std::cerr << "\t- " << hs->toStr() << std::endl;
}
/*}}}*/
-static void ChangeOwnerAndPermissionOfFile(char const * const requester, char const * const file, char const * const user, char const * const group, mode_t const mode)
+static void ChangeOwnerAndPermissionOfFile(char const * const requester, char const * const file, char const * const user, char const * const group, mode_t const mode) /*{{{*/
{
// ensure the file is owned by root and has good permissions
struct passwd const * const pw = getpwnam(user);
if (chmod(file, mode) != 0)
_error->WarningE(requester, "chmod 0%o of file %s failed", mode, file);
}
-static std::string GetPartialFileName(std::string const &file)
+ /*}}}*/
+static std::string GetPartialFileName(std::string const &file) /*{{{*/
{
std::string DestFile = _config->FindDir("Dir::State::lists") + "partial/";
DestFile += file;
return DestFile;
}
-static std::string GetPartialFileNameFromURI(std::string const &uri)
+ /*}}}*/
+static std::string GetPartialFileNameFromURI(std::string const &uri) /*{{{*/
{
return GetPartialFileName(URItoFileName(uri));
}
+ /*}}}*/
+static std::string GetCompressedFileName(std::string const &URI, std::string const &Name, std::string const &Ext) /*{{{*/
+{
+ if (Ext.empty() || Ext == "uncompressed")
+ return Name;
+
+ // do not reverify cdrom sources as apt-cdrom may rewrite the Packages
+ // file when its doing the indexcopy
+ if (URI.substr(0,6) == "cdrom:")
+ return Name;
+
+ // adjust DestFile if its compressed on disk
+ if (_config->FindB("Acquire::GzipIndexes",false) == true)
+ return Name + '.' + Ext;
+ return Name;
+}
+ /*}}}*/
+static bool AllowInsecureRepositories(indexRecords const * const MetaIndexParser, pkgAcqMetaBase * const TransactionManager, pkgAcquire::Item * const I) /*{{{*/
+{
+ if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
+ return true;
+
+ _error->Error(_("Use --allow-insecure-repositories to force the update"));
+ TransactionManager->AbortTransaction();
+ I->Status = pkgAcquire::Item::StatError;
+ return false;
+}
+ /*}}}*/
// Acquire::Item::Item - Constructor /*{{{*/
return true;
}
/*}}}*/
-
-void pkgAcquire::Item::QueueURI(ItemDesc &Item)
+void pkgAcquire::Item::QueueURI(ItemDesc &Item) /*{{{*/
{
if (RealFileExists(DestFile))
- ChangeOwnerAndPermissionOfFile("GetPartialFileName", DestFile.c_str(), "_apt", "root", 0600);
+ {
+ std::string SandboxUser = _config->Find("APT::Sandbox::User");
+ ChangeOwnerAndPermissionOfFile("GetPartialFileName", DestFile.c_str(),
+ SandboxUser.c_str(), "root", 0600);
+ }
Owner->Enqueue(Item);
}
-void pkgAcquire::Item::Dequeue()
+ /*}}}*/
+void pkgAcquire::Item::Dequeue() /*{{{*/
{
Owner->Dequeue(this);
}
-
+ /*}}}*/
bool pkgAcquire::Item::RenameOnError(pkgAcquire::Item::RenameOnErrorState const error)/*{{{*/
{
if(FileExists(DestFile))
{
std::string FinalFile = _config->FindDir("Dir::State::lists");
FinalFile += URItoFileName(RealURI);
- if (_config->FindB("Acquire::GzipIndexes",false) == true)
- FinalFile += '.' + CurrentCompressionExtension;
- return FinalFile;
+ return GetCompressedFileName(RealURI, FinalFile, CurrentCompressionExtension);
}
/*}}}*/
// AcqIndex::ReverifyAfterIMS - Reverify index after an ims-hit /*{{{*/
{
// update destfile to *not* include the compression extension when doing
// a reverify (as its uncompressed on disk already)
- DestFile = GetPartialFileNameFromURI(RealURI);
-
- // adjust DestFile if its compressed on disk
- if (_config->FindB("Acquire::GzipIndexes",false) == true)
- DestFile += '.' + CurrentCompressionExtension;
+ DestFile = GetCompressedFileName(RealURI, GetPartialFileNameFromURI(RealURI), CurrentCompressionExtension);
// copy FinalFile into partial/ so that we check the hash again
string FinalFile = GetFinalFilename();
