summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorDavid Kalnischkies <kalnischkies@gmail.com>2011-01-20 14:53:52 +0100
committerDavid Kalnischkies <kalnischkies@gmail.com>2011-01-20 14:53:52 +0100
commitfe0f7911b650918e1d511b3453664a07f6d966d0 (patch)
tree6cf87ad25812aa318624fadbc814875e58f4b4f1 /apt-pkg
parent248ec5ab008a1dfa5bf441b0d40b6c1859954746 (diff)
- try downloading clearsigned InRelease before trying Release.gpg
* apt-pkg/deb/deblistparser.cc: - rewrite LoadReleaseInfo to cope with clearsigned Releasefiles
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/acquire-item.cc54
-rw-r--r--apt-pkg/acquire-item.h33
-rw-r--r--apt-pkg/deb/debindexfile.cc8
-rw-r--r--apt-pkg/deb/deblistparser.cc114
-rw-r--r--apt-pkg/deb/debmetaindex.cc34
-rw-r--r--apt-pkg/indexcopy.cc3
-rw-r--r--apt-pkg/indexrecords.cc17
-rw-r--r--apt-pkg/tagfile.cc10
-rw-r--r--apt-pkg/tagfile.h2
9 files changed, 205 insertions, 70 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index d4e90b552..2cd6ab359 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1077,6 +1077,8 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string Hash, /*{{{*
{
string FinalFile = _config->FindDir("Dir::State::lists");
FinalFile += URItoFileName(RealURI);
+ if (SigFile == DestFile)
+ SigFile = FinalFile;
Rename(DestFile,FinalFile);
chmod(FinalFile.c_str(),0644);
DestFile = FinalFile;
@@ -1110,6 +1112,8 @@ void pkgAcqMetaIndex::RetrievalDone(string Message) /*{{{*/
{
string FinalFile = _config->FindDir("Dir::State::lists");
FinalFile += URItoFileName(RealURI);
+ if (SigFile == DestFile)
+ SigFile = FinalFile;
DestFile = FinalFile;
}
Complete = true;
@@ -1141,6 +1145,10 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/
// Download further indexes with verification
QueueIndexes(true);
+ // is it a clearsigned MetaIndex file?
+ if (DestFile == SigFile)
+ return;
+
// Done, move signature file into position
string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
URItoFileName(RealURI) + ".gpg";
@@ -1300,13 +1308,20 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
if (AuthPass == true)
{
// gpgv method failed, if we have a good signature
- string LastGoodSigFile = _config->FindDir("Dir::State::lists") +
- "partial/" + URItoFileName(RealURI) + ".gpg.reverify";
+ string LastGoodSigFile = _config->FindDir("Dir::State::lists");
+ if (DestFile == SigFile)
+ LastGoodSigFile.append(URItoFileName(RealURI));
+ else
+ LastGoodSigFile.append("partial/").append(URItoFileName(RealURI)).append(".gpg.reverify");
+
if(FileExists(LastGoodSigFile))
{
- string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
- URItoFileName(RealURI) + ".gpg";
- Rename(LastGoodSigFile,VerifiedSigFile);
+ if (DestFile != SigFile)
+ {
+ string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
+ URItoFileName(RealURI) + ".gpg";
+ Rename(LastGoodSigFile,VerifiedSigFile);
+ }
Status = StatTransientNetworkError;
_error->Warning(_("A error occurred during the signature "
"verification. The repository is not updated "
@@ -1330,6 +1345,35 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
QueueIndexes(false);
}
/*}}}*/
+pkgAcqMetaClearSig::pkgAcqMetaClearSig(pkgAcquire *Owner, /*{{{*/
+ string const &URI, string const &URIDesc, string const &ShortDesc,
+ string const &MetaIndexURI, string const &MetaIndexURIDesc, string const &MetaIndexShortDesc,
+ string const &MetaSigURI, string const &MetaSigURIDesc, string const &MetaSigShortDesc,
+ const vector<struct IndexTarget*>* IndexTargets,
+ indexRecords* MetaIndexParser) :
+ pkgAcqMetaIndex(Owner, URI, URIDesc, ShortDesc, "", IndexTargets, MetaIndexParser),
+ MetaIndexURI(MetaIndexURI), MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc),
