]> git.saurik.com Git - apt.git/blobdiff - apt-pkg/acquire-item.cc
aborted reverify restores file owner and permission
[apt.git] / apt-pkg / acquire-item.cc
index c63253447f60505f9af82c298c7aad8ae7d31335..9a6e0af013a62b9b5313960242ae8e4bbab7e9d0 100644 (file)
@@ -65,7 +65,7 @@ static void printHashSumComparision(std::string const &URI, HashStringList const
       std::cerr <<  "\t- " << hs->toStr() << std::endl;
 }
                                                                        /*}}}*/
-static void ChangeOwnerAndPermissionOfFile(char const * const requester, char const * const file, char const * const user, char const * const group, mode_t const mode)
+static void ChangeOwnerAndPermissionOfFile(char const * const requester, char const * const file, char const * const user, char const * const group, mode_t const mode) /*{{{*/
 {
    // ensure the file is owned by root and has good permissions
    struct passwd const * const pw = getpwnam(user);
@@ -78,16 +78,46 @@ static void ChangeOwnerAndPermissionOfFile(char const * const requester, char co
    if (chmod(file, mode) != 0)
       _error->WarningE(requester, "chmod 0%o of file %s failed", mode, file);
 }
-static std::string GetPartialFileName(std::string const &file)
+                                                                       /*}}}*/
+static std::string GetPartialFileName(std::string const &file)         /*{{{*/
 {
    std::string DestFile = _config->FindDir("Dir::State::lists") + "partial/";
    DestFile += file;
    return DestFile;
 }
-static std::string GetPartialFileNameFromURI(std::string const &uri)
+                                                                       /*}}}*/
+static std::string GetPartialFileNameFromURI(std::string const &uri)   /*{{{*/
 {
    return GetPartialFileName(URItoFileName(uri));
 }
+                                                                       /*}}}*/
+static std::string GetCompressedFileName(std::string const &URI, std::string const &Name, std::string const &Ext) /*{{{*/
+{
+   if (Ext.empty() || Ext == "uncompressed")
+      return Name;
+
+   // do not reverify cdrom sources as apt-cdrom may rewrite the Packages
+   // file when its doing the indexcopy
+   if (URI.substr(0,6) == "cdrom:")
+      return Name;
+
+   // adjust DestFile if its compressed on disk
+   if (_config->FindB("Acquire::GzipIndexes",false) == true)
+      return Name + '.' + Ext;
+   return Name;
+}
+                                                                       /*}}}*/
+static bool AllowInsecureRepositories(indexRecords const * const MetaIndexParser, pkgAcqMetaBase * const TransactionManager, pkgAcquire::Item * const I) /*{{{*/
+{
+   if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
+      return true;
+
+   _error->Error(_("Use --allow-insecure-repositories to force the update"));
+   TransactionManager->AbortTransaction();
+   I->Status = pkgAcquire::Item::StatError;
+   return false;
+}
+                                                                       /*}}}*/
 
 
 // Acquire::Item::Item - Constructor                                   /*{{{*/
@@ -211,22 +241,22 @@ bool pkgAcquire::Item::Rename(string From,string To)
    return true;
 }
                                                                        /*}}}*/
-
-void pkgAcquire::Item::QueueURI(ItemDesc &Item)
+void pkgAcquire::Item::QueueURI(ItemDesc &Item)                                /*{{{*/
 {
    if (RealFileExists(DestFile))
    {
       std::string SandboxUser = _config->Find("APT::Sandbox::User");
-      ChangeOwnerAndPermissionOfFile("GetPartialFileName", DestFile.c_str(),
+      ChangeOwnerAndPermissionOfFile("Item::QueueURI", DestFile.c_str(),
                                      SandboxUser.c_str(), "root", 0600);
    }
    Owner->Enqueue(Item);
 }
-void pkgAcquire::Item::Dequeue()
+                                                                       /*}}}*/
+void pkgAcquire::Item::Dequeue()                                       /*{{{*/
 {
    Owner->Dequeue(this);
 }
-
+                                                                       /*}}}*/
 bool pkgAcquire::Item::RenameOnError(pkgAcquire::Item::RenameOnErrorState const error)/*{{{*/
 {
    if(FileExists(DestFile))
@@ -1276,9 +1306,7 @@ std::string pkgAcqIndex::GetFinalFilename() const
 {
    std::string FinalFile = _config->FindDir("Dir::State::lists");
    FinalFile += URItoFileName(RealURI);
-   if (_config->FindB("Acquire::GzipIndexes",false) == true)
-      FinalFile += '.' + CurrentCompressionExtension;
-   return FinalFile;
+   return GetCompressedFileName(RealURI, FinalFile, CurrentCompressionExtension);
 }
                                                                        /*}}}*/
 // AcqIndex::ReverifyAfterIMS - Reverify index after an ims-hit                /*{{{*/
@@ -1286,11 +1314,7 @@ void pkgAcqIndex::ReverifyAfterIMS()
 {
    // update destfile to *not* include the compression extension when doing
    // a reverify (as its uncompressed on disk already)
-   DestFile = GetPartialFileNameFromURI(RealURI);
-
-   // adjust DestFile if its compressed on disk
-   if (_config->FindB("Acquire::GzipIndexes",false) == true)
-      DestFile += '.' + CurrentCompressionExtension;
+   DestFile = GetCompressedFileName(RealURI, GetPartialFileNameFromURI(RealURI), CurrentCompressionExtension);
 
