Explorar el Código

* apt-pkg/acquire-item.cc:
- if no Release.gpg file is found, still load the hashes for
verification (closes: #636314) and add test

Michael Vogt hace 15 años
padre
commit
3568a640bd
Se han modificado 3 ficheros con 13 adiciones y 2 borrados
  1. 3 2
      apt-pkg/acquire-item.cc
  2. 3 0
      debian/changelog
  3. 7 0
      test/integration/test-hashsum-verification

+ 3 - 2
apt-pkg/acquire-item.cc

@@ -1258,8 +1258,9 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string Hash,	/*{{{*
       if (SigFile == "")
       {
          // There was no signature file, so we are finished.  Download
-         // the indexes without verification.
-         QueueIndexes(false);
+         // the indexes and do hashsum verification
+         MetaIndexParser->Load(DestFile);
+         QueueIndexes(true);
       }
       else
       {

+ 3 - 0
debian/changelog

@@ -13,6 +13,9 @@ apt (0.8.15.6) unstable; urgency=low
       (LP: #812862)
   * test/integration/test-hashsum-verification:
     - add regression test for hashsum verification
+  * apt-pkg/acquire-item.cc:
+    - if no Release.gpg file is found, still load the hashes for
+      verification (closes: #636314) and add test
 
  -- Michael Vogt <mvo@debian.org>  Tue, 12 Jul 2011 11:54:47 +0200
 

+ 7 - 0
test/integration/test-hashsum-verification

@@ -70,6 +70,13 @@ runtest() {
         msgtest 'No Packages file in /var/lib/apt/lists'
         [ "$(ls rootdir/var/lib/apt/lists/*Package* 2>/dev/null)" = "" ] && msgpass || msgfail 
         
+        # now with the unsigned Release file
+        rm -rf rootdir/var/lib/apt/lists
+        rm aptarchive/InRelease aptarchive/Release.gpg
+        msgtest 'unsigned apt-get update gets the expected hashsum mismatch'
+	aptget update 2>&1 | grep "Hash Sum mismatch" > /dev/null && msgpass || msgfail
+
+
 }
 
 runtest