// on if-modfied-since hit to avoid a stale attack against us
if(StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
{
- // do not reverify cdrom sources as apt-cdrom may rewrite the Packages
- // file when its doing the indexcopy
- if (RealURI.substr(0,6) == "cdrom:")
- return;
-
// The files timestamp matches, reverify by copy into partial/
EraseFileName = "";
ReverifyAfterIMS();
indexRecords *MetaIndexParser)
: pkgAcqIndex(Owner, TransactionManager, Target, ExpectedHashes, MetaIndexParser)
{
- // load the filesize
- indexRecords::checkSum *Record = MetaIndexParser->Lookup(string(Target->MetaKey));
- if(Record)
- FileSize = Record->Size;
}
/*}}}*/
// AcqIndexTrans::Custom600Headers - Insert custom request headers /*{{{*/
Rename(PartialFile, PartialFile + ".FAILED");
}
}
+ Transaction.clear();
}
/*}}}*/
// AcqMetaBase::TransactionHasError - Check for errors in Transaction /*{{{*/
// mark that this transaction is finished
(*I)->TransactionManager = 0;
}
+ Transaction.clear();
}
/*}}}*/
// AcqMetaBase::TransactionStageCopy - Stage a file for copying /*{{{*/
return;
}
}
+ else
+ _error->Warning(_("The data from '%s' is not signed. Packages "
+ "from that repository can not be authenticated."),
+ URIDesc.c_str());
// this ensures that any file in the lists/ dir is removed by the
// transaction
TransactionManager->TransactionStageRemoval(this, DestFile);
// only allow going further if the users explicitely wants it
- if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
+ if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true)
{
// we parse the indexes here because at this point the user wanted
// a repository that may potentially harm him
MetaIndexParser->Load(MetaIndexFile);
QueueIndexes(true);
- }
- else
- {
- _error->Error("Use --allow-insecure-repositories to force the update");
}
Item::Failed(Message,Cnf);
// No Release file was present so fall
// back to queueing Packages files without verification
// only allow going further if the users explicitely wants it
- if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
+ if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true)
{
// Done, queue for rename on transaction finished
if (FileExists(DestFile))
// queue without any kind of hashsum support
QueueIndexes(false);
- } else {
- // warn if the repository is unsinged
- _error->Error("Use --allow-insecure-repositories to force the update");
- TransactionManager->AbortTransaction();
- Status = StatError;
- return;
}
}
/*}}}*/
// No Release file was present, or verification failed, so fall
// back to queueing Packages files without verification
// only allow going further if the users explicitely wants it
- if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
+ if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true)
{
Status = StatDone;
TransactionManager->TransactionStageCopy(this, DestFile, FinalFile);
}
QueueIndexes(false);
- } else {
- // warn if the repository is unsigned
- _error->Error("Use --allow-insecure-repositories to force the update");
- TransactionManager->AbortTransaction();
- Status = StatError;
}
}
}
else
{
PartialSize = Buf.st_size;
- ChangeOwnerAndPermissionOfFile("pkgAcqArchive::QueueNext", DestFile.c_str(), "_apt", "root", 0600);
+ std::string SandboxUser = _config->Find("APT::Sandbox::User");
+ ChangeOwnerAndPermissionOfFile("pkgAcqArchive::QueueNext",DestFile.c_str(), SandboxUser.c_str(), "root", 0600);
}
}
else
{
PartialSize = Buf.st_size;
- ChangeOwnerAndPermissionOfFile("pkgAcqFile", DestFile.c_str(), "_apt", "root", 0600);
+ std::string SandboxUser = _config->Find("APT::Sandbox::User");
+ ChangeOwnerAndPermissionOfFile("pkgAcqFile", DestFile.c_str(), SandboxUser.c_str(), "root", 0600);
}
}