    // copy FinalFile into partial/ so that we check the hash again
    string FinalFile = GetFinalFilename();
@@ -1398,11 +1422,6 @@ void pkgAcqIndex::StageDownloadDone(string Message,
    // on if-modfied-since hit to avoid a stale attack against us
    if(StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
    {
-      // do not reverify cdrom sources as apt-cdrom may rewrite the Packages
-      // file when its doing the indexcopy
-      if (RealURI.substr(0,6) == "cdrom:")
-         return;
-
       // The files timestamp matches, reverify by copy into partial/
       EraseFileName = "";
       ReverifyAfterIMS();
@@ -1551,7 +1570,12 @@ void pkgAcqMetaBase::AbortTransaction()
          if(FileExists(PartialFile))
             Rename(PartialFile, PartialFile + ".FAILED");
       }
+      // fix permissions for existing files which were part of a reverify
+      // like InRelease files or files in partial we might work with next time
+      else if (FileExists((*I)->DestFile))
+        ChangeOwnerAndPermissionOfFile("AbortTransaction", (*I)->DestFile.c_str(), "root", "root", 0644);
    }
+   Transaction.clear();
 }
                                                                        /*}}}*/
 // AcqMetaBase::TransactionHasError - Check for errors in Transaction  /*{{{*/
@@ -1598,6 +1622,7 @@ void pkgAcqMetaBase::CommitTransaction()
       // mark that this transaction is finished
       (*I)->TransactionManager = 0;
    }
+   Transaction.clear();
 }
                                                                        /*}}}*/
 // AcqMetaBase::TransactionStageCopy - Stage a file for copying                /*{{{*/
@@ -1777,16 +1802,12 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
    TransactionManager->TransactionStageRemoval(this, DestFile);
 
    // only allow going further if the users explicitely wants it
-   if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
+   if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true)
    {
       // we parse the indexes here because at this point the user wanted
       // a repository that may potentially harm him
       MetaIndexParser->Load(MetaIndexFile);
       QueueIndexes(true);
-   } 
-   else 
-   {
-      _error->Error("Use --allow-insecure-repositories to force the update");
    }
 
    Item::Failed(Message,Cnf);
@@ -2155,7 +2176,7 @@ void pkgAcqMetaIndex::Failed(string Message,
    // No Release file was present so fall
    // back to queueing Packages files without verification
    // only allow going further if the users explicitely wants it
-   if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
+   if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true)
    {
       // Done, queue for rename on transaction finished
       if (FileExists(DestFile)) 
@@ -2163,12 +2184,6 @@ void pkgAcqMetaIndex::Failed(string Message,
 
       // queue without any kind of hashsum support
       QueueIndexes(false);
-   } else {
-      // warn if the repository is unsinged
-      _error->Error("Use --allow-insecure-repositories to force the update");
-      TransactionManager->AbortTransaction();
-      Status = StatError;
-      return;
    }
 }
                                                                        /*}}}*/
@@ -2279,7 +2294,7 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*
       // No Release file was present, or verification failed, so fall
       // back to queueing Packages files without verification
       // only allow going further if the users explicitely wants it
-      if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
+      if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true)
       {
         Status = StatDone;
 
@@ -2300,11 +2315,6 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*
             TransactionManager->TransactionStageCopy(this, DestFile, FinalFile);
          }
          QueueIndexes(false);
-      } else {
-         // warn if the repository is unsigned
-         _error->Error("Use --allow-insecure-repositories to force the update");
-         TransactionManager->AbortTransaction();
-         Status = StatError;
       }
    }
 }