Bug#638682: Higher severity

To: Joey Hess <joeyh@debian.org>, 638682@bugs.debian.org
Subject: Bug#638682: Higher severity
From: Mehdi Dogguy <mehdi@dogguy.org>
Date: Tue, 22 May 2012 18:29:02 +0200
Message-id: <[🔎] 4FBBBECE.2030500@dogguy.org>
Reply-to: Mehdi Dogguy <mehdi@dogguy.org>, 638682@bugs.debian.org
In-reply-to: <[🔎] 20120522161643.GA14914@gnu.kitenet.net>
References: <[🔎] 87396vi274.fsf@gkar.ganneff.de> <[🔎] 4FBB8462.1080103@dogguy.org> <[🔎] 20120522161643.GA14914@gnu.kitenet.net>

On 22/05/12 18:16, Joey Hess wrote:

Mehdi Dogguy wrote:

The patch can make use of "gpg" to extract the signed data from the
InRelease file. I'm not sure it is necessary since the rest works just
fine if given an InRelease file instead of a Release file. I kept that
part commented in the patch and leave this decision to the maintainer
since it would add a strong dependency on gnupg… which doesn't seem
necessary.


debootstrap runs inside d-i which does not have gpg, only gpgv.
It cannot use gpg.


That's what I guessed (that's why I took the "mv" approach).

+	if [ "$release_file_variant" = "IN" ]; then
+		# In both cases, we have to extract a Release file from the InRelease file


Says both cases, but only runs in for the inRelease case?


I meant both cases wrt the previous "if … elif" block. Sorry if that
wasn't clear enough.

+		# We redirect the output of gpg to /dev/null as it is useless at this stage
+		#if ! gpg --version>/dev/null 2>&1; then
+		#	error 1 NEEDGPGV "gnupg not installed, but required for InRelease extraction"
+		#else
+		#	(gpg --output "$reldest" --keyring "$KEYRING" --ignore-time-conflict \
+		#	 "$relsigdest" || true ) 2>/dev/null
+		#fi


I'd be inclined to remove this dead code.


Sure.

-	if [ -z "$COMPONENTS" ]; then
-		mv "$reldest" "$reldest.malformed"
-		error 1 INVALIDREL "Invalid Release file, no valid components"
+        if get "$m1/dists/$SUITE/InRelease" "$inreldest" nocache; then


The above line is wrongly indented.


Heh. I spotted it after