X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/a4221092e50af0b74040f5b4ee800c78b05fd84e..de81b2e20f80bb5f42034863a9a974c815a45da5:/apt-pkg/acquire-item.cc diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index c63253447..9a6e0af01 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -65,7 +65,7 @@ static void printHashSumComparision(std::string const &URI, HashStringList const std::cerr << "\t- " << hs->toStr() << std::endl; } /*}}}*/ -static void ChangeOwnerAndPermissionOfFile(char const * const requester, char const * const file, char const * const user, char const * const group, mode_t const mode) +static void ChangeOwnerAndPermissionOfFile(char const * const requester, char const * const file, char const * const user, char const * const group, mode_t const mode) /*{{{*/ { // ensure the file is owned by root and has good permissions struct passwd const * const pw = getpwnam(user); @@ -78,16 +78,46 @@ static void ChangeOwnerAndPermissionOfFile(char const * const requester, char co if (chmod(file, mode) != 0) _error->WarningE(requester, "chmod 0%o of file %s failed", mode, file); } -static std::string GetPartialFileName(std::string const &file) + /*}}}*/ +static std::string GetPartialFileName(std::string const &file) /*{{{*/ { std::string DestFile = _config->FindDir("Dir::State::lists") + "partial/"; DestFile += file; return DestFile; } -static std::string GetPartialFileNameFromURI(std::string const &uri) + /*}}}*/ +static std::string GetPartialFileNameFromURI(std::string const &uri) /*{{{*/ { return GetPartialFileName(URItoFileName(uri)); } + /*}}}*/ +static std::string GetCompressedFileName(std::string const &URI, std::string const &Name, std::string const &Ext) /*{{{*/ +{ + if (Ext.empty() || Ext == "uncompressed") + return Name; + + // do not reverify cdrom sources as apt-cdrom may rewrite the Packages + // file when its doing the indexcopy + if (URI.substr(0,6) == "cdrom:") + return Name; + + // adjust DestFile if its compressed on disk + if (_config->FindB("Acquire::GzipIndexes",false) == true) + return Name + '.' + Ext; + return Name; +} + /*}}}*/ +static bool AllowInsecureRepositories(indexRecords const * const MetaIndexParser, pkgAcqMetaBase * const TransactionManager, pkgAcquire::Item * const I) /*{{{*/ +{ + if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) + return true; + + _error->Error(_("Use --allow-insecure-repositories to force the update")); + TransactionManager->AbortTransaction(); + I->Status = pkgAcquire::Item::StatError; + return false; +} + /*}}}*/ // Acquire::Item::Item - Constructor /*{{{*/ @@ -211,22 +241,22 @@ bool pkgAcquire::Item::Rename(string From,string To) return true; } /*}}}*/ - -void pkgAcquire::Item::QueueURI(ItemDesc &Item) +void pkgAcquire::Item::QueueURI(ItemDesc &Item) /*{{{*/ { if (RealFileExists(DestFile)) { std::string SandboxUser = _config->Find("APT::Sandbox::User"); - ChangeOwnerAndPermissionOfFile("GetPartialFileName", DestFile.c_str(), + ChangeOwnerAndPermissionOfFile("Item::QueueURI", DestFile.c_str(), SandboxUser.c_str(), "root", 0600); } Owner->Enqueue(Item); } -void pkgAcquire::Item::Dequeue() + /*}}}*/ +void pkgAcquire::Item::Dequeue() /*{{{*/ { Owner->Dequeue(this); } - + /*}}}*/ bool pkgAcquire::Item::RenameOnError(pkgAcquire::Item::RenameOnErrorState const error)/*{{{*/ { if(FileExists(DestFile)) @@ -1276,9 +1306,7 @@ std::string pkgAcqIndex::GetFinalFilename() const { std::string FinalFile = _config->FindDir("Dir::State::lists"); FinalFile += URItoFileName(RealURI); - if (_config->FindB("Acquire::GzipIndexes",false) == true) - FinalFile += '.' + CurrentCompressionExtension; - return FinalFile; + return GetCompressedFileName(RealURI, FinalFile, CurrentCompressionExtension); } /*}}}*/ // AcqIndex::ReverifyAfterIMS - Reverify index after an ims-hit /*{{{*/ @@ -1286,11 +1314,7 @@ void pkgAcqIndex::ReverifyAfterIMS() { // update destfile to *not* include the