}
CompressionExtension = comprExt;
+ Verify = true;
+
Init(URI, URIDesc, ShortDesc);
}
pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner, IndexTarget const *Target,
}
else
{
+ // FIXME: move this into pkgAcqMetaClearSig::Done on the next
+ // ABI break
+
+ // if we expect a ClearTextSignature (InRelase), ensure that
+ // this is what we get and if not fail to queue a
+ // Release/Release.gpg, see #346386
+ if (SigFile == DestFile && !StartsWithGPGClearTextSignature(DestFile))
+ {
+ Failed(Message, Cfg);
+ return;
+ }
+
// There was a signature file, so pass it to gpgv for
// verification
-
if (_config->FindB("Debug::pkgAcquire::Auth", false))
std::cerr << "Metaindex acquired, queueing gpg verification ("
<< SigFile << "," << DestFile << ")\n";
}
// Check the hash
- if(ExpectedHash.toStr() != CalcHash)
+ // FIXME: could this empty() check impose *any* sort of security issue?
+ if(ExpectedHash.empty() == false && ExpectedHash.toStr() != CalcHash)
{
RenameOnError(HashSumMismatch);
return;
}
gdb() {
echo "gdb: run »$*«"
- APT_CONFIG=aptconfig.conf LD_LIBRARY_PATH=${LIBRARYPATH} command gdb ${BUILDDIRECTORY}/$1 --args "$@"
+ CMD="$1"
+ shift
+
+ APT_CONFIG=aptconfig.conf LD_LIBRARY_PATH=${LIBRARYPATH} command gdb ${BUILDDIRECTORY}/$CMD --args ${BUILDDIRECTORY}/$CMD "$@"
}
gpg() {
# see apt-key for the whole trickery. Setup is done in setupenvironment
gpg --quiet --check-trustdb --secret-keyring $SECRETKEYRING --keyring $SECRETKEYRING >/dev/null 2>&1
# cleanup the environment a bit
- export PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
+ # prefer our apt binaries over the system apt binaries
+ export PATH="${BUILDDIRECTORY}:${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
export LC_ALL=C.UTF-8
unset LANGUAGE APT_CONFIG
unset GREP_OPTIONS DEB_BUILD_PROFILES
projects / apt.git / commitdiff
