From 21638c3af355b3997fadd169495551568af6acfe Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 31 Jul 2014 19:24:36 +0200 Subject: [PATCH] fail early (again) on gpg sig failures --- apt-pkg/acquire-item.cc | 45 +++++++---------------- apt-pkg/acquire.cc | 4 +- test/integration/test-apt-update-rollback | 11 +++--- 3 files changed, 20 insertions(+), 40 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 2d9328b6b..da8402ffc 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -954,32 +954,16 @@ pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner, HashStringList const &ExpectedHash, string comprExt) : pkgAcqBaseIndex(Owner, 0, NULL, ExpectedHash, NULL), RealURI(URI) { - if(comprExt.empty() == true) - { - // autoselect the compression method - std::vector types = APT::Configuration::getCompressionTypes(); - for (std::vector::const_iterator t = types.begin(); t != types.end(); ++t) - comprExt.append(*t).append(" "); - if (comprExt.empty() == false) - comprExt.erase(comprExt.end()-1); - } - CompressionExtension = comprExt; - - Init(URI, URIDesc, ShortDesc); -} -#if 0 -pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner, IndexTarget const *Target, - HashStringList const &ExpectedHash, - indexRecords *MetaIndexParser) - : pkgAcqBaseIndex(Owner, Target, ExpectedHash, MetaIndexParser), - RealURI(Target->URI) -{ - // autoselect the compression method AutoSelectCompression(); - Init(Target->URI, Target->Description, Target->ShortDesc); + Init(URI, URIDesc, ShortDesc); + + if(_config->FindB("Debug::Acquire::Transaction", false) == true) + std::clog << "New pkgIndex with TransactionID " + << TransactionID << std::endl; } -#endif /*}}}*/ +// AcqIndex::AcqIndex - Constructor /*{{{*/ +// --------------------------------------------------------------------- pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner, unsigned long TransactionID, IndexTarget const *Target, @@ -997,6 +981,8 @@ pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner, << TransactionID << std::endl; } /*}}}*/ +// AcqIndex::AutoSelectCompression - Select compression /*{{{*/ +// --------------------------------------------------------------------- void pkgAcqIndex::AutoSelectCompression() { std::vector types = APT::Configuration::getCompressionTypes(); @@ -1846,24 +1832,19 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message) /*{{{*/ // pkgAcqMetaIndex::Failed - no Release file present or no signature file present /*{{{*/ // --------------------------------------------------------------------- /* */ -void pkgAcqMetaIndex::Failed(string /*Message*/, +void pkgAcqMetaIndex::Failed(string Message, pkgAcquire::MethodConfig * /*Cnf*/) { -#if 0 if (AuthPass == true) { // gpgv method failed, if we have a good signature - string LastGoodSigFile = _config->FindDir("Dir::State::lists").append("partial/").append(URItoFileName(RealURI)); + string LastGoodSigFile = _config->FindDir("Dir::State::lists"); + LastGoodSigFile += URItoFileName(RealURI); if (DestFile != SigFile) LastGoodSigFile.append(".gpg"); - LastGoodSigFile.append(".reverify"); if(FileExists(LastGoodSigFile)) { - string VerifiedSigFile = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI); - if (DestFile != SigFile) - VerifiedSigFile.append(".gpg"); - Rename(LastGoodSigFile, VerifiedSigFile); Status = StatTransientNetworkError; _error->Warning(_("An error occurred during the signature " "verification. The repository is not updated " @@ -1878,6 +1859,7 @@ void pkgAcqMetaIndex::Failed(string /*Message*/, _error->Error(_("GPG error: %s: %s"), Desc.Description.c_str(), LookupTag(Message,"Message").c_str()); + Status = StatError; return; } else { _error->Warning(_("GPG error: %s: %s"), @@ -1887,7 +1869,6 @@ void pkgAcqMetaIndex::Failed(string /*Message*/, // gpgv method failed ReportMirrorFailure("GPGFailure"); } -#endif /* Always move the meta index, even if gpgv failed. This ensures * that PackageFile objects are correctly filled in */ diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc index 33afd8f1f..15af5d6bd 100644 --- a/apt-pkg/acquire.cc +++ b/apt-pkg/acquire.cc @@ -195,8 +195,8 @@ bool pkgAcquire::TransactionHasError(unsigned long TransactionID) std::vector Transaction; for (ItemIterator I = Items.begin(); I != Items.end(); ++I) if((*I)->TransactionID == TransactionID) - if((*I)->Status == pkgAcquire::Item::StatError || - (*I)->Status == pkgAcquire::Item::StatAuthError) + if((*I)->Status != pkgAcquire::Item::StatDone && + (*I)->Status != pkgAcquire::Item::StatIdle) return true; return false; diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index c16e4f480..a6297792e 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -156,14 +156,13 @@ test_inrelease_to_unauth_inrelease() { signreleasefiles 'Marvin Paranoid' avoid_ims_hit - testsuccess aptget update -qq + testequal "W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: file: unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E8525D47528144E2 - testequal "WARNING: The following packages cannot be authenticated! - old -E: There are problems and -y was used without --force-yes" aptget install -qq -y old +W: Failed to fetch file:$APTARCHIVE/dists/unstable/InRelease - testfailure ls rootdir/var/lib/apt/lists/*_InRelease - testsuccess ls rootdir/var/lib/apt/lists/*_Release +W: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq + + testsuccess ls rootdir/var/lib/apt/lists/*_InRelease } TESTDIR=$(readlink -f $(dirname $0)) -- 2.45.2