From 1d970e6ce97385ed719a1ca169ec5cc7bfb82fea Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 3 Oct 2014 00:39:20 +0200 Subject: [PATCH] really do not download Release if InRelease does not verify --- apt-pkg/acquire-item.cc | 44 ++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 0a128f7d5..3c66369cf 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -2175,26 +2175,6 @@ void pkgAcqMetaIndex::Failed(string Message, return; } - /* Always move the meta index, even if gpgv failed. This ensures - * that PackageFile objects are correctly filled in */ - if (FileExists(DestFile)) - { - string FinalFile = _config->FindDir("Dir::State::lists"); - FinalFile += URItoFileName(RealURI); - /* InRelease files become Release files, otherwise - * they would be considered as trusted later on */ - if (SigFile == DestFile) { - RealURI = RealURI.replace(RealURI.rfind("InRelease"), 9, - "Release"); - FinalFile = FinalFile.replace(FinalFile.rfind("InRelease"), 9, - "Release"); - SigFile = FinalFile; - } - - // Done, queue for rename on transaction finished - TransactionManager->TransactionStageCopy(this, DestFile, FinalFile); - } - _error->Warning(_("The data from '%s' is not signed. Packages " "from that repository can not be authenticated."), URIDesc.c_str()); @@ -2204,11 +2184,35 @@ void pkgAcqMetaIndex::Failed(string Message, // only allow going further if the users explicitely wants it if(_config->FindB("Acquire::AllowInsecureRepositories") == true) { + /* Always move the meta index, even if gpgv failed. This ensures + * that PackageFile objects are correctly filled in */ + if (FileExists(DestFile)) + { + string FinalFile = _config->FindDir("Dir::State::lists"); + FinalFile += URItoFileName(RealURI); + /* InRelease files become Release files, otherwise + * they would be considered as trusted later on */ + if (SigFile == DestFile) { + RealURI = RealURI.replace(RealURI.rfind("InRelease"), 9, + "Release"); + FinalFile = FinalFile.replace(FinalFile.rfind("InRelease"), 9, + "Release"); + SigFile = FinalFile; + } + + // Done, queue for rename on transaction finished + TransactionManager->TransactionStageCopy(this, DestFile, FinalFile); + } + QueueIndexes(false); } else { // warn if the repository is unsinged _error->Warning("Use --allow-insecure-repositories to force the update"); + TransactionManager->AbortTransaction(); + Status = StatError; + return; } + } /*}}}*/ -- 2.45.2