14 @@ void pkgAcqArchive::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
    }
 }
 									/*}}}*/
+// AcqArchive::IsTrusted - Determine whether this archive comes from a
+// trusted source							/*{{{*/
+// ---------------------------------------------------------------------
+bool pkgAcqArchive::IsTrusted()
+{
+   return Trusted;
+}
+
 // AcqArchive::Finished - Fetching has finished, tidy up		/*{{{*/
 // ---------------------------------------------------------------------
 /* */
author	Michael Vogt <mvo@debian.org>	2004-12-20 10:10:33 +0000
committer	Michael Vogt <mvo@debian.org>	2004-12-20 10:10:33 +0000
commit	b3d44315ee812ba2d0a99751695b5a4314407ec2 (patch)
tree	134ad0fa45505ee80c8fd3b3a52679daae76de6f /apt-pkg/acquire-item.cc
parent	96b83b826ef733fa4fdfe99dd5009cba5af9a2c4 (diff)