Michael Vogt vor 11 Jahren
Ursprung
Commit
bca84917c3

+ 21 - 20
apt-pkg/acquire-item.cc

@@ -1316,7 +1316,6 @@ void pkgAcqMetaBase::AbortTransaction()
       std::clog << "AbortTransaction: " << TransactionManager << std::endl;
       std::clog << "AbortTransaction: " << TransactionManager << std::endl;
 
 
    // ensure the toplevel is in error state too
    // ensure the toplevel is in error state too
-   Status = pkgAcquire::Item::StatError;
    for (std::vector<Item*>::iterator I = Transaction.begin();
    for (std::vector<Item*>::iterator I = Transaction.begin();
         I != Transaction.end(); ++I)
         I != Transaction.end(); ++I)
    {
    {
@@ -1542,6 +1541,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
       _error->Error("The repository '%s' is no longer signed.",
       _error->Error("The repository '%s' is no longer signed.",
                     URIDesc.c_str());
                     URIDesc.c_str());
       Rename(MetaIndexFile, MetaIndexFile+".FAILED");
       Rename(MetaIndexFile, MetaIndexFile+".FAILED");
+      Status = pkgAcquire::Item::StatError;
       TransactionManager->AbortTransaction();
       TransactionManager->AbortTransaction();
       return;
       return;
    }
    }
@@ -1561,16 +1561,16 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
    }
    }
 
 
    // only allow going further if the users explicitely wants it
    // only allow going further if the users explicitely wants it
-   if(_config->FindB("APT::Get::AllowUnauthenticated", false))
-   {
-      _error->Warning("Please use --allow-unauthenticated");
-   } 
-   else 
+   if(_config->FindB("APT::Get::AllowUnauthenticated", false) == true)
    {
    {
       // we parse the indexes here because at this point the user wanted
       // we parse the indexes here because at this point the user wanted
       // a repository that may potentially harm him
       // a repository that may potentially harm him
       MetaIndexParser->Load(MetaIndexFile);
       MetaIndexParser->Load(MetaIndexFile);
       ((pkgAcqMetaIndex*)TransactionManager)->QueueIndexes(true);
       ((pkgAcqMetaIndex*)TransactionManager)->QueueIndexes(true);
+   } 
+   else 
+   {
+      _error->Warning("Use --allow-unauthenticated to force the update");
    }
    }
 
 
    // FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor
    // FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor
@@ -1793,12 +1793,12 @@ void pkgAcqMetaIndex::AuthDone(string Message)				/*{{{*/
 
 
    // Download further indexes with verification 
    // Download further indexes with verification 
    //
    //
-   // we do not need to download indexfiles if the Release file has not
-   // changed because without a changed release file there are no new hashes
-   // and we ensure that the repository is always "complete" (i.e. all
-   // that is in the release file is downloaded)
-   if(IMSHit == false)
-      QueueIndexes(true);
+   // it would be really nice if we could simply do
+   //    if (IMSHit == false) QueueIndexes(true)
+   // and skip the download if the Release file has not changed
+   // - but right now the list cleaner will needs to be tricked
+   //   to not delete all our packages/source indexes in this case
+   QueueIndexes(true);
 
 
 #if 0
 #if 0
    // is it a clearsigned MetaIndex file?
    // is it a clearsigned MetaIndex file?
@@ -2012,19 +2012,20 @@ void pkgAcqMetaIndex::Failed(string Message,
       DestFile = FinalFile;
       DestFile = FinalFile;
    }
    }
 
 
+   _error->Warning(_("The data from '%s' is not signed. Packages "
+                     "from that repository can not be authenticated."),
+                   URIDesc.c_str());
+
    // No Release file was present, or verification failed, so fall
    // No Release file was present, or verification failed, so fall
    // back to queueing Packages files without verification
    // back to queueing Packages files without verification
    // only allow going further if the users explicitely wants it
    // only allow going further if the users explicitely wants it
-   if(_config->FindB("APT::Get::AllowUnauthenticated", false))
+   if(_config->FindB("APT::Get::AllowUnauthenticated", false) == true)
    {
    {
-      // warn if the repository is unsinged
-      _error->Warning(_("The data from '%s' is not signed. Packages "
-                     "from that repository can not be authenticated."),
-                   URIDesc.c_str());
-      _error->Warning("Please use --allow-unauthenticated");
-   } else {
       QueueIndexes(false);
       QueueIndexes(false);
-   }
+   } else {
+      // warn if the repository is unsinged
+      _error->Warning("Use --allow-unauthenticated to force the update");
+   } 
 }
 }
 									/*}}}*/
 									/*}}}*/
 
