Просмотр исходного кода

better error message for insufficient hashsums

Downloading and saying "Hash Sum mismatch" isn't very friendly from a
user POV, so with this change we try to detect such cases early on and
report it, preferably before download even started.

Closes: 827758
David Kalnischkies лет назад: 10
Родитель
Сommit
562f0774f8
3 измененных файлов с 72 добавлено и 7 удалено
  1. 7 1
      apt-pkg/acquire-item.cc
  2. 33 3
      apt-pkg/acquire-worker.cc
  3. 32 3
      test/integration/test-apt-update-weak-hashes

+ 7 - 1
apt-pkg/acquire-item.cc

@@ -731,9 +731,11 @@ void pkgAcquire::Item::Failed(string const &Message,pkgAcquire::MethodConfig con
    }
 
    string const FailReason = LookupTag(Message, "FailReason");
-   enum { MAXIMUM_SIZE_EXCEEDED, HASHSUM_MISMATCH, OTHER } failreason = OTHER;
+   enum { MAXIMUM_SIZE_EXCEEDED, HASHSUM_MISMATCH, WEAK_HASHSUMS, OTHER } failreason = OTHER;
    if ( FailReason == "MaximumSizeExceeded")
       failreason = MAXIMUM_SIZE_EXCEEDED;
+   else if ( FailReason == "WeakHashSums")
+      failreason = WEAK_HASHSUMS;
    else if (Status == StatAuthError)
       failreason = HASHSUM_MISMATCH;
 
@@ -747,6 +749,9 @@ void pkgAcquire::Item::Failed(string const &Message,pkgAcquire::MethodConfig con
 	    case HASHSUM_MISMATCH:
 	       out << _("Hash Sum mismatch") << std::endl;
 	       break;
+	    case WEAK_HASHSUMS:
+	       out << _("Insufficient information available to perform this download securely") << std::endl;
+	       break;
 	    case MAXIMUM_SIZE_EXCEEDED:
 	    case OTHER:
 	       out << LookupTag(Message, "Message") << std::endl;
@@ -781,6 +786,7 @@ void pkgAcquire::Item::Failed(string const &Message,pkgAcquire::MethodConfig con
    {
       case MAXIMUM_SIZE_EXCEEDED: RenameOnError(MaximumSizeExceeded); break;
       case HASHSUM_MISMATCH: RenameOnError(HashSumMismatch); break;
+      case WEAK_HASHSUMS: break;
       case OTHER: break;
    }
 

+ 33 - 3
apt-pkg/acquire-worker.cc

@@ -443,7 +443,13 @@ bool pkgAcquire::Worker::RunMessages()
 	       {
 		  if (isDoomedItem(Owner) == false)
 		  {
-		     Message.append("\nFailReason: HashSumMismatch");
+		     if (Message.find("\nFailReason:") == std::string::npos)
+		     {
+			if (ReceivedHashes != ExpectedHashes)
+			   Message.append("\nFailReason: HashSumMismatch");
+			else
+			   Message.append("\nFailReason: WeakHashSums");
+		     }
 		     Owner->Failed(Message,Config);
 		  }
 		  if (Log != nullptr)
@@ -484,7 +490,7 @@ bool pkgAcquire::Worker::RunMessages()
 	       }
 	       if (errTransient == false)
 	       {
-		  auto const reasons = { "HashSumMismatch", "MaximumSizeExceeded" };
+		  auto const reasons = { "HashSumMismatch", "WeakHashSums", "MaximumSizeExceeded" };
 		  errAuthErr = std::find(std::begin(reasons), std::end(reasons), failReason) != std::end(reasons);
 	       }
 	    }
@@ -631,12 +637,36 @@ bool pkgAcquire::Worker::QueueItem(pkgAcquire::Queue::QItem *Item)
    if (OutFd == -1)
       return false;
 
