Browse Source

Introduce inrelease-path option for sources.list

Allow specifying an alternative path to the InRelease file, so
you can have multiple versions of a repository, for example.

Enabling this option disables fallback to Release and Release.gpg,
so setting it to InRelease can be used to ensure that only that
will be tried.

We add two test cases: One for checking that it works, and another
for checking that the fallback does not happen.

Closes: #886745
tags/debian/1.6_alpha7
Julian Andres Klode 3 years ago
parent
commit
698f9e3f98
6 changed files with 66 additions and 5 deletions
  1. +21
    -4
      apt-pkg/acquire-item.cc
  2. +4
    -0
      apt-pkg/deb/debmetaindex.cc
  3. +1
    -0
      apt-pkg/indexfile.cc
  4. +3
    -1
      apt-pkg/indexfile.h
  5. +9
    -0
      doc/sources.list.5.xml
  6. +28
    -0
      test/integration/test-apt-by-hash-update

+ 21
- 4
apt-pkg/acquire-item.cc View File

@@ -1324,9 +1324,13 @@ bool pkgAcqMetaBase::CheckDownloadDone(pkgAcqTransactionItem * const I, const st
// Save the final base URI we got this Release file from
if (I->UsedMirror.empty() == false && _config->FindB("Acquire::SameMirrorForAllIndexes", true))
{
if (APT::String::Endswith(I->Desc.URI, "InRelease"))
auto InReleasePath = Target.Option(IndexTarget::INRELEASE_PATH);
if (InReleasePath.empty())
InReleasePath = "InRelease";

if (APT::String::Endswith(I->Desc.URI, InReleasePath))
{
TransactionManager->BaseURI = I->Desc.URI.substr(0, I->Desc.URI.length() - strlen("InRelease"));
TransactionManager->BaseURI = I->Desc.URI.substr(0, I->Desc.URI.length() - InReleasePath.length());
TransactionManager->UsedMirror = I->UsedMirror;
}
else if (APT::String::Endswith(I->Desc.URI, "Release"))
@@ -1871,6 +1875,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
auto const failreason = LookupTag(Message, "FailReason");
auto const httperror = "HttpError";
if (Status == StatAuthError ||
Target.Option(IndexTarget::INRELEASE_PATH).empty() == false || /* do not fallback if InRelease was requested */
(strncmp(failreason.c_str(), httperror, strlen(httperror)) == 0 &&
failreason != "HttpError404"))
{
@@ -1880,7 +1885,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
// as this is gonna fail anyway and instead abort our try (LP#346386)
_error->PushToStack();
_error->Error(_("Failed to fetch %s %s"), Target.URI.c_str(), ErrorText.c_str());
if (AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
if (Target.Option(IndexTarget::INRELEASE_PATH).empty() == true && AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
_error->RevertToStack();
else
return;
@@ -1941,7 +1946,19 @@ pkgAcqMetaIndex::pkgAcqMetaIndex(pkgAcquire * const Owner, /*{{{*/
Desc.Description = DataTarget.Description;
Desc.Owner = this;
Desc.ShortDesc = DataTarget.ShortDesc;
Desc.URI = DataTarget.URI;

// Rewrite the description URI if INRELEASE_PATH was specified so
// we download the specified file instead.
auto InReleasePath = DataTarget.Option(IndexTarget::INRELEASE_PATH);
if (InReleasePath.empty() == false && APT::String::Endswith(DataTarget.URI, "/InRelease"))
{
Desc.URI = DataTarget.URI.substr(0, DataTarget.URI.size() - strlen("InRelease")) + InReleasePath;
}
else
{
Desc.URI = DataTarget.URI;
}

QueueURI(Desc);
}
/*}}}*/


+ 4
- 0
apt-pkg/deb/debmetaindex.cc View File

@@ -1092,6 +1092,10 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/
if (GetBoolOption(Options, "allow-downgrade-to-insecure", _config->FindB("Acquire::AllowDowngradeToInsecureRepositories")))
ReleaseOptions.emplace("ALLOW_DOWNGRADE_TO_INSECURE", "true");

auto InReleasePath = Options.find("inrelease-path");
if (InReleasePath != Options.end())
ReleaseOptions.emplace("INRELEASE_PATH", InReleasePath->second);

debReleaseIndex * Deb = nullptr;
std::string const FileName = URItoFileName(constructMetaIndexURI(URI, Dist, "Release"));
for (auto const &I: List)


