if (isError)
{
_error->Error("%s", msg.c_str());
- _error->Notice("%s", _("Updating such a repository securily is impossible and therefore disabled by default."));
+ _error->Notice("%s", _("Updating from such a repository can't be done securely, and is therefore disabled by default."));
}
else
{
_error->Warning("%s", msg.c_str());
- _error->Notice("%s", _("Data from such a repository can not be authenticated and is therefore potentially dangerous to use."));
+ _error->Notice("%s", _("Data from such a repository can't be authenticated and is therefore potentially dangerous to use."));
}
_error->Notice("%s", _("See apt-secure(8) manpage for repository creation and user configuration details."));
return false;
// download time, bandwidth and diskspace for nothing, BUT Debian doesn't feature all
// in the set of supported architectures, so we can filter based on this property rather
// than invent an entirely new flag we would need to carry for all of eternity.
- if (Target->Option(IndexTarget::ARCHITECTURE) == "all" &&
- TransactionManager->MetaIndexParser->IsArchitectureSupported("all") == false)
- continue;
+ if (Target->Option(IndexTarget::ARCHITECTURE) == "all")
+ {
+ if (TransactionManager->MetaIndexParser->IsArchitectureSupported("all") == false)
+ continue;
+ if (TransactionManager->MetaIndexParser->IsArchitectureAllSupportedFor(*Target) == false)
+ continue;
+ }
bool trypdiff = Target->OptionBool(IndexTarget::PDIFFS);
if (verify == true)
strprintf(ErrorText, _("Unable to find expected entry '%s' in Release file (Wrong sources.list entry or malformed file)"), Target->MetaKey.c_str());
return;
}
+ else
+ {
+ auto const hashes = GetExpectedHashesFor(Target->MetaKey);
+ if (hashes.usable() == false && hashes.empty() == false)
+ {
+ _error->Warning(_("Skipping acquire of configured file '%s' as repository '%s' provides only weak security information for it"),
+ Target->MetaKey.c_str(), TransactionManager->Target.Description.c_str());
+ continue;
+ }
+ }
// autoselect the compression method
std::vector<std::string> types = VectorizeString(Target->Option(IndexTarget::COMPRESSIONTYPES), ' ');
// No Release file was present, or verification failed, so fall
// back to queueing Packages files without verification
- // only allow going further if the users explicitely wants it
+ // only allow going further if the user explicitly wants it
if(AllowInsecureRepositories(_("The repository '%s' is not signed."), ClearsignedTarget.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
{
Status = StatDone;
// No Release file was present so fall
// back to queueing Packages files without verification
- // only allow going further if the users explicitely wants it
+ // only allow going further if the user explicitly wants it
if(AllowInsecureRepositories(_("The repository '%s' does not have a Release file."), Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
{
// ensure old Release files are removed
// ensures that a Release.gpg file in the lists/ is removed by the transaction
TransactionManager->TransactionStageRemoval(this, DestFile);
- // only allow going further if the users explicitely wants it
+ // only allow going further if the user explicitly wants it
if (AllowInsecureRepositories(_("The repository '%s' is not signed."), MetaIndex->Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
{
if (RealFileExists(FinalReleasegpg) || RealFileExists(FinalInRelease))
std::clog << "Server-Current: " << ServerHashes.find(NULL)->toStr() << " and we start at "
<< CurrentPackagesFile << " " << LocalHashes.FileSize() << " " << LocalHashes.find(NULL)->toStr() << std::endl;
+ // historically, older hashes have more info than newer ones, so start
+ // collecting with older ones first to avoid implementing complicated
+ // information merging techniques… a failure is after all always
+ // recoverable with a complete file and hashes aren't changed that often.
+ std::vector<char const *> types;
+ for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type)
+ types.push_back(*type);
+
// parse all of (provided) history
vector<DiffInfo> available_patches;
bool firstAcceptedHashes = true;
- for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type)
+ for (auto type = types.crbegin(); type != types.crend(); ++type)
{
if (LocalHashes.find(*type) == NULL)
continue;
return false;
}
- for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type)
+ for (auto type = types.crbegin(); type != types.crend(); ++type)
{
if (LocalHashes.find(*type) == NULL)
continue;
}
}
- for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type)
+ for (auto type = types.crbegin(); type != types.crend(); ++type)
{
std::string tagname = *type;
tagname.append("-Download");
char const * const Component, char const * const SrcName,
char const * const SrcVersion)
{
- if (Template.find("CHANGEPATH") == std::string::npos)
+ if (Template.find("@CHANGEPATH@") == std::string::npos)
return "";
// the path is: COMPONENT/SRC/SRCNAME/SRCNAME_SRCVER, e.g. main/a/apt/1.1 or contrib/liba/libapt/2.0
if (Component != NULL && strlen(Component) != 0)
path = std::string(Component) + "/" + path;
- return SubstVar(Template, "CHANGEPATH", path);
+ return SubstVar(Template, "@CHANGEPATH@", path);
}
/*}}}*/
// AcqChangelog::Failed - Failure handler /*{{{*/