+ bool VerifyVendor(std::string Message, const std::string &RealURI);
+
+ public:
+ // transaction code
+ void Add(Item *I);
+ void AbortTransaction();
+ bool TransactionHasError() APT_PURE;
+ void CommitTransaction();
+
+ /** \brief Stage (queue) a copy action when the transaction is committed
+ */
+ void TransactionStageCopy(Item *I,
+ const std::string &From,
+ const std::string &To);
+ /** \brief Stage (queue) a removal action when the transaction is committed
+ */
+ void TransactionStageRemoval(Item *I, const std::string &FinalFile);
+
+ pkgAcqMetaBase(pkgAcquire *Owner,
+ const std::vector<IndexTarget*>* IndexTargets,
+ indexRecords* MetaIndexParser,
+ HashStringList const &ExpectedHashes=HashStringList(),
+ pkgAcqMetaBase *TransactionManager=NULL)
+ : Item(Owner, ExpectedHashes, TransactionManager),
+ MetaIndexParser(MetaIndexParser), IndexTargets(IndexTargets),
+ AuthPass(false), IMSHit(false) {};
+};
+ /*}}}*/
+/** \brief An acquire item that downloads the detached signature {{{
+ * of a meta-index (Release) file, then queues up the release
+ * file itself.
+ *
+ * \todo Why protected members?
+ *
+ * \sa pkgAcqMetaIndex
+ */
+class APT_HIDDEN pkgAcqMetaSig : public pkgAcqMetaBase
+{
+ void *d;
+
+ protected:
+
+ /** \brief The URI of the signature file. Unlike Desc.URI, this is
+ * never modified; it is used to determine the file that is being
+ * downloaded.
+ */
+ std::string RealURI;
+
+ /** \brief The file we need to verify */
+ std::string MetaIndexFile;
+
+ /** \brief The file we use to verify the MetaIndexFile with */
+ std::string MetaIndexFileSignature;
+
+ /** \brief Long URI description used in the acquire system */
+ std::string URIDesc;
+
+ /** \brief Short URI description used in the acquire system */
+ std::string ShortDesc;
+
+ public:
+
+ // Specialized action members
+ virtual void Failed(std::string Message,pkgAcquire::MethodConfig *Cnf);
+ virtual void Done(std::string Message,unsigned long long Size,
+ HashStringList const &Hashes,
+ pkgAcquire::MethodConfig *Cnf);
+#if APT_PKG_ABI >= 413
+ virtual std::string Custom600Headers() const;
+#else
+ virtual std::string Custom600Headers();
+#endif
+ virtual std::string DescURI() {return RealURI; };
+
+ /** \brief Create a new pkgAcqMetaSig. */
+ pkgAcqMetaSig(pkgAcquire *Owner,
+ pkgAcqMetaBase *TransactionManager,
+ std::string URI,std::string URIDesc, std::string ShortDesc,
+ std::string MetaIndexFile,
+ const std::vector<IndexTarget*>* IndexTargets,
+ indexRecords* MetaIndexParser);
+ virtual ~pkgAcqMetaSig();
+};
+ /*}}}*/
+/** \brief An item that is responsible for downloading the meta-index {{{
+ * file (i.e., Release) itself and verifying its signature.
+ *
+ * Once the download and verification are complete, the downloads of
+ * the individual index files are queued up using pkgAcqDiffIndex.
+ * If the meta-index file had a valid signature, the expected hashsums
+ * of the index files will be the md5sums listed in the meta-index;
+ * otherwise, the expected hashsums will be "" (causing the
+ * authentication of the index files to be bypassed).
+ */
+class APT_HIDDEN pkgAcqMetaIndex : public pkgAcqMetaBase
+{
+ void *d;
+
+ protected:
+ /** \brief The URI that is actually being downloaded; never
+ * modified by pkgAcqMetaIndex.
+ */
+ std::string RealURI;
+
+ std::string URIDesc;
+ std::string ShortDesc;