// AcqMetaBase::GenerateAuthWarning - Check gpg authentication error /*{{{*/
// ---------------------------------------------------------------------
/* */
-bool pkgAcqMetaBase::GenerateAuthWarning(const std::string &RealURI,
- const std::string &Message)
+bool pkgAcqMetaBase::StopAuthentication(const std::string &RealURI,
+ const std::string &Message)
{
string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
{
string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
- // FIXME: duplicated code from pkgAcqMetaIndex
- if (AuthPass == true)
- {
- bool Stop = GenerateAuthWarning(RealURI, Message);
- if(Stop)
+ // check if we need to fail at this point
+ if (AuthPass == true && StopAuthentication(RealURI, Message))
return;
- }
// FIXME: meh, this is not really elegant
string InReleaseURI = RealURI.replace(RealURI.rfind("Release.gpg"), 12,
return true;
}
/*}}}*/
-// pkgAcqMetaIndex::Failed - no Release file present or no signature file present /*{{{*/
+// pkgAcqMetaIndex::Failed - no Release file present /*{{{*/
// ---------------------------------------------------------------------
/* */
void pkgAcqMetaIndex::Failed(string Message,
pkgAcquire::MethodConfig * /*Cnf*/)
{
- string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+ string FinalFile = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
- if (AuthPass == true)
- {
- bool Stop = GenerateAuthWarning(RealURI, Message);
- if(Stop)
- return;
- }
+ _error->Warning(_("The repository '%s' does not have a Release file. "
+ "This is deprecated, please contact the owner of the "
+ "repository."), URIDesc.c_str());
- _error->Warning(_("The data from '%s' is not signed. Packages "
- "from that repository can not be authenticated."),
- URIDesc.c_str());
-
- // No Release file was present, or verification failed, so fall
+ // No Release file was present so fall
// back to queueing Packages files without verification
// only allow going further if the users explicitely wants it
if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
{
- /* Always move the meta index, even if gpgv failed. This ensures
- * that PackageFile objects are correctly filled in */
+ // Done, queue for rename on transaction finished
if (FileExists(DestFile))
- {
- string FinalFile = _config->FindDir("Dir::State::lists");
- FinalFile += URItoFileName(RealURI);
- /* InRelease files become Release files, otherwise
- * they would be considered as trusted later on */
- if (SigFile == DestFile) {
- RealURI = RealURI.replace(RealURI.rfind("InRelease"), 9,
- "Release");
- FinalFile = FinalFile.replace(FinalFile.rfind("InRelease"), 9,
- "Release");
- SigFile = FinalFile;
- }
-
- // Done, queue for rename on transaction finished
TransactionManager->TransactionStageCopy(this, DestFile, FinalFile);
- }
+ // queue without any kind of hashsum support
QueueIndexes(false);
} else {
// warn if the repository is unsinged
Status = StatError;
return;
}
-
}
/*}}}*/
MetaIndexURI(MetaIndexURI), MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc),
MetaSigURI(MetaSigURI), MetaSigURIDesc(MetaSigURIDesc), MetaSigShortDesc(MetaSigShortDesc)
{
- SigFile = DestFile;
-
// index targets + (worst case:) Release/Release.gpg
ExpectedAdditionalItems = IndexTargets->size() + 2;
-#if 0
- // keep the old InRelease around in case of transistent network errors
- string const Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
- if (RealFileExists(Final) == true)
- {
- string const LastGoodSig = DestFile + ".reverify";
- Rename(Final,LastGoodSig);
- }
-#endif
}
/*}}}*/
pkgAcqMetaClearSig::~pkgAcqMetaClearSig() /*{{{*/
{
-#if 0
- // if the file was never queued undo file-changes done in the constructor
- if (QueueCounter == 1 && Status == StatIdle && FileSize == 0 && Complete == false)
- {
- string const Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
- string const LastGoodSig = DestFile + ".reverify";
- if (RealFileExists(Final) == false && RealFileExists(LastGoodSig) == true)
- Rename(LastGoodSig, Final);
- }
-#endif
}
/*}}}*/
// pkgAcqMetaClearSig::Custom600Headers - Insert custom request headers /*{{{*/
// ---------------------------------------------------------------------
-// FIXME: this can go away once the InRelease file is used widely
string pkgAcqMetaClearSig::Custom600Headers() const
{
string Final = _config->FindDir("Dir::State::lists");
Dequeue();
}
else
- pkgAcqMetaIndex::Failed(Message, Cnf);
+ {
+ if(StopAuthentication(RealURI, Message))
+ return;
+
+ _error->Warning(_("The data from '%s' is not signed. Packages "
+ "from that repository can not be authenticated."),
+ URIDesc.c_str());
+
+ // No Release file was present, or verification failed, so fall
+ // back to queueing Packages files without verification
+ // only allow going further if the users explicitely wants it
+ if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
+ {
+ /* Always move the meta index, even if gpgv failed. This ensures
+ * that PackageFile objects are correctly filled in */
+ if (FileExists(DestFile))
+ {
+ string FinalFile = _config->FindDir("Dir::State::lists");
+ FinalFile += URItoFileName(RealURI);
+ /* InRelease files become Release files, otherwise
+ * they would be considered as trusted later on */
+ RealURI = RealURI.replace(RealURI.rfind("InRelease"), 9,
+ "Release");
+ FinalFile = FinalFile.replace(FinalFile.rfind("InRelease"), 9,
+ "Release");
+
+
+ // Done, queue for rename on transaction finished
+ TransactionManager->TransactionStageCopy(this, DestFile, FinalFile);
+ }
+ QueueIndexes(false);
+ } else {
+ // warn if the repository is unsinged
+ _error->Warning("Use --allow-insecure-repositories to force the update");
+ TransactionManager->AbortTransaction();
+ Status = StatError;
+ return;
+ }
+ }
}
/*}}}*/
// AcqArchive::AcqArchive - Constructor /*{{{*/
HCoop / ntk / apt.git / commitdiff