X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/844c95355601bdbc1b6c0b344533c3376b27aa8b..0977f81757f42889a9edb761061529041afe0a06:/apt-pkg/acquire-item.cc?ds=sidebyside diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 65c260f3a..5187738e9 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -215,7 +215,11 @@ bool pkgAcquire::Item::Rename(string From,string To) void pkgAcquire::Item::QueueURI(ItemDesc &Item) { if (RealFileExists(DestFile)) - ChangeOwnerAndPermissionOfFile("GetPartialFileName", DestFile.c_str(), "_apt", "root", 0600); + { + std::string SandboxUser = _config->Find("APT::Sandbox::User"); + ChangeOwnerAndPermissionOfFile("GetPartialFileName", DestFile.c_str(), + SandboxUser.c_str(), "root", 0600); + } Owner->Enqueue(Item); } void pkgAcquire::Item::Dequeue() @@ -1284,6 +1288,11 @@ void pkgAcqIndex::ReverifyAfterIMS() // a reverify (as its uncompressed on disk already) DestFile = GetPartialFileNameFromURI(RealURI); + // do not reverify cdrom sources as apt-cdrom may rewrite the Packages + // file when its doing the indexcopy + if (RealURI.substr(0,6) == "cdrom:") + return; + // adjust DestFile if its compressed on disk if (_config->FindB("Acquire::GzipIndexes",false) == true) DestFile += '.' + CurrentCompressionExtension; @@ -1394,11 +1403,6 @@ void pkgAcqIndex::StageDownloadDone(string Message, // on if-modfied-since hit to avoid a stale attack against us if(StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) { - // do not reverify cdrom sources as apt-cdrom may rewrite the Packages - // file when its doing the indexcopy - if (RealURI.substr(0,6) == "cdrom:") - return; - // The files timestamp matches, reverify by copy into partial/ EraseFileName = ""; ReverifyAfterIMS(); @@ -1482,10 +1486,6 @@ pkgAcqIndexTrans::pkgAcqIndexTrans(pkgAcquire *Owner, indexRecords *MetaIndexParser) : pkgAcqIndex(Owner, TransactionManager, Target, ExpectedHashes, MetaIndexParser) { - // load the filesize - indexRecords::checkSum *Record = MetaIndexParser->Lookup(string(Target->MetaKey)); - if(Record) - FileSize = Record->Size; } /*}}}*/ // AcqIndexTrans::Custom600Headers - Insert custom request headers /*{{{*/ @@ -1766,6 +1766,10 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ return; } } + else + _error->Warning(_("The data from '%s' is not signed. Packages " + "from that repository can not be authenticated."), + URIDesc.c_str()); // this ensures that any file in the lists/ dir is removed by the // transaction @@ -1773,7 +1777,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ TransactionManager->TransactionStageRemoval(this, DestFile); // only allow going further if the users explicitely wants it - if(_config->FindB("Acquire::AllowInsecureRepositories") == true) + if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) { // we parse the indexes here because at this point the user wanted // a repository that may potentially harm him @@ -1782,7 +1786,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ } else { - _error->Warning("Use --allow-insecure-repositories to force the update"); + _error->Error("Use --allow-insecure-repositories to force the update"); } Item::Failed(Message,Cnf); @@ -2151,7 +2155,7 @@ void pkgAcqMetaIndex::Failed(string Message, // No Release file was present so fall // back to queueing Packages files without verification // only allow going further if the users explicitely wants it - if(_config->FindB("Acquire::AllowInsecureRepositories") == true) + if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) { // Done, queue for rename on transaction finished if (FileExists(DestFile)) @@ -2161,7 +2165,7 @@ void pkgAcqMetaIndex::Failed(string Message, QueueIndexes(false); } else { // warn if the repository is unsinged - _error->Warning("Use --allow-insecure-repositories to force the update"); + _error->Error("Use --allow-insecure-repositories to force the update"); TransactionManager->AbortTransaction(); Status = StatError; return; @@ -2275,7 +2279,7 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /* // No Release file was present, or verification failed, so fall // back to queueing Packages files without verification // only allow going further if the users explicitely wants it - if(_config->FindB("Acquire::AllowInsecureRepositories") == true) + if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) { Status = StatDone; @@ -2298,7 +2302,7 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /* QueueIndexes(false); } else { // warn if the repository is unsigned - _error->Warning("Use --allow-insecure-repositories to force the update"); + _error->Error("Use --allow-insecure-repositories to force the update"); TransactionManager->AbortTransaction(); Status = StatError; } @@ -2482,7 +2486,8 @@ bool pkgAcqArchive::QueueNext() else { PartialSize = Buf.st_size; - ChangeOwnerAndPermissionOfFile("pkgAcqArchive::QueueNext", DestFile.c_str(), "_apt", "root", 0600); + std::string SandboxUser = _config->Find("APT::Sandbox::User"); + ChangeOwnerAndPermissionOfFile("pkgAcqArchive::QueueNext",DestFile.c_str(), SandboxUser.c_str(), "root", 0600); } } @@ -2650,7 +2655,8 @@ pkgAcqFile::pkgAcqFile(pkgAcquire *Owner,string URI, HashStringList const &Hashe else { PartialSize = Buf.st_size; - ChangeOwnerAndPermissionOfFile("pkgAcqFile", DestFile.c_str(), "_apt", "root", 0600); + std::string SandboxUser = _config->Find("APT::Sandbox::User"); + ChangeOwnerAndPermissionOfFile("pkgAcqFile", DestFile.c_str(), SandboxUser.c_str(), "root", 0600); } }