X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/61aea84df918a4257ea1233e48e5860529ecfc9b..1d970e6ce97385ed719a1ca169ec5cc7bfb82fea:/apt-pkg/acquire-item.cc diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index b61a1d833..3c66369cf 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1576,7 +1576,7 @@ pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner, ShortDesc(ShortDesc) { DestFile = _config->FindDir("Dir::State::lists") + "partial/"; - DestFile += URItoFileName(URI); + DestFile += URItoFileName(RealURI); // remove any partial downloaded sig-file in partial/. // it may confuse proxies and is too small to warrant a @@ -1625,68 +1625,65 @@ void pkgAcqMetaSig::Done(string Message,unsigned long long Size, { Item::Done(Message, Size, Hashes, Cfg); - string FileName = LookupTag(Message,"Filename"); - if (FileName.empty() == true) + if(AuthPass == false) { - Status = StatError; - ErrorText = "Method gave a blank filename"; - return; - } + // queue for verify, note that we change DestFile here to point to + // the file we want to verify (needed to make gpgv work) - if (FileName != DestFile) - { - // We have to copy it into place - Local = true; - Desc.URI = "copy:" + FileName; - QueueURI(Desc); - return; - } + string FileName = LookupTag(Message,"Filename"); + if (FileName.empty() == true) + { + Status = StatError; + ErrorText = "Method gave a blank filename"; + return; + } - if(StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) - IMSHit = true; + if (FileName != DestFile) + { + // We have to copy it into place + Local = true; + Desc.URI = "copy:" + FileName; + QueueURI(Desc); + return; + } - // adjust paths if its a ims-hit - if(IMSHit) - { - string FinalFile = _config->FindDir("Dir::State::lists"); - FinalFile += URItoFileName(RealURI); - - TransactionManager->TransactionStageCopy(this, FinalFile, FinalFile); - } + if(StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) + { + IMSHit = true; + // adjust DestFile on i-m-s hit to the one we already have on disk + DestFile = _config->FindDir("Dir::State::lists"); + DestFile += URItoFileName(RealURI); + } + + // this is the file we verify from + MetaIndexFileSignature = DestFile; - // queue for verify - if(AuthPass == false) - { AuthPass = true; - Desc.URI = "gpgv:" + DestFile; + Desc.URI = "gpgv:" + MetaIndexFileSignature; DestFile = MetaIndexFile; QueueURI(Desc); + ActiveSubprocess = "gpgv"; return; } - - // queue to copy the file in place if it was not a ims hit, on ims - // hit the file is already at the right place - if(IMSHit == false) + else { - PartialFile = _config->FindDir("Dir::State::lists") + "partial/"; - PartialFile += URItoFileName(RealURI); - - std::string FinalFile = _config->FindDir("Dir::State::lists"); - FinalFile += URItoFileName(RealURI); - - TransactionManager->TransactionStageCopy(this, PartialFile, FinalFile); - } + // verify was successful - // we parse the MetaIndexFile here because at this point we can - // trust the data - if(AuthPass == true) - { + // we parse the MetaIndexFile here (and not right after getting + // the pkgAcqMetaIndex) because at this point we can trust the data + // // load indexes and queue further downloads MetaIndexParser->Load(MetaIndexFile); QueueIndexes(true); - } - Complete = true; + // DestFile points to the the MetaIndeFile at this point, make it + // point back to the Release.gpg file + std::string FinalFile = _config->FindDir("Dir::State::lists"); + FinalFile += URItoFileName(RealURI); + TransactionManager->TransactionStageCopy(this, MetaIndexFileSignature, FinalFile); + + Complete = true; + } } /*}}}*/ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ @@ -2178,26 +2175,6 @@ void pkgAcqMetaIndex::Failed(string Message, return; } - /* Always move the meta index, even if gpgv failed. This ensures - * that PackageFile objects are correctly filled in */ - if (FileExists(DestFile)) - { - string FinalFile = _config->FindDir("Dir::State::lists"); - FinalFile += URItoFileName(RealURI); - /* InRelease files become Release files, otherwise - * they would be considered as trusted later on */ - if (SigFile == DestFile) { - RealURI = RealURI.replace(RealURI.rfind("InRelease"), 9, - "Release"); - FinalFile = FinalFile.replace(FinalFile.rfind("InRelease"), 9, - "Release"); - SigFile = FinalFile; - } - - // Done, queue for rename on transaction finished - TransactionManager->TransactionStageCopy(this, DestFile, FinalFile); - } - _error->Warning(_("The data from '%s' is not signed. Packages " "from that repository can not be authenticated."), URIDesc.c_str()); @@ -2207,11 +2184,35 @@ void pkgAcqMetaIndex::Failed(string Message, // only allow going further if the users explicitely wants it if(_config->FindB("Acquire::AllowInsecureRepositories") == true) { + /* Always move the meta index, even if gpgv failed. This ensures + * that PackageFile objects are correctly filled in */ + if (FileExists(DestFile)) + { + string FinalFile = _config->FindDir("Dir::State::lists"); + FinalFile += URItoFileName(RealURI); + /* InRelease files become Release files, otherwise + * they would be considered as trusted later on */ + if (SigFile == DestFile) { + RealURI = RealURI.replace(RealURI.rfind("InRelease"), 9, + "Release"); + FinalFile = FinalFile.replace(FinalFile.rfind("InRelease"), 9, + "Release"); + SigFile = FinalFile; + } + + // Done, queue for rename on transaction finished + TransactionManager->TransactionStageCopy(this, DestFile, FinalFile); + } + QueueIndexes(false); } else { // warn if the repository is unsinged _error->Warning("Use --allow-insecure-repositories to force the update"); + TransactionManager->AbortTransaction(); + Status = StatError; + return; } + } /*}}}*/