compression extension when doing // a reverify (as its uncompressed on disk already) - DestFile = GetPartialFileNameFromURI(RealURI); - - // adjust DestFile if its compressed on disk - if (_config->FindB("Acquire::GzipIndexes",false) == true) - DestFile += '.' + CurrentCompressionExtension; + DestFile = GetCompressedFileName(RealURI, GetPartialFileNameFromURI(RealURI), CurrentCompressionExtension); // copy FinalFile into partial/ so that we check the hash again string FinalFile = GetFinalFilename(); @@ -1398,11 +1422,6 @@ void pkgAcqIndex::StageDownloadDone(string Message, // on if-modfied-since hit to avoid a stale attack against us if(StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) { - // do not reverify cdrom sources as apt-cdrom may rewrite the Packages - // file when its doing the indexcopy - if (RealURI.substr(0,6) == "cdrom:") - return; - // The files timestamp matches, reverify by copy into partial/ EraseFileName = ""; ReverifyAfterIMS(); @@ -1551,7 +1570,12 @@ void pkgAcqMetaBase::AbortTransaction() if(FileExists(PartialFile)) Rename(PartialFile, PartialFile + ".FAILED"); } + // fix permissions for existing files which were part of a reverify + // like InRelease files or files in partial we might work with next time + else if (FileExists((*I)->DestFile)) + ChangeOwnerAndPermissionOfFile("AbortTransaction", (*I)->DestFile.c_str(), "root", "root", 0644); } + Transaction.clear(); } /*}}}*/ // AcqMetaBase::TransactionHasError - Check for errors in Transaction /*{{{*/ @@ -1598,6 +1622,7 @@ void pkgAcqMetaBase::CommitTransaction() // mark that this transaction is finished (*I)->TransactionManager = 0; } + Transaction.clear(); } /*}}}*/ // AcqMetaBase::TransactionStageCopy - Stage a file for copying /*{{{*/ @@ -1777,16 +1802,12 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ TransactionManager->TransactionStageRemoval(this, DestFile); // only allow going further if the users explicitely wants it - if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) + if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true) { // we parse the indexes here because at this point the user wanted // a repository that may potentially harm him MetaIndexParser->Load(MetaIndexFile); QueueIndexes(true); - } - else - { - _error->Error("Use --allow-insecure-repositories to force the update"); } Item::Failed(Message,Cnf); @@ -2155,7 +2176,7 @@ void pkgAcqMetaIndex::Failed(string Message, // No Release file was present so fall // back to queueing Packages files without verification // only allow going further if the users explicitely wants it - if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) + if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true) { // Done, queue for rename on transaction finished if (FileExists(DestFile)) @@ -2163,12 +2184,6 @@ void pkgAcqMetaIndex::Failed(string Message, // queue without any kind of hashsum support QueueIndexes(false); - } else { - // warn if the repository is unsinged - _error->Error("Use --allow-insecure-repositories to force the update"); - TransactionManager->AbortTransaction(); - Status = StatError; - return; } } /*}}}*/ @@ -2279,7 +2294,7 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /* // No Release file was present, or verification failed, so fall // back to queueing Packages files without verification // only allow going further if the users explicitely wants it - if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) + if(AllowInsecureRepositories(MetaIndexParser, TransactionManager, this) == true) { Status = StatDone; @@ -2300,11 +2315,6 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /* TransactionManager->TransactionStageCopy(this, DestFile, FinalFile); } QueueIndexes(false); - } else { - // warn if the repository is unsigned - _error->Error("Use --allow-insecure-repositories to force the update"); - TransactionManager->AbortTransaction(); - Status = StatError; } } }