Browse Source

don't warn if untransformed distribution matches

A suite or codename entry in the Release file is checked against the
distribution field in the sources.list entry that lead to the download of that
Release file. This distribution entry can contain slashes in the distribution
field:

    deb http://security.debian.org/debian wheezy/updates main

However, the Release file may only contain "wheezy" in the Codename field and
not "wheezy/updates". So a transformation needs to take place that removes the
last / and everything that comes after (e.g. "/updates"). This fails, however,
for valid cases like a reprepro snapshot where the given Codename contains
slashes but is perfectly fine and doesn't need to be transformed. Since that
transformation is essentially just a workaround for special cases like the
security repository, it should be checked if the literal Codename without any
transformations happened is valid and only if isn't the dist should be checked
against the transformated one.

This way special cases like security.debian.org are handled and reprepro
snapshots work too.

The initial patch was taken as insperationto move whole transformation
to CheckDist() which makes this method more accepting & easier to use
(but according to codesearch.d.n we are the only users anyhow).

Thanks: Lukas Anzinger for initial patch
Closes: 644610
debian/1.8.y
David Kalnischkies 6 years ago
parent
commit
d0c7d4d632
  1. 45
      apt-pkg/acquire-item.cc
  2. 26
      apt-pkg/metaindex.cc
  3. 11
      test/integration/test-bug-841874-warning-for-mismatching-distribution

45
apt-pkg/acquire-item.cc

@ -1561,24 +1561,6 @@ void pkgAcqMetaClearSig::QueueIndexes(bool const verify) /*{{{*/
/*}}}*/
bool pkgAcqMetaBase::VerifyVendor(string const &) /*{{{*/
{
string Transformed = TransactionManager->MetaIndexParser->GetExpectedDist();
if (Transformed == "../project/experimental")
{
Transformed = "experimental";
}
auto pos = Transformed.rfind('/');
if (pos != string::npos)
{
Transformed = Transformed.substr(0, pos);
}
if (Transformed == ".")
{
Transformed = "";
}
if (TransactionManager->MetaIndexParser->GetValidUntil() > 0)
{
time_t const invalid_since = time(NULL) - TransactionManager->MetaIndexParser->GetValidUntil();
@ -1613,30 +1595,19 @@ bool pkgAcqMetaBase::VerifyVendor(string const &) /*{{{*/
TransactionManager->LastMetaIndexParser = NULL;
}
if (_config->FindB("Debug::pkgAcquire::Auth", false))
if (_config->FindB("Debug::pkgAcquire::Auth", false))
{
std::cerr << "Got Codename: " << TransactionManager->MetaIndexParser->GetCodename() << std::endl;
std::cerr << "Got Suite: " << TransactionManager->MetaIndexParser->GetSuite() << std::endl;
std::cerr << "Expecting Dist: " << TransactionManager->MetaIndexParser->GetExpectedDist() << std::endl;
std::cerr << "Transformed Dist: " << Transformed << std::endl;
}
if (TransactionManager->MetaIndexParser->CheckDist(Transformed) == false)
{
// This might become fatal one day
// Status = StatAuthError;
// ErrorText = "Conflicting distribution; expected "
// + MetaIndexParser->GetExpectedDist() + " but got "
// + MetaIndexParser->GetCodename();
// return false;
if (!Transformed.empty())
{
_error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"),
Desc.Description.c_str(),
Transformed.c_str(),
TransactionManager->MetaIndexParser->GetCodename().c_str());
}
}
// One day that might become fatal…
auto const ExpectedDist = TransactionManager->MetaIndexParser->GetExpectedDist();
auto const NowCodename = TransactionManager->MetaIndexParser->GetCodename();
if (TransactionManager->MetaIndexParser->CheckDist(ExpectedDist) == false)
_error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"),
Desc.Description.c_str(), ExpectedDist.c_str(), NowCodename.c_str());
return true;
}
/*}}}*/

26
apt-pkg/metaindex.cc

@ -57,15 +57,25 @@ APT_PURE bool metaIndex::GetSupportsAcquireByHash() const { return SupportsAcqui
APT_PURE time_t metaIndex::GetValidUntil() const { return ValidUntil; }
APT_PURE time_t metaIndex::GetDate() const { return this->Date; }
APT_PURE metaIndex::TriState metaIndex::GetLoadedSuccessfully() const { return LoadedSuccessfully; }
APT_PURE bool metaIndex::CheckDist(string const &MaybeDist) const
{
return (this->Codename == MaybeDist
|| this->Suite == MaybeDist);
}
APT_PURE std::string metaIndex::GetExpectedDist() const
APT_PURE std::string metaIndex::GetExpectedDist() const { return Dist; }
/*}}}*/
bool metaIndex::CheckDist(string const &MaybeDist) const /*{{{*/
{
return Dist;
if (MaybeDist.empty() || this->Codename == MaybeDist || this->Suite == MaybeDist)
return true;
std::string Transformed = MaybeDist;
if (Transformed == "../project/experimental")
Transformed = "experimental";
auto const pos = Transformed.rfind('/');
if (pos != string::npos)
Transformed = Transformed.substr(0, pos);
if (Transformed == ".")
Transformed.clear();
return Transformed.empty() || this->Codename == Transformed || this->Suite == Transformed;
}
/*}}}*/
APT_PURE metaIndex::checkSum *metaIndex::Lookup(string const &MetaKey) const /*{{{*/

11
test/integration/test-bug-841874-warning-for-mismatching-distribution

@ -36,3 +36,14 @@ testfailure apt show foo
ln -s "${APTARCHIVE}/dists/testing" "${APTARCHIVE}/dists/stretch/updates"
testsuccess apt update
testsuccess apt show foo
# … but only if needed
rm -rf rootdir/var/lib/apt/lists
sed -i -e 's#stretch#buster#g' rootdir/etc/apt/sources.list.d/*
sed -i -e 's#^Codename: stretch$#Codename: buster/updates#g' $(find ./aptarchive -name 'Release')
signreleasefiles
testfailure apt update
testfailure apt show foo
ln -s "${APTARCHIVE}/dists/testing" "${APTARCHIVE}/dists/buster"
testsuccess apt update
testsuccess apt show foo

Loading…
Cancel
Save