X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/3d1e34b0be262a611ae91a2c24b0f99de9671faf..2837a71877c0f5c1aca8f70e30130018bc53acac:/apt-pkg/acquire-item.cc diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index b5478e9a7..7f31d1449 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -153,12 +153,12 @@ static bool MessageInsecureRepository(bool const isError, std::string const &msg if (isError) { _error->Error("%s", msg.c_str()); - _error->Notice("%s", _("Updating such a repository securily is impossible and therefore disabled by default.")); + _error->Notice("%s", _("Updating from such a repository can't be done securely, and is therefore disabled by default.")); } else { _error->Warning("%s", msg.c_str()); - _error->Notice("%s", _("Data from such a repository can not be authenticated and is therefore potentially dangerous to use.")); + _error->Notice("%s", _("Data from such a repository can't be authenticated and is therefore potentially dangerous to use.")); } _error->Notice("%s", _("See apt-secure(8) manpage for repository creation and user configuration details.")); return false; @@ -213,7 +213,7 @@ APT_CONST bool pkgAcqTransactionItem::HashesRequired() const Only repositories without a Release file can (obviously) not have hashes – and they are very uncommon and strongly discouraged */ return TransactionManager->MetaIndexParser != NULL && - TransactionManager->MetaIndexParser->GetLoadedSuccessfully() != metaIndex::TRI_UNSET; + TransactionManager->MetaIndexParser->GetLoadedSuccessfully() == metaIndex::TRI_YES; } HashStringList pkgAcqTransactionItem::GetExpectedHashes() const { @@ -397,7 +397,7 @@ bool pkgAcqTransactionItem::TransactionState(TransactionStates const state) } else { if(Debug == true) std::clog << "rm " << DestFile << " # " << DescURI() << std::endl; - unlink(DestFile.c_str()); + RemoveFile("TransactionCommit", DestFile); } break; } @@ -423,12 +423,12 @@ bool pkgAcqIndex::TransactionState(TransactionStates const state) // keep the compressed file, but drop the decompressed EraseFileName.clear(); if (PartialFile.empty() == false && flExtension(PartialFile) == "decomp") - unlink(PartialFile.c_str()); + RemoveFile("TransactionAbort", PartialFile); } break; case TransactionCommit: if (EraseFileName.empty() == false) - unlink(EraseFileName.c_str()); + RemoveFile("TransactionCommit", EraseFileName); break; } return true; @@ -444,7 +444,7 @@ bool pkgAcqDiffIndex::TransactionState(TransactionStates const state) break; case TransactionAbort: std::string const Partial = GetPartialFileNameFromURI(Target.URI); - unlink(Partial.c_str()); + RemoveFile("TransactionAbort", Partial); break; } @@ -938,7 +938,7 @@ bool pkgAcqMetaBase::CheckDownloadDone(pkgAcqTransactionItem * const I, const st if (RealFileExists(FinalFile) && Hashes.VerifyFile(FinalFile) == true) { IMSHit = true; - unlink(I->DestFile.c_str()); + RemoveFile("CheckDownloadDone", I->DestFile); } } @@ -1036,6 +1036,16 @@ void pkgAcqMetaBase::QueueIndexes(bool const verify) /*{{{*/ Target != IndexTargets.end(); ++Target) { + // all is an implementation detail. Users shouldn't use this as arch + // We need this support trickery here as e.g. Debian has binary-all files already, + // but arch:all packages are still in the arch:any files, so we would waste precious + // download time, bandwidth and diskspace for nothing, BUT Debian doesn't feature all + // in the set of supported architectures, so we can filter based on this property rather + // than invent an entirely new flag we would need to carry for all of eternity. + if (Target->Option(IndexTarget::ARCHITECTURE) == "all" && + TransactionManager->MetaIndexParser->IsArchitectureSupported("all") == false) + continue; + bool trypdiff = Target->OptionBool(IndexTarget::PDIFFS); if (verify == true) { @@ -1045,10 +1055,36 @@ void pkgAcqMetaBase::QueueIndexes(bool const verify) /*{{{*/ if (Target->IsOptional) continue; + std::string const &arch = Target->Option(IndexTarget::ARCHITECTURE); + if (arch.empty() == false) + { + if (TransactionManager->MetaIndexParser->IsArchitectureSupported(arch) == false) + { + _error->Notice(_("Skipping acquire of configured file '%s' as repository '%s' doesn't support architecture '%s'"), + Target->MetaKey.c_str(), TransactionManager->Target.Description.c_str(), arch.c_str()); + continue; + } + // if the architecture is officially supported but currently no packages for it available, + // ignore silently as this is pretty much the same as just shipping an empty file. + // if we don't know which architectures are supported, we do NOT ignore it to notify user about this + if (TransactionManager->MetaIndexParser->IsArchitectureSupported("*undefined*") == false) + continue; + } + Status = StatAuthError; strprintf(ErrorText, _("Unable to find expected entry '%s' in Release file (Wrong sources.list entry or malformed file)"), Target->MetaKey.c_str()); return; } + else + { + auto const hashes = GetExpectedHashesFor(Target->MetaKey); + if (hashes.usable() == false && hashes.empty() == false) + { + _error->Warning(_("Skipping acquire of configured file '%s' as repository '%s' provides only weak security information for it"), + Target->MetaKey.c_str(), TransactionManager->Target.Description.c_str()); + continue; + } + } // autoselect the compression method std::vector types = VectorizeString(Target->Option(IndexTarget::COMPRESSIONTYPES), ' '); @@ -1219,7 +1255,7 @@ bool pkgAcqMetaBase::VerifyVendor(string const &Message) /*{{{*/ TransactionManager->LastMetaIndexParser->GetDate() > TransactionManager->MetaIndexParser->GetDate()) { TransactionManager->IMSHit = true; - unlink(DestFile.c_str()); + RemoveFile("VerifyVendor", DestFile); PartialFile = DestFile = GetFinalFilename(); // load the 'old' file in the 'new' one instead of flipping pointers as // the new one isn't owned by us, while the old one is so cleanup would be confused. @@ -1365,7 +1401,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c // No Release file was present, or verification failed, so fall // back to queueing Packages files without verification - // only allow going further if the users explicitely wants it + // only allow going further if the user explicitly wants it if(AllowInsecureRepositories(_("The repository '%s' is not signed."), ClearsignedTarget.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) { Status = StatDone; @@ -1463,7 +1499,7 @@ void pkgAcqMetaIndex::Failed(string const &Message, // No Release file was present so fall // back to queueing Packages files without verification - // only allow going further if the users explicitely wants it + // only allow going further if the user explicitly wants it if(AllowInsecureRepositories(_("The repository '%s' does not have a Release file."), Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) { // ensure old Release files are removed @@ -1502,7 +1538,7 @@ pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire * const Owner, // remove any partial downloaded sig-file in partial/. // it may confuse proxies and is too small to warrant a // partial download anyway - unlink(DestFile.c_str()); + RemoveFile("pkgAcqMetaSig", DestFile); // set the TransactionManager if(_config->FindB("Debug::Acquire::Transaction", false) == true) @@ -1614,7 +1650,7 @@ void pkgAcqMetaSig::Failed(string const &Message,pkgAcquire::MethodConfig const // ensures that a Release.gpg file in the lists/ is removed by the transaction TransactionManager->TransactionStageRemoval(this, DestFile); - // only allow going further if the