+   HashStringList const hsl = Item->GetExpectedHashes();
+
+   if (isDoomedItem(Item->Owner))
+      return true;
+
+   if (hsl.usable() == false && Item->Owner->HashesRequired() &&
+	 _config->Exists("Acquire::ForceHash") == false)
+   {
+      std::string const Message = "400 URI Failure"
+	 "\nURI: " + Item->URI +
+	 "\nFilename: " + Item->Owner->DestFile +
+	 "\nFailReason: WeakHashSums";
+
+      auto const ItmOwners = Item->Owners;
+      for (auto &O: ItmOwners)
+      {
+	 O->Status = pkgAcquire::Item::StatAuthError;
+	 O->Failed(Message, Config);
+	 if (Log != nullptr)
+	    Log->Fail(O->GetItemDesc());
+      }
+      // "queued" successfully, the item just instantly failed
+      return true;
+   }
+
    string Message = "600 URI Acquire\n";
    Message.reserve(300);
    Message += "URI: " + Item->URI;
    Message += "\nFilename: " + Item->Owner->DestFile;
 
-   HashStringList const hsl = Item->GetExpectedHashes();
    for (HashStringList::const_iterator hs = hsl.begin(); hs != hsl.end(); ++hs)
       Message += "\nExpected-" + hs->HashType() + ": " + hs->HashValue();
 

+ 32 - 3
test/integration/test-apt-update-weak-hashes

@@ -124,7 +124,7 @@ preparetest() {
 msgmsg 'Moving between Release files with good and bad hashes'
 rm -rf rootdir/var/lib/apt/lists
 confighashes 'MD5'
-generatereleasefiles 'now - 1 day'
+generatereleasefiles 'now - 7 days'
 signreleasefiles
 testfailure apt update
 testnopkg 'foo'
@@ -135,7 +135,7 @@ confighashes 'MD5' 'SHA256'
 rm -rf aptarchive/dists
 insertpackage 'unstable' 'foo2' 'i386' '1.0'
 insertsource 'unstable' 'foo2' 'any' '1.0'
-setupaptarchive --no-update 'now - 12 hours'
+setupaptarchive --no-update 'now - 5 days'
 testsuccess apt update
 testnopkg foo
 testnotempty find rootdir/var/lib/apt/lists -maxdepth 1 -name '*InRelease' -o -name '*Release.gpg'
@@ -146,7 +146,7 @@ confighashes 'MD5'
 rm -rf aptarchive/dists
 insertpackage 'unstable' 'foo3' 'i386' '1.0'
 insertsource 'unstable' 'foo3' 'any' '1.0'
-setupaptarchive --no-update
+setupaptarchive --no-update 'now - 3 days'
 testfailure apt update
 testnopkg foo
 testnopkg foo3
@@ -156,3 +156,32 @@ testnotempty apt showsrc foo2
 testwarning apt update --allow-insecure-repositories
 testnopkg foo2
 testbadpkg foo3
+
+msgmsg 'Working with packages guarded only by weak hashes'
+confighashes 'MD5'
+rm -rf aptarchive/dists
+buildsimplenativepackage 'foo4' 'i386' '1' 'unstable'
+setupaptarchive --no-update
+testfailure apt update
+confighashes 'SHA256'
+generatereleasefiles 'now - 1 day'
+signreleasefiles
+testsuccess apt update
+cd downloaded
+testfailure apt download foo4
+cp ../rootdir/tmp/testfailure.output download.output
+testfailure grep 'Hash Sum mismatch' download.output
+testsuccess grep 'Insufficient information' download.output
+
+testsuccess apt install foo4 -s
+testfailure apt install foo4 -dy
+cp ../rootdir/tmp/testfailure.output install.output
+testfailure grep 'Hash Sum mismatch' install.output
+testsuccess grep 'Insufficient information' download.output
+
+testsuccess apt source foo4
+cp ../rootdir/tmp/testsuccess.output source.output
+testsuccess grep 'Skipping download of file' source.output
+testfailure test -e foo4_1.dsc
+testsuccess test -e foo4_1.tar.*
+cd ..