+ MetaSigURI(MetaSigURI), MetaSigURIDesc(MetaSigURIDesc), MetaSigShortDesc(MetaSigShortDesc)
+{
+ SigFile = DestFile;
+}
+ /*}}}*/
+void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*{{{*/
+{
+ if (AuthPass == false)
+ {
+ new pkgAcqMetaSig(Owner,
+ MetaSigURI, MetaSigURIDesc, MetaSigShortDesc,
+ MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc,
+ IndexTargets, MetaIndexParser);
+ if (Cnf->LocalOnly == true ||
+ StringToBool(LookupTag(Message, "Transient-Failure"), false) == false)
+ Dequeue();
+ }
+ else
+ pkgAcqMetaIndex::Failed(Message, Cnf);
+}
+ /*}}}*/
// AcqArchive::AcqArchive - Constructor /*{{{*/
// ---------------------------------------------------------------------
/* This just sets up the initial fetch environment and queues the first
diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h
index d97a96a0f..581761e32 100644
--- a/apt-pkg/acquire-item.h
+++ b/apt-pkg/acquire-item.h
@@ -772,6 +772,39 @@ class pkgAcqMetaIndex : public pkgAcquire::Item
indexRecords* MetaIndexParser);
};
/*}}}*/
+/** \brief An item repsonsible for downloading clearsigned metaindexes {{{*/
+class pkgAcqMetaClearSig : public pkgAcqMetaIndex
+{
+ /** \brief The URI of the meta-index file for the detached signature */
+ string MetaIndexURI;
+
+ /** \brief A "URI-style" description of the meta-index file */
+ string MetaIndexURIDesc;
+
+ /** \brief A brief description of the meta-index file */
+ string MetaIndexShortDesc;
+
+ /** \brief The URI of the detached meta-signature file if the clearsigned one failed. */
+ string MetaSigURI;
+
+ /** \brief A "URI-style" description of the meta-signature file */
+ string MetaSigURIDesc;
+
+ /** \brief A brief description of the meta-signature file */
+ string MetaSigShortDesc;
+
+public:
+ void Failed(string Message,pkgAcquire::MethodConfig *Cnf);
+
+ /** \brief Create a new pkgAcqMetaClearSig. */
+ pkgAcqMetaClearSig(pkgAcquire *Owner,
+ string const &URI, string const &URIDesc, string const &ShortDesc,
+ string const &MetaIndexURI, string const &MetaIndexURIDesc, string const &MetaIndexShortDesc,
+ string const &MetaSigURI, string const &MetaSigURIDesc, string const &MetaSigShortDesc,
+ const vector<struct IndexTarget*>* IndexTargets,
+ indexRecords* MetaIndexParser);
+};
+ /*}}}*/
/** \brief An item that is responsible for fetching a package file. {{{
*
* If the package file already exists in the cache, nothing will be
diff --git a/apt-pkg/deb/debindexfile.cc b/apt-pkg/deb/debindexfile.cc
index af1209ccb..9961b5ae4 100644
--- a/apt-pkg/deb/debindexfile.cc
+++ b/apt-pkg/deb/debindexfile.cc
@@ -324,8 +324,14 @@ bool debPackagesIndex::Merge(pkgCacheGenerator &Gen,OpProgress *Prog) const
return _error->Error("Problem with MergeList %s",PackageFile.c_str());
// Check the release file
- string ReleaseFile = debReleaseIndex(URI,Dist).MetaIndexFile("Release");
+ string ReleaseFile = debReleaseIndex(URI,Dist).MetaIndexFile("InRelease");
+ bool releaseExists = false;
if (FileExists(ReleaseFile) == true)
+ releaseExists = true;
+ else
+ ReleaseFile = debReleaseIndex(URI,Dist).MetaIndexFile("Release");
+
+ if (releaseExists == true || FileExists(ReleaseFile) == true)
{
FileFd Rel(ReleaseFile,FileFd::ReadOnly);
if (_error->PendingError() == true)
diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
index 1b3bfd6ae..9201e6a54 100644
--- a/apt-pkg/deb/deblistparser.cc
+++ b/apt-pkg/deb/deblistparser.cc
@@ -783,45 +783,89 @@ bool debListParser::Step()
bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator &FileI,
FileFd &File, string component)
{
- pkgTagFile Tags(&File, File.Size() + 256); // XXX
- pkgTagSection Section;
- if (Tags.Step(Section) == false)
- return false;
-
- // FIXME: Do we need it now for multi-arch?
