From: Michael Vogt <michael.vogt@ubuntu.com>
Date: Wed, 16 Jan 2008 09:36:46 +0000 (+0100)
Subject: * Merged apt-authentication-reliabilty branch. This means
X-Git-Tag: 0.7.24ubuntu1~103
X-Git-Url: https://git.saurik.com/apt.git/commitdiff_plain/c63dd53856e58ccde7d1ec89302d2af0e8787b7e?hp=--cc

* Merged apt-authentication-reliabilty branch. This means
  that apt will refuse to update and use the old lists if
  the authentication of a repository that used to be
  authenticated fails. See
  https://wiki.ubuntu.com/AptAuthenticationReliability
  for more details.
---

c63dd53856e58ccde7d1ec89302d2af0e8787b7e
diff --cc apt-pkg/acquire-item.cc
index d0eee0b43,ad48adcff..c22a31058
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@@ -1212,31 -1164,27 +1214,29 @@@ void pkgAcqMetaIndex::Failed(string Mes
  {
     if (AuthPass == true)
     {
-       // if we fail the authentication but got the file via a IMS-Hit 
-       // this means that the file wasn't downloaded and that it might be
-       // just stale (server problem, proxy etc). we delete what we have
-       // queue it again without i-m-s 
-       // alternatively we could just unlink the file and let the user try again
-       if (IMSHit)
+       // gpgv method failed, if we have a good signature 
+       string LastGoodSigFile = _config->FindDir("Dir::State::lists") +
+ 	 "partial/" + URItoFileName(RealURI) + ".gpg.reverify";
+       if(FileExists(LastGoodSigFile))
        {
- 	 Complete = false;
- 	 Local = false;
- 	 AuthPass = false;
- 	 unlink(DestFile.c_str());
- 
- 	 DestFile = _config->FindDir("Dir::State::lists") + "partial/";
- 	 DestFile += URItoFileName(RealURI);
- 	 Desc.URI = RealURI;
- 	 QueueURI(Desc);
+ 	 string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
+ 	    URItoFileName(RealURI) + ".gpg";
+ 	 Rename(LastGoodSigFile,VerifiedSigFile);
+ 	 Status = StatTransientNetworkError;
+ 	 _error->Warning(_("A error occurred during the signature "
+ 			   "verification. The repository is not updated "
+ 			   "and the previous index files will be used."
+ 			   "GPG error: %s: %s\n"),
+ 			 Desc.Description.c_str(),
+ 			 LookupTag(Message,"Message").c_str());
  	 return;
+       } else {
+ 	 _error->Warning(_("GPG error: %s: %s"),
+ 			 Desc.Description.c_str(),
+ 			 LookupTag(Message,"Message").c_str());
        }
- 
 +      // gpgv method failed 
 +      ReportMirrorFailure("GPGFailure");
-       _error->Warning("GPG error: %s: %s",
-                       Desc.Description.c_str(),
-                       LookupTag(Message,"Message").c_str());
- 
     }
  
     // No Release file was present, or verification failed, so fall
diff --cc configure.in
index 932ea5014,5f19c98a6..0bc3288fd
--- a/configure.in
+++ b/configure.in
@@@ -18,7 -18,7 +18,7 @@@ AC_CONFIG_AUX_DIR(buildlib
  AC_CONFIG_HEADER(include/config.h:buildlib/config.h.in include/apti18n.h:buildlib/apti18n.h.in)
  
  dnl -- SET THIS TO THE RELEASE VERSION --
- AC_DEFINE_UNQUOTED(VERSION,"0.7.9ubuntu4")
 -AC_DEFINE_UNQUOTED(VERSION,"0.7.10")
++AC_DEFINE_UNQUOTED(VERSION,"0.7.9ubuntu5")
  PACKAGE="apt"
  AC_DEFINE_UNQUOTED(PACKAGE,"$PACKAGE")
  AC_SUBST(PACKAGE)
diff --cc debian/changelog
index a0bf1dda0,ef9784178..5bd5222cc
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,25 -1,13 +1,36 @@@
 -apt (0.7.10) UNRELEASED; urgency=low
++apt (0.7.9ubuntu5) hardy; urgency=low
++
++  * Merged apt-authentication-reliabilty branch. This means
++    that apt will refuse to update and use the old lists if
++    the authentication of a repository that used to be 
++    authenticated fails. See
++    https://wiki.ubuntu.com/AptAuthenticationReliability
++    for more details.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 16 Jan 2008 10:36:10 +0100
++
 +apt (0.7.9ubuntu4) hardy; urgency=low
 +
 +  * apt-pkg/algorithms.cc:
 +    - Since APT::Get::List-Cleanup and APT::List-Cleanup both default to
 +      true, the effect of the compatibility code was to require both of them
 +      to be set to false in order to disable list cleanup; this broke the
 +      installer. Instead, disable list cleanup if either of them is set to
 +      false.
 +
 + -- Colin Watson <cjwatson@ubuntu.com>  Wed, 09 Jan 2008 22:34:37 +0000
 +
 +apt (0.7.9ubuntu3) hardy; urgency=low
 +
 +  * merged the apt--DoListUpdate branch, this provides a common interface
 +    for "apt-get update" like operations for the frontends and also provides
 +    hooks to run stuff in APT::Update::{Pre,Post}-Invoke
 +
 + -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 07 Jan 2008 19:02:11 +0100
 +
 +apt (0.7.9ubuntu2) hardy; urgency=low
  
    [ Otavio Salvador ]
 -  * Applied patch from Mike O'Connor <stew@vireo.org> to add a manpage to
 -    apt-mark, closes: #430207.
 -  * Applied patch from Andrei Popescu <andreimpopescu@gmail.com> to add a
 -    note about some frontends in apt.8 manpage, closes: #438545.
 -  * Applied patch from Aurelien Jarno <aurel32@debian.org> to avoid CPU
 -    getting crazy when /dev/null is redirected to stdin (which breaks
 -    buildds), closes: #452858.
    * Applied patch from Aurelien Jarno <aurel32@debian.org> to fix building
      with newest dpkg-shlibdeps changing the packaging building order and a
      patch from Robert Millan <rmh@aybabtu.com> to fix parallel building,