* SECURITY UPDATE: InRelease verification bypass

[apt.git] / apt-pkg / deb / debmetaindex.cc

diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index bcc617da7053524ab19bd87de30b39d29b453498..6c191fd953e2c61ccd0ecf63ec0278fc39b6acf3 100644 (file)
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -236,16 +236,23 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
         new pkgAcqIndex(Owner, (*Target)->URI, (*Target)->Description,
                         (*Target)->ShortDesc, HashString());
       }
+
+      // this is normally created in pkgAcqMetaSig, but if we run
+      // in --print-uris mode, we add it here
+      new pkgAcqMetaIndex(Owner, MetaIndexURI("Release"),
+                         MetaIndexInfo("Release"), "Release",
+                         MetaIndexURI("Release.gpg"),
+                         ComputeIndexTargets(),
+                         new indexRecords (Dist));
    }
 
-       new pkgAcqMetaClearSig(Owner, MetaIndexURI("InRelease"),
-               MetaIndexInfo("InRelease"), "InRelease",
-               MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
-               MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
-               ComputeIndexTargets(),
-               new indexRecords (Dist));
+   new pkgAcqMetaSig(Owner, MetaIndexURI("Release.gpg"),
+                    MetaIndexInfo("Release.gpg"), "Release.gpg",
+                    MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
+                    ComputeIndexTargets(),
+                    new indexRecords (Dist));
 
-       return true;
+   return true;
 }
 
 void debReleaseIndex::SetTrusted(bool const Trusted)