- // mvo: I don't think we need to fill that in (it's unused since apt-0.6)
-// FileI->Architecture = WriteUniqString(Arch);
-
// apt-secure does no longer download individual (per-section) Release
// file. to provide Component pinning we use the section name now
FileI->Component = WriteUniqString(component);
- const char *Start;
- const char *Stop;
- if (Section.Find("Suite",Start,Stop) == true)
- FileI->Archive = WriteUniqString(Start,Stop - Start);
- if (Section.Find("Component",Start,Stop) == true)
- FileI->Component = WriteUniqString(Start,Stop - Start);
- if (Section.Find("Version",Start,Stop) == true)
- FileI->Version = WriteUniqString(Start,Stop - Start);
- if (Section.Find("Origin",Start,Stop) == true)
- FileI->Origin = WriteUniqString(Start,Stop - Start);
- if (Section.Find("Codename",Start,Stop) == true)
- FileI->Codename = WriteUniqString(Start,Stop - Start);
- if (Section.Find("Label",Start,Stop) == true)
- FileI->Label = WriteUniqString(Start,Stop - Start);
- if (Section.Find("Architecture",Start,Stop) == true)
- FileI->Architecture = WriteUniqString(Start,Stop - Start);
-
- if (Section.FindFlag("NotAutomatic",FileI->Flags,
- pkgCache::Flag::NotAutomatic) == false)
- _error->Warning("Bad NotAutomatic flag");
- if (Section.FindFlag("ButAutomaticUpgrades",FileI->Flags,
- pkgCache::Flag::ButAutomaticUpgrades) == false)
- _error->Warning("Bad ButAutomaticUpgrades flag");
- // overrule the NotAutomatic setting if needed as they are both present for compatibility
- else if ((FileI->Flags & pkgCache::Flag::ButAutomaticUpgrades) == pkgCache::Flag::ButAutomaticUpgrades)
- FileI->Flags &= ~pkgCache::Flag::NotAutomatic;
+ FILE* release = fdopen(dup(File.Fd()), "r");
+ if (release == NULL)
+ return false;
+
+ char buffer[101];
+ bool gpgClose = false;
+ while (fgets(buffer, sizeof(buffer), release) != NULL)
+ {
+ size_t len = 0;
+
+ // Skip empty lines
+ for (; buffer[len] == '\r' && buffer[len] == '\n'; ++len);
+ if (buffer[len] == '\0')
+ continue;
+
+ // only evalute the first GPG section
+ if (strncmp("-----", buffer, 5) == 0)
+ {
+ if (gpgClose == true)
+ break;
+ gpgClose = true;
+ continue;
+ }
+
+ // seperate the tag from the data
+ for (; buffer[len] != ':' && buffer[len] != '\0'; ++len);
+ if (buffer[len] == '\0')
+ continue;
+ char* dataStart = buffer + len;
+ for (++dataStart; *dataStart == ' '; ++dataStart);
+ char* dataEnd = dataStart;
+ for (++dataEnd; *dataEnd != '\0'; ++dataEnd);
+
+ // which datastorage need to be updated
+ map_ptrloc* writeTo = NULL;
+ if (buffer[0] == ' ')
+ ;
+ #define APT_PARSER_WRITETO(X, Y) else if (strncmp(Y, buffer, len) == 0) writeTo = &X;
+ APT_PARSER_WRITETO(FileI->Archive, "Suite")
+ APT_PARSER_WRITETO(FileI->Component, "Component")
+ APT_PARSER_WRITETO(FileI->Version, "Version")
+ APT_PARSER_WRITETO(FileI->Origin, "Origin")
+ APT_PARSER_WRITETO(FileI->Codename, "Codename")
+ APT_PARSER_WRITETO(FileI->Label, "Label")
+ #undef APT_PARSER_WRITETO
+ #define APT_PARSER_FLAGIT(X) else if (strncmp(#X, buffer, len) == 0) \
+ pkgTagSection::FindFlag(FileI->Flags, pkgCache::Flag:: X, dataStart, dataEnd-1);
+ APT_PARSER_FLAGIT(NotAutomatic)
+ APT_PARSER_FLAGIT(ButAutomaticUpgrades)
+ #undef APT_PARSER_FLAGIT
+
+ // load all data from the line and save it
+ string data;
+ if (writeTo != NULL)
+ data.append(dataStart, dataEnd);
+ if (sizeof(buffer) - 1 == (dataEnd - buffer))
+ {
+ while (fgets(buffer, sizeof(buffer), release) != NULL)
+ {
+ if (writeTo != NULL)
+ data.append(buffer);
+ if (strlen(buffer) != sizeof(buffer) - 1)
+ break;
+ }
+ }
+ if (writeTo != NULL)
+ {
+ // remove spaces and stuff from the end of the data line
+ for (std::string::reverse_iterator s = data.rbegin();
+ s != data.rend(); ++s)
+ {
+ if (*s != '\r' && *s != '\n' && *s != ' ')
+ break;
+ *s = '\0';
+ }
+ *writeTo = WriteUniqString(data);
+ }
+ }
+ fclose(release);
return !_error->PendingError();
}
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 717d0bcde..e2c680b14 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -182,21 +182,15 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
new pkgAcqIndex(Owner, (*Target)->URI, (*Target)->Description,
(*Target)->ShortDesc, HashString());
}
- // this is normally created in pkgAcqMetaSig, but if we run
- // in --print-uris mode, we add it here
- new pkgAcqMetaIndex(Owner, MetaIndexURI("Release"),
- MetaIndexInfo("Release"), "Release",
- MetaIndexURI("Release.gpg"),
- ComputeIndexTargets(),
- new indexRecords (Dist));
-
}
- new pkgAcqMetaSig(Owner, MetaIndexURI("Release.gpg"),
- MetaIndexInfo("Release.gpg"), "Release.gpg",
- MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
- ComputeIndexTargets(),
- new indexRecords (Dist));
+ new pkgAcqMetaClearSig(Owner, MetaIndexURI("InRelease"),
+ MetaIndexInfo("InRelease"), "InRelease",
+ MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
+ MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
+ ComputeIndexTargets(),
+ new indexRecords (Dist));
+
// Queue the translations
std::vector<std::string> const lang = APT::Configuration::getLanguages(true);
@@ -224,16 +218,20 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
bool debReleaseIndex::IsTrusted() const
{
- string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
- URItoFileName(MetaIndexURI("Release")) + ".gpg";
-
if(_config->FindB("APT::Authentication::TrustCDROM", false))
if(URI.substr(0,strlen("cdrom:")) == "cdrom:")
return true;
-
+
+ string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
+ URItoFileName(MetaIndexURI("Release")) + ".gpg";
+
if (FileExists(VerifiedSigFile))
return true;
- return false;
+
+ VerifiedSigFile = _config->FindDir("Dir::State::lists") +
+ URItoFileName(MetaIndexURI("InRelease"));
+
+ return FileExists(VerifiedSigFile);
}
vector <pkgIndexFile *> *debReleaseIndex::GetIndexFiles() {
diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc
index f88d51fc5..c2ee1c347 100644
--- a/apt-pkg/indexcopy.cc
+++ b/apt-pkg/indexcopy.cc
@@ -722,7 +722,8 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG,
}
Args.push_back(FileGPG.c_str());
- Args.push_back(File.c_str());
+ if (FileGPG != File)
+ Args.push_back(File.c_str());
Args.push_back(NULL);
if (Debug == true)
diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc
index eb9a36866..10e154ad2 100644
--- a/apt-pkg/indexrecords.cc
+++ b/apt-pkg/indexrecords.cc
@@ -55,14 +55,17 @@ bool indexRecords::Load(const string Filename) /*{{{*/
}
pkgTagSection Section;
- if (TagFile.Step(Section) == false)
- {
- strprintf(ErrorText, _("No sections in Release file %s"), Filename.c_str());
- return false;
- }
-
const char *Start, *End;
- Section.Get (Start, End, 0);
+ // Skip over sections beginning with ----- as this is an idicator for clearsigns
+ do {
+ if (TagFile.Step(Section) == false)
+ {
+ strprintf(ErrorText, _("No sections in Release file %s"), Filename.c_str());
+ return false;
+ }
+
+ Section.Get (Start, End, 0);
+ } while (End - Start > 5 && strncmp(Start, "-----", 5) == 0);
Suite = Section.FindS("Suite");
Dist = Section.FindS("Codename");
diff --git a/apt-pkg/tagfile.cc b/apt-pkg/tagfile.cc
index 96a681bec..4a2f3f7e6 100644
--- a/apt-pkg/tagfile.cc
+++ b/apt-pkg/tagfile.cc
@@ -399,9 +399,13 @@ bool pkgTagSection::FindFlag(const char *Tag,unsigned long &Flags,
const char *Stop;
if (Find(Tag,Start,Stop) == false)
return true;
-
- switch (StringToBool(string(Start,Stop)))
- {
+ return FindFlag(Flags, Flag, Start, Stop);
+}
+bool const pkgTagSection::FindFlag(unsigned long &Flags, unsigned long Flag,
+ char const* Start, char const* Stop)
+{
+ switch (StringToBool(string(Start, Stop)))
+ {
case 0:
Flags &= ~Flag;
return true;
diff --git a/apt-pkg/tagfile.h b/apt-pkg/tagfile.h
index 6891c1d81..61491aa04 100644
--- a/apt-pkg/tagfile.h
+++ b/apt-pkg/tagfile.h
@@ -60,6 +60,8 @@ class pkgTagSection
unsigned long long FindULL(const char *Tag, unsigned long long const &Default = 0) const;
bool FindFlag(const char *Tag,unsigned long &Flags,
unsigned long Flag) const;
+ bool static const FindFlag(unsigned long &Flags, unsigned long Flag,
+ const char* Start, const char* Stop);
bool Scan(const char *Start,unsigned long MaxLength);
inline unsigned long size() const {return Stop - Section;};
void Trim();