+ 1
- 0
apt-pkg/indexfile.cc View File

@@ -149,6 +149,7 @@ std::string IndexTarget::Option(OptionKeys const EnumKey) const /*{{{*/
APT_CASE(ALLOW_INSECURE);
APT_CASE(ALLOW_WEAK);
APT_CASE(ALLOW_DOWNGRADE_TO_INSECURE);
APT_CASE(INRELEASE_PATH);
#undef APT_CASE
case FILENAME:
{


+ 3
- 1
apt-pkg/indexfile.h View File

@@ -72,7 +72,8 @@ class IndexTarget /*{{{*/
std::string const &LongDesc, std::string const &URI, bool const IsOptional,
bool const KeepCompressed, std::map<std::string, std::string> const &Options);

enum OptionKeys {
enum OptionKeys
{
SITE,
RELEASE,
COMPONENT,
@@ -95,6 +96,7 @@ class IndexTarget /*{{{*/
ALLOW_INSECURE,
ALLOW_WEAK,
ALLOW_DOWNGRADE_TO_INSECURE,
INRELEASE_PATH,
};
std::string Option(OptionKeys const Key) const;
bool OptionBool(OptionKeys const Key) const;


+ 9
- 0
doc/sources.list.5.xml View File

@@ -343,6 +343,15 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [.
default.
</para></listitem>

<listitem><para><option>InRelease-Path</option> (<option>inrelease-path</option>)
determines the path to the InRelease file, relative
to the normal position of an <filename>InRelease</filename> file.
By default, this option is unset and APT will try to fetch an <filename>InRelease</filename>
or, if that fails, a <filename>Release</filename> file and its associated <filename>Release.gpg</filename> file. By setting this option,
the specified path will be tried instead of the InRelease file,
and the fallback to <filename>Release</filename> files will be disabled.
</para></listitem>

</itemizedlist>

</para>


+ 28
- 0
test/integration/test-apt-by-hash-update View File

@@ -77,3 +77,31 @@ ensureitsbroken -o Acquire::By-Hash=0
sed -i "s#^\(deb\(-src\)\?\) \[by-hash=yes\] #\1 [by-hash=force] #" rootdir/etc/apt/sources.list.d/*
ensureitworks
#ensureitsbroken -o Acquire::By-Hash=0



msgmsg 'Test InRelease by-hash via' 'sources option'

rm -rf aptarchive/dists
cp -a aptarchive/dists.bak aptarchive/dists
mkdir -p aptarchive/dists/unstable/by-hash/SHA256
inrelease_hash=$(sha256sum aptarchive/dists/unstable/InRelease | awk '{print $1}')
mv aptarchive/dists/unstable/InRelease aptarchive/dists/unstable/by-hash/SHA256/$inrelease_hash
#ensureitworks -o Acquire::By-Hash=force
ensureitsbroken -o Acquire::By-Hash=1
ensureitsbroken -o Acquire::By-Hash=0

sed -i "s#^\(deb\(-src\)\?\) \[by-hash=force\] #\1 [by-hash=force inrelease-path=by-hash/SHA256/$inrelease_hash] #" rootdir/etc/apt/sources.list.d/*
ensureitworks
#ensureitsbroken -o Acquire::By-Hash=0

msgmsg 'Test InRelease by-hash with' 'no fallback'

rm -rf aptarchive/dists
cp -a aptarchive/dists.bak aptarchive/dists

testfailureequal "Get:1 file:${TMPWORKINGDIRECTORY}/aptarchive unstable InRelease
Err:1 file:${TMPWORKINGDIRECTORY}/aptarchive unstable InRelease
File not found - ${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/by-hash/SHA256/${inrelease_hash} (2: No such file or directory)
Reading package lists...
E: Failed to fetch file://${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/InRelease File not found - ${TMPWORKINGDIRECTORY}/aptarchive/dists/unstable/by-hash/SHA256/${inrelease_hash} (2: No such file or directory)" aptget update

Loading…
Cancel
Save