check hashes of compressed files as well

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 43c09e7b58f47da2740e671432f6535b560ef7c4..c75ef36a9b5d2340a9b8892174cfadc625040b39 100644 (file)
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1178,6 +1178,20 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,HashStringList con
         unlink(DestFile.c_str());
 #endif
       return;
+   } else {
+      // FIXME: use the same method to find 
+      // check the compressed hash too
+      if(MetaKey != "" && Hashes.size() > 0)
+      {
+         indexRecords::checkSum *Record = MetaIndexParser->Lookup(MetaKey);
+         if(Record && Record->Hashes.usable() && Hashes != Record->Hashes)
+         {
+            RenameOnError(HashSumMismatch);
+            printHashSumComparision(RealURI, Record->Hashes, Hashes);
+            Failed(Message, Cfg);
+            return;
+         }
+      }
    }
 
    Erase = false;

diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback
index 4eef2aecf634a4bdb182555c7edaf5bb4b1b306e..b8a2b079105f6e244e23df052607b6eff440849f 100755 (executable)
--- a/test/integration/test-apt-update-rollback
+++ b/test/integration/test-apt-update-rollback
@@ -61,9 +61,7 @@ test_inrelease_to_broken_hash_reverts_all() {
     # test the error condition
     testequal "W: Failed to fetch file:${APTARCHIVE}/dists/unstable/InRelease  
 
-W: Failed to fetch copy:${APTARCHIVE}/dists/unstable/main/source/Sources  Hash Sum mismatch
-
-W: Failed to fetch copy:${APTARCHIVE}/dists/unstable/main/binary-i386/Packages  
+W: Failed to fetch file:${APTARCHIVE}/dists/unstable/main/source/Sources  Hash Sum mismatch
 
 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
     # ensure that the Packages file is also rolled back
@@ -108,9 +106,7 @@ W: Failed to fetch file:$APTARCHIVE/dists/unstable/Release
 
 W: Failed to fetch file:$APTARCHIVE/dists/unstable/Release.gpg  
 
-W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/source/Sources  Hash Sum mismatch
-
-W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/binary-i386/Packages  
+W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources  Hash Sum mismatch
 
 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # -o Debug::acquire::transaction=1
 
@@ -139,9 +135,7 @@ E: There are problems and -y was used without --force-yes" aptget install -qq -y
 
     testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease  
 
-W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/source/Sources  Hash Sum mismatch
-
-W: Failed to fetch copy:$APTARCHIVE/dists/unstable/main/binary-i386/Packages  
+W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources  Hash Sum mismatch
 
 E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq
 
@@ -166,6 +160,19 @@ W: Some index files failed to download. They have been ignored, or old ones used
     testsuccess ls rootdir/var/lib/apt/lists/*_InRelease
 }
 
+test_inrelease_to_broken_gzip() {
+    msgmsg "Test InRelease to broken gzip"
+    create_fresh_archive
+    # append junk at the end of the gzip, this
+    echo "lala" >> $APTARCHIVE/dists/unstable/main/source/Sources.gz
+    # remove uncompressed file, otherwise apt will just fallback fetching
+    # that
+    rm $APTARCHIVE/dists/unstable/main/source/Sources
+    avoid_ims_hit
+
+    testfailure aptget update
+}
+
 TESTDIR=$(readlink -f $(dirname $0))
 . $TESTDIR/framework
 
@@ -190,10 +197,8 @@ APTARCHIVE_LISTS="$(echo $APTARCHIVE | tr "/" "_" )"
 
 test_inrelease_to_new_inrelease
 test_inrelease_to_broken_hash_reverts_all
-
 test_inreleae_to_valid_release
 test_inreleae_to_release_reverts_all
-
 test_unauthenticated_to_invalid_inrelease
-
 test_inrelease_to_unauth_inrelease
+test_inrelease_to_broken_gzip