users explicitely wants it + // only allow going further if the user explicitly wants it if (AllowInsecureRepositories(_("The repository '%s' is not signed."), MetaIndex->Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) { if (RealFileExists(FinalReleasegpg) || RealFileExists(FinalInRelease)) @@ -1643,10 +1679,11 @@ void pkgAcqMetaSig::Failed(string const &Message,pkgAcquire::MethodConfig const // we parse the indexes here because at this point the user wanted // a repository that may potentially harm him - if (TransactionManager->MetaIndexParser->Load(MetaIndex->DestFile, &ErrorText) == false || MetaIndex->VerifyVendor(Message) == false) + bool const GoodLoad = TransactionManager->MetaIndexParser->Load(MetaIndex->DestFile, &ErrorText); + if (MetaIndex->VerifyVendor(Message) == false) /* expired Release files are still a problem you need extra force for */; else - MetaIndex->QueueIndexes(true); + MetaIndex->QueueIndexes(GoodLoad); TransactionManager->TransactionStageCopy(MetaIndex, MetaIndex->DestFile, MetaIndex->GetFinalFilename()); } @@ -1704,6 +1741,9 @@ pkgAcqDiffIndex::pkgAcqDiffIndex(pkgAcquire * const Owner, /* The only header we use is the last-modified header. */ string pkgAcqDiffIndex::Custom600Headers() const { + if (TransactionManager->LastMetaIndexParser != NULL) + return "\nIndex-File: true"; + string const Final = GetFinalFilename(); if(Debug) @@ -1807,10 +1847,18 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string const &IndexDiffFile) /*{{{*/ std::clog << "Server-Current: " << ServerHashes.find(NULL)->toStr() << " and we start at " << CurrentPackagesFile << " " << LocalHashes.FileSize() << " " << LocalHashes.find(NULL)->toStr() << std::endl; + // historically, older hashes have more info than newer ones, so start + // collecting with older ones first to avoid implementing complicated + // information merging techniques… a failure is after all always + // recoverable with a complete file and hashes aren't changed that often. + std::vector types; + for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type) + types.push_back(*type); + // parse all of (provided) history vector available_patches; bool firstAcceptedHashes = true; - for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type) + for (auto type = types.crbegin(); type != types.crend(); ++type) { if (LocalHashes.find(*type) == NULL) continue; @@ -1868,7 +1916,7 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string const &IndexDiffFile) /*{{{*/ return false; } - for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type) + for (auto type = types.crbegin(); type != types.crend(); ++type) { if (LocalHashes.find(*type) == NULL) continue; @@ -1908,7 +1956,7 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string const &IndexDiffFile) /*{{{*/ } } - for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type) + for (auto type = types.crbegin(); type != types.crend(); ++type) { std::string tagname = *type; tagname.append("-Download"); @@ -2211,14 +2259,10 @@ bool pkgAcqIndexDiffs::QueueNextDiff() /*{{{*/ // remove all patches until the next matching patch is found // this requires the Index file to be ordered - for(vector::iterator I = available_patches.begin(); - available_patches.empty() == false && - I != available_patches.end() && - I->result_hashes != LocalHashes; - ++I) - { - available_patches.erase(I); - } + available_patches.erase(available_patches.begin(), + std::find_if(available_patches.begin(), available_patches.end(), [&](DiffInfo const &I) { + return I.result_hashes == LocalHashes; + })); // error checking and falling back if no patch was found if(available_patches.empty() == true) @@ -2272,7 +2316,7 @@ void pkgAcqIndexDiffs::Done(string const &Message, HashStringList const &Hashes, { // remove the just applied patch available_patches.erase(available_patches.begin()); - unlink(PatchFile.c_str()); + RemoveFile("pkgAcqIndexDiffs::Done", PatchFile); // move into place if(Debug) @@ -2424,9 +2468,9 @@ void pkgAcqIndexMergeDiffs::Done(string const &Message, HashStringList const &Ha { std::string const PartialFile = GetKeepCompressedFileName(GetPartialFileNameFromURI(Target.URI), Target); std::string const patch = GetMergeDiffsPatchFileName(PartialFile, (*I)->patch.file); - unlink(patch.c_str()); + RemoveFile("pkgAcqIndexMergeDiffs::Done", patch); } - unlink(FinalFile.c_str()); + RemoveFile("pkgAcqIndexMergeDiffs::Done", FinalFile); // all set and done Complete = true; @@ -2543,12 +2587,17 @@ void pkgAcqIndex::Init(string const &URI, string const &URIDesc, /* The only header we use is the last-modified header. */ string pkgAcqIndex::Custom600Headers() const { - string Final = GetFinalFilename(); string msg = "\nIndex-File: true"; - struct stat Buf; - if (stat(Final.c_str(),&Buf) == 0) - msg += "\nLast-Modified: " + TimeRFC1123(Buf.st_mtime); + + if (TransactionManager->LastMetaIndexParser == NULL) + { + std::string const Final = GetFinalFilename(); + + struct stat Buf; + if (stat(Final.c_str(),&Buf) == 0) + msg += "\nLast-Modified: " + TimeRFC1123(Buf.st_mtime); + } if(Target.IsOptional) msg += "\nFail-Ignore: true"; @@ -2853,7 +2902,7 @@ bool pkgAcqArchive::QueueNext() /* Hmm, we have a file and its size does not match, this means it is an old style mismatched arch */ - unlink(FinalFile.c_str()); + RemoveFile("pkgAcqArchive::QueueNext", FinalFile); } // Check it again using the new style output filenames @@ -2872,7 +2921,7 @@ bool pkgAcqArchive::QueueNext() /* Hmm, we have a file and its size does not match, this shouldn't happen.. */ - unlink(FinalFile.c_str()); + RemoveFile("pkgAcqArchive::QueueNext", FinalFile); } DestFile = _config->FindDir("Dir::Cache::Archives") + "partial/" + flNotDir(StoreFilename); @@ -2882,7 +2931,7 @@ bool pkgAcqArchive::QueueNext() { // Hmm, the partial file is too big, erase it if ((unsigned long long)Buf.st_size > Version->Size) - unlink(DestFile.c_str()); + RemoveFile("pkgAcqArchive::QueueNext", DestFile); else PartialSize = Buf.st_size; } @@ -3147,7 +3196,7 @@ std::string pkgAcqChangelog::URI(std::string const &Template, char const * const Component, char const * const SrcName, char const * const SrcVersion) { - if (Template.find("CHANGEPATH") == std::string::npos) + if (Template.find("@CHANGEPATH@") == std::string::npos) return ""; // the path is: COMPONENT/SRC/SRCNAME/SRCNAME_SRCVER, e.g. main/a/apt/1.1 or contrib/liba/libapt/2.0 @@ -3159,7 +3208,7 @@ std::string pkgAcqChangelog::URI(std::string const &Template, if (Component != NULL && strlen(Component) != 0) path = std::string(Component) + "/" + path; - return SubstVar(Template, "CHANGEPATH", path); + return SubstVar(Template, "@CHANGEPATH@", path); } /*}}}*/ // AcqChangelog::Failed - Failure handler /*{{{*/ @@ -3192,7 +3241,7 @@ pkgAcqChangelog::~pkgAcqChangelog() /*{{{*/ { if (TemporaryDirectory.empty() == false) { - unlink(DestFile.c_str()); + RemoveFile("~pkgAcqChangelog", DestFile); rmdir(TemporaryDirectory.c_str()); } } @@ -3229,7 +3278,7 @@ pkgAcqFile::pkgAcqFile(pkgAcquire * const Owner,string const &URI, HashStringLis { // Hmm, the partial file is too big, erase it if ((Size > 0) && (unsigned long long)Buf.st_size > Size) - unlink(DestFile.c_str()); + RemoveFile("pkgAcqFile", DestFile); else PartialSize = Buf.st_size; } @@ -3267,7 +3316,7 @@ void pkgAcqFile::Done(string const &Message,HashStringList const &CalcHashes, if (lstat(DestFile.c_str(),&St) == 0) { if (S_ISLNK(St.st_mode) != 0) - unlink(DestFile.c_str()); + RemoveFile("pkgAcqFile::Done", DestFile); } // Symlink the file