X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/abd6af5a1ce2c20a5742c5c3182dfadce10367ca..0c93e388d417ab03f2857903bb5791f4312cdbd0:/apt-pkg/acquire-item.cc diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 6444a21b3..7f31d1449 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -153,12 +153,12 @@ static bool MessageInsecureRepository(bool const isError, std::string const &msg if (isError) { _error->Error("%s", msg.c_str()); - _error->Notice("%s", _("Updating such a repository securily is impossible and therefore disabled by default.")); + _error->Notice("%s", _("Updating from such a repository can't be done securely, and is therefore disabled by default.")); } else { _error->Warning("%s", msg.c_str()); - _error->Notice("%s", _("Data from such a repository can not be authenticated and is therefore potentially dangerous to use.")); + _error->Notice("%s", _("Data from such a repository can't be authenticated and is therefore potentially dangerous to use.")); } _error->Notice("%s", _("See apt-secure(8) manpage for repository creation and user configuration details.")); return false; @@ -1075,6 +1075,16 @@ void pkgAcqMetaBase::QueueIndexes(bool const verify) /*{{{*/ strprintf(ErrorText, _("Unable to find expected entry '%s' in Release file (Wrong sources.list entry or malformed file)"), Target->MetaKey.c_str()); return; } + else + { + auto const hashes = GetExpectedHashesFor(Target->MetaKey); + if (hashes.usable() == false && hashes.empty() == false) + { + _error->Warning(_("Skipping acquire of configured file '%s' as repository '%s' provides only weak security information for it"), + Target->MetaKey.c_str(), TransactionManager->Target.Description.c_str()); + continue; + } + } // autoselect the compression method std::vector types = VectorizeString(Target->Option(IndexTarget::COMPRESSIONTYPES), ' '); @@ -1391,7 +1401,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c // No Release file was present, or verification failed, so fall // back to queueing Packages files without verification - // only allow going further if the users explicitely wants it + // only allow going further if the user explicitly wants it if(AllowInsecureRepositories(_("The repository '%s' is not signed."), ClearsignedTarget.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) { Status = StatDone; @@ -1489,7 +1499,7 @@ void pkgAcqMetaIndex::Failed(string const &Message, // No Release file was present so fall // back to queueing Packages files without verification - // only allow going further if the users explicitely wants it + // only allow going further if the user explicitly wants it if(AllowInsecureRepositories(_("The repository '%s' does not have a Release file."), Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) { // ensure old Release files are removed @@ -1640,7 +1650,7 @@ void pkgAcqMetaSig::Failed(string const &Message,pkgAcquire::MethodConfig const // ensures that a Release.gpg file in the lists/ is removed by the transaction TransactionManager->TransactionStageRemoval(this, DestFile); - // only allow going further if the users explicitely wants it + // only allow going further if the user explicitly wants it if (AllowInsecureRepositories(_("The repository '%s' is not signed."), MetaIndex->Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) { if (RealFileExists(FinalReleasegpg) || RealFileExists(FinalInRelease)) @@ -1837,10 +1847,18 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string const &IndexDiffFile) /*{{{*/ std::clog << "Server-Current: " << ServerHashes.find(NULL)->toStr() << " and we start at " << CurrentPackagesFile << " " << LocalHashes.FileSize() << " " << LocalHashes.find(NULL)->toStr() << std::endl; + // historically, older hashes have more info than newer ones, so start + // collecting with older ones first to avoid implementing complicated + // information merging techniques… a failure is after all always + // recoverable with a complete file and hashes aren't changed that often. + std::vector types; + for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type) + types.push_back(*type); + // parse all of (provided) history vector available_patches; bool firstAcceptedHashes = true; - for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type) + for (auto type = types.crbegin(); type != types.crend(); ++type) { if (LocalHashes.find(*type) == NULL) continue; @@ -1898,7 +1916,7 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string const &IndexDiffFile) /*{{{*/ return false; } - for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type) + for (auto type = types.crbegin(); type != types.crend(); ++type) { if (LocalHashes.find(*type) == NULL) continue; @@ -1938,7 +1956,7 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string const &IndexDiffFile) /*{{{*/ } } - for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type) + for (auto type = types.crbegin(); type != types.crend(); ++type) { std::string tagname = *type; tagname.append("-Download"); @@ -3178,7 +3196,7 @@ std::string pkgAcqChangelog::URI(std::string const &Template, char const * const Component, char const * const SrcName, char const * const SrcVersion) { - if (Template.find("CHANGEPATH") == std::string::npos) + if (Template.find("@CHANGEPATH@") == std::string::npos) return ""; // the path is: COMPONENT/SRC/SRCNAME/SRCNAME_SRCVER, e.g. main/a/apt/1.1 or contrib/liba/libapt/2.0 @@ -3190,7 +3208,7 @@ std::string pkgAcqChangelog::URI(std::string const &Template, if (Component != NULL && strlen(Component) != 0) path = std::string(Component) + "/" + path; - return SubstVar(Template, "CHANGEPATH", path); + return SubstVar(Template, "@CHANGEPATH@", path); } /*}}}*/ // AcqChangelog::Failed - Failure handler /*{{{*/