all tests pass

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index fcfdd50ea214ae2056e8f83f5ff7b25bcf1f7993..c3b6f0e6ad51727e4c8c460ef510705c75dd8335 100644 (file)
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1487,6 +1487,36 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
    DestFile += URItoFileName(RealURI);
    PartialFile = "";
 
    DestFile += URItoFileName(RealURI);
    PartialFile = "";
 

+   // FIXME: duplicated code from pkgAcqMetaIndex
+   if (AuthPass == true)
+   {
+      if(FileExists(Final))
+      {
+        Status = StatTransientNetworkError;
+        _error->Warning(_("An error occurred during the signature "
+                          "verification. The repository is not updated "
+                          "and the previous index files will be used. "
+                          "GPG error: %s: %s\n"),
+                        Desc.Description.c_str(),
+                        LookupTag(Message,"Message").c_str());
+        RunScripts("APT::Update::Auth-Failure");
+        return;
+      } else if (LookupTag(Message,"Message").find("NODATA") != string::npos) {
+        /* Invalid signature file, reject (LP: #346386) (Closes: #627642) */
+        _error->Error(_("GPG error: %s: %s"),
+                        Desc.Description.c_str(),
+                        LookupTag(Message,"Message").c_str());
+         Status = StatError;
+        return;
+      } else {
+        _error->Warning(_("GPG error: %s: %s"),
+                        Desc.Description.c_str(),
+                        LookupTag(Message,"Message").c_str());
+      }
+      // gpgv method failed 
+      ReportMirrorFailure("GPGFailure");
+   }
+

    // FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor
    if (Cnf->LocalOnly == true || 
        StringToBool(LookupTag(Message,"Transient-Failure"),false) == false)
    // FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor
    if (Cnf->LocalOnly == true || 
        StringToBool(LookupTag(Message,"Transient-Failure"),false) == false)


@@ -1871,15 +1901,11 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message)                      /*{{{*/
 void pkgAcqMetaIndex::Failed(string Message,
                              pkgAcquire::MethodConfig * /*Cnf*/)
 {
 void pkgAcqMetaIndex::Failed(string Message,
                              pkgAcquire::MethodConfig * /*Cnf*/)
 {

+   string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+

    if (AuthPass == true)
    {
    if (AuthPass == true)
    {

-      // gpgv method failed, if we have a good signature 
-      string LastGoodSigFile = _config->FindDir("Dir::State::lists");
-      LastGoodSigFile += URItoFileName(RealURI);
-      if (DestFile != SigFile)
-        LastGoodSigFile.append(".gpg");
-
-      if(FileExists(LastGoodSigFile))
+      if(FileExists(Final))

       {
         Status = StatTransientNetworkError;
         _error->Warning(_("An error occurred during the signature "
       {
         Status = StatTransientNetworkError;
         _error->Warning(_("An error occurred during the signature "


@@ -2011,8 +2037,8 @@ void pkgAcqMetaClearSig::Done(std::string Message,unsigned long long Size,
    // Release/Release.gpg, see #346386
    if (FileExists(DestFile) && !StartsWithGPGClearTextSignature(DestFile))
    {
    // Release/Release.gpg, see #346386
    if (FileExists(DestFile) && !StartsWithGPGClearTextSignature(DestFile))
    {

-      //_error->Error(_("Does not start with a clear sign signature"));

       pkgAcquire::Item::Failed(Message, Cnf);
       pkgAcquire::Item::Failed(Message, Cnf);

+      ErrorText = _("Does not start with a cleartext signature");

       return;
    }
    pkgAcqMetaIndex::Done(Message, Size, Hashes, Cnf);
       return;
    }
    pkgAcqMetaIndex::Done(Message, Size, Hashes, Cnf);

diff --git a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
index 8e50843f329cbeca6447c06c18a0b2176acddda8..388c2bfdb31b853eff6b3c7c3dcff1f692221fa7 100755 (executable)
--- a/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
+++ b/test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
@@ -37,8 +37,8 @@ ensure_n_canary_strings_in_dir() {
 
 LISTS='rootdir/var/lib/apt/lists'
 rm -rf rootdir/var/lib/apt/lists
 
 LISTS='rootdir/var/lib/apt/lists'
 rm -rf rootdir/var/lib/apt/lists

-msgtest 'Got expected NODATA failure in' 'apt-get update'
-aptget update -qq 2>&1 | grep -q 'E: GPG error.*NODATA' && msgpass || msgfail
+msgtest 'Got expected failure message' 'apt-get update'
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail

 
 ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
 testequal 'partial' ls $LISTS
 
 ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
 testequal 'partial' ls $LISTS


@@ -48,8 +48,8 @@ for f in Release Release.gpg main_binary-amd64_Packages main_source_Sources; do
     echo 'peng neee-wom' > $LISTS/localhost:8080_dists_stable_${f}
 done
 
     echo 'peng neee-wom' > $LISTS/localhost:8080_dists_stable_${f}
 done
 

-msgtest 'Got expected NODATA failure in' 'apt-get update'
-aptget update -qq 2>&1 | grep -q 'E: GPG error.*NODATA' && msgpass || msgfail
+msgtest 'Got expected failure message in' 'apt-get update'
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail

 
 ensure_n_canary_strings_in_dir $LISTS 'peng neee-wom' 4
 ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
 
 ensure_n_canary_strings_in_dir $LISTS 'peng neee-wom' 4
 ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0


@@ -58,7 +58,7 @@ ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
 echo 'peng neee-wom' > $LISTS/localhost:8080_dists_stable_InRelease
 rm -f $LISTS/localhost:8080_dists_stable_Release $LISTS/localhost:8080_dists_stable_Release.gpg
 msgtest 'excpected failure of' 'apt-get update'
 echo 'peng neee-wom' > $LISTS/localhost:8080_dists_stable_InRelease
 rm -f $LISTS/localhost:8080_dists_stable_Release $LISTS/localhost:8080_dists_stable_Release.gpg
 msgtest 'excpected failure of' 'apt-get update'

-aptget update -qq 2>&1 | grep -q 'E: GPG error.*NODATA' && msgpass || msgfail
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail

 
 ensure_n_canary_strings_in_dir $LISTS 'peng neee-wom' 3
 ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0
 
 ensure_n_canary_strings_in_dir $LISTS 'peng neee-wom' 3
 ensure_n_canary_strings_in_dir $LISTS 'ni ni ni' 0

diff --git a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
index 50ca2bf57666dc7f343570bd1080732fec367a47..09315868bd7a51833bac34ae0a14d5496706d3f9 100755 (executable)
--- a/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
+++ b/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
@@ -28,12 +28,10 @@ MD5Sum:
 done
 
 msgtest 'The unsigned garbage before signed block is' 'ignored'
 done
 
 msgtest 'The unsigned garbage before signed block is' 'ignored'

-testsuccess --nomsg aptget update
+aptget update -qq 2>&1 | grep -q 'W:.*Does not start with a cleartext signature' && msgpass || msgfail

 
 ROOTDIR="$(readlink -f .)"
 testequal "Package files:
  100 ${ROOTDIR}/rootdir/var/lib/dpkg/status
      release a=now
 
 ROOTDIR="$(readlink -f .)"
 testequal "Package files:
  100 ${ROOTDIR}/rootdir/var/lib/dpkg/status
      release a=now

- 500 file:${ROOTDIR}/aptarchive/ unstable/main i386 Packages
-     release a=unstable,n=sid,c=main

 Pinned packages:" aptcache policy
 Pinned packages:" aptcache policy