 

+ 1 - 1
test/integration/test-apt-get-source-authenticated

@@ -21,7 +21,7 @@ APTARCHIVE=$(readlink -f ./aptarchive)
 rm -f $APTARCHIVE/dists/unstable/*Release*
 rm -f $APTARCHIVE/dists/unstable/*Release*
 
 
 # update without authenticated InRelease file
 # update without authenticated InRelease file
-testsuccess aptget update
+testsuccess aptget update --allow-unauthenticated
 
 
 # this all should fail
 # this all should fail
 testfailure aptget install -y foo
 testfailure aptget install -y foo

+ 12 - 2
test/integration/test-apt-get-update-unauth-warning

@@ -18,11 +18,21 @@ setupaptarchive --no-update
 APTARCHIVE=$(readlink -f ./aptarchive)
 APTARCHIVE=$(readlink -f ./aptarchive)
 rm -f $APTARCHIVE/dists/unstable/*Release*
 rm -f $APTARCHIVE/dists/unstable/*Release*
 
 
-# update without authenticated InRelease file
+# update without authenticated files leads to warning
 testequal "Ign file: unstable InRelease
 testequal "Ign file: unstable InRelease
 Ign file: unstable Release
 Ign file: unstable Release
 Reading package lists...
 Reading package lists...
-W: The data from 'file: unstable Release' is not signed. Packages from that repository can not be authenticated." aptget update
+W: The data from 'file: unstable Release' is not signed. Packages from that repository can not be authenticated.
+W: Use --allow-unauthenticated to force the update" aptget update
+
+# no package foo
+testequal "Listing..." apt list foo
+
+# allow override
+testequal "Ign file: unstable InRelease
+Ign file: unstable Release
+Reading package lists...
+W: The data from 'file: unstable Release' is not signed. Packages from that repository can not be authenticated." aptget update --allow-unauthenticated
 
 
 # ensure we can not install the package
 # ensure we can not install the package
 testequal "WARNING: The following packages cannot be authenticated!
 testequal "WARNING: The following packages cannot be authenticated!

+ 7 - 9
test/integration/test-apt-update-rollback

@@ -75,15 +75,14 @@ test_inreleae_to_valid_release() {
     rm $APTARCHIVE/dists/unstable/Release.gpg
     rm $APTARCHIVE/dists/unstable/Release.gpg
     avoid_ims_hit
     avoid_ims_hit
 
 
-    # update works
-    testsuccess aptget update -o Debug::Acquire::Transaction=1
+    # update fails
+    testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq
 
 
     # test that we can install the new packages but do no longer have a sig
     # test that we can install the new packages but do no longer have a sig
     testsuccess aptget install old -s
     testsuccess aptget install old -s
-    testsuccess aptget install new -s
-    testfailure ls $ROOTDIR/var/lib/apt/lists/*_InRelease
-    testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release.gpg
-    testsuccess ls $ROOTDIR/var/lib/apt/lists/*_Release
+    testfailure aptget install new -s
+    testsuccess ls $ROOTDIR/var/lib/apt/lists/*_InRelease
+    testfailure ls $ROOTDIR/var/lib/apt/lists/*_Release
 }
 }
 
 
 test_inreleae_to_release_reverts_all() {
 test_inreleae_to_release_reverts_all() {
@@ -98,9 +97,7 @@ test_inreleae_to_release_reverts_all() {
     break_repository_sources_index
     break_repository_sources_index
 
 
     # ensure error
     # ensure error
-    testequal "W: Failed to fetch file:$APTARCHIVE/dists/unstable/main/source/Sources  Hash Sum mismatch
-
-E: Some index files failed to download. They have been ignored, or old ones used instead." aptget update -qq # -o Debug::acquire::transaction=1
+    testequal "E: The repository 'file: unstable Release.gpg' is no longer signed." aptget update -qq # -o Debug::acquire::transaction=1
 
 
     # ensure that the Packages file is also rolled back
     # ensure that the Packages file is also rolled back
     testsuccess aptget install old -s
     testsuccess aptget install old -s
@@ -112,6 +109,7 @@ E: Some index files failed to download. They have been ignored, or old ones used
 test_unauthenticated_to_invalid_inrelease() {
 test_unauthenticated_to_invalid_inrelease() {
     msgmsg "Test UnAuthenticated to invalid InRelease reverts everything"
     msgmsg "Test UnAuthenticated to invalid InRelease reverts everything"
     create_fresh_archive
     create_fresh_archive
+    rm -rf rootdir/var/lib/apt/lists/*
     rm $APTARCHIVE/dists/unstable/InRelease
     rm $APTARCHIVE/dists/unstable/InRelease
     rm $APTARCHIVE/dists/unstable/Release.gpg
     rm $APTARCHIVE/dists/unstable/Release.gpg
     avoid_ims_hit
     avoid_ims_hit

+ 1 - 1
test/integration/test-apt-update-unauth

@@ -26,7 +26,7 @@ runtest() {
     rm -f aptarchive/dists/unstable/*Release*
     rm -f aptarchive/dists/unstable/*Release*
     # remove uncompressed version
     # remove uncompressed version
     find aptarchive/ -name Packages | xargs rm -f
     find aptarchive/ -name Packages | xargs rm -f
-    aptget update -qq
+    aptget update -qq --allow-unauthenticated
 
 
     # become authenticated
     # become authenticated
     generatereleasefiles
     generatereleasefiles

+ 1 - 1
test/integration/test-bug-717891-abolute-uris-for-proxies

@@ -12,7 +12,7 @@ setupaptarchive
 changetowebserver --request-absolute='uri'
 changetowebserver --request-absolute='uri'
 
 
 msgtest 'Check that absolute paths are' 'not accepted'
 msgtest 'Check that absolute paths are' 'not accepted'
-testfailure --nomsg aptget update
+testfailure --nomsg aptget update --allow-unauthenticated
 
 
 echo 'Acquire::http::Proxy "http://localhost:8080";' > rootdir/etc/apt/apt.conf.d/99proxy
 echo 'Acquire::http::Proxy "http://localhost:8080";' > rootdir/etc/apt/apt.conf.d/99proxy
 
 

+ 1 - 1
test/integration/test-bug-738785-switch-protocol

@@ -60,4 +60,4 @@ mv rootdir/${COPYMETHODS}.bak rootdir/${COPYMETHODS}
 # check that downgrades from https to http are not allowed
 # check that downgrades from https to http are not allowed
 webserverconfig 'aptwebserver::support::http' 'true'
 webserverconfig 'aptwebserver::support::http' 'true'
 sed -i -e 's#:8080/redirectme#:4433/downgrademe#' -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/*
 sed -i -e 's#:8080/redirectme#:4433/downgrademe#' -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/*
-testfailure aptget update
+testfailure aptget update --allow-unauthenticated

+ 2 - 1
test/integration/test-policy-pinning

@@ -28,7 +28,7 @@ Pinned packages:" aptcache policy $*
 aptgetupdate() {
 aptgetupdate() {
 	# just to be sure that no old files are used
 	# just to be sure that no old files are used
 	rm -rf rootdir/var/lib/apt
 	rm -rf rootdir/var/lib/apt
-	if aptget update -qq 2>&1 | grep '^E: '; then
+	if aptget update  --allow-unauthenticated -qq 2>&1 | grep '^E: '; then
 		msgwarn 'apt-get update failed with an error'
 		msgwarn 'apt-get update failed with an error'
 	fi
 	fi
 }
 }
@@ -36,6 +36,7 @@ aptgetupdate() {
 ### not signed archive
 ### not signed archive
 
 
 aptgetupdate
 aptgetupdate
+
 testequalpolicy 100 500
 testequalpolicy 100 500
 testequalpolicy 990 500 -t now
 testequalpolicy 990 500 -t now