forbid insecure repositories by default expect in apt-get

[apt.git] / apt-pkg / acquire-worker.cc

diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc
index c009f402e11f170eba3f280af6020b960d0b0cdc..2ad0eda7f581308828843129670b059ec4e42417 100644 (file)
--- a/apt-pkg/acquire-worker.cc
+++ b/apt-pkg/acquire-worker.cc
@@ -273,16 +273,19 @@ bool pkgAcquire::Worker::RunMessages()
               // if we change site, treat it as a mirror change
               if (URI::SiteOnly(NewURI) != URI::SiteOnly(desc.URI))
               {
-                 std::string const OldSite = desc.Description.substr(0, desc.Description.find(" "));
-                 if (likely(APT::String::Startswith(desc.URI, OldSite)))
+                 auto const firstSpace = desc.Description.find(" ");
+                 if (firstSpace != std::string::npos)
                  {
-                    std::string const OldExtra = desc.URI.substr(OldSite.length() + 1);
-                    if (likely(APT::String::Endswith(NewURI, OldExtra)))
+                    std::string const OldSite = desc.Description.substr(0, firstSpace);
+                    if (likely(APT::String::Startswith(desc.URI, OldSite)))
                     {
-                       std::string const NewSite = NewURI.substr(0, NewURI.length() - OldExtra.length());
-                       Owner->UsedMirror = URI::ArchiveOnly(NewSite);
-                       if (desc.Description.find(" ") != string::npos)
-                          desc.Description.replace(0, desc.Description.find(" "), Owner->UsedMirror);
+                       std::string const OldExtra = desc.URI.substr(OldSite.length() + 1);
+                       if (likely(APT::String::Endswith(NewURI, OldExtra)))
+                       {
+                          std::string const NewSite = NewURI.substr(0, NewURI.length() - OldExtra.length());
+                          Owner->UsedMirror = URI::ArchiveOnly(NewSite);
+                          desc.Description.replace(0, firstSpace, Owner->UsedMirror);
+                       }
                     }
                  }
               }
@@ -471,18 +474,28 @@ bool pkgAcquire::Worker::RunMessages()
            OwnerQ->ItemDone(Itm);
            Itm = nullptr;
 
-           bool errTransient;
+           bool errTransient = false, errAuthErr = false;
            {
               std::string const failReason = LookupTag(Message, "FailReason");
-              std::string const reasons[] = { "Timeout", "ConnectionRefused",
-                 "ConnectionTimedOut", "ResolveFailure", "TmpResolveFailure" };
-              errTransient = std::find(std::begin(reasons), std::end(reasons), failReason) != std::end(reasons);
+              {
+                 auto const reasons = { "Timeout", "ConnectionRefused",
+                    "ConnectionTimedOut", "ResolveFailure", "TmpResolveFailure" };
+                 errTransient = std::find(std::begin(reasons), std::end(reasons), failReason) != std::end(reasons);
+              }
+              if (errTransient == false)
+              {
+                 auto const reasons = { "HashSumMismatch", "MaximumSizeExceeded" };
+                 errAuthErr = std::find(std::begin(reasons), std::end(reasons), failReason) != std::end(reasons);
+              }
            }
 
            for (auto const Owner: ItmOwners)
            {
-              if (errTransient)
+              if (errAuthErr && Owner->GetExpectedHashes().empty() == false)
+                 Owner->Status = pkgAcquire::Item::StatAuthError;
+              else if (errTransient)
                  Owner->Status = pkgAcquire::Item::StatTransientNetworkError;
+
               if (isDoomedItem(Owner) == false)
                  Owner->Failed(Message,Config);
               if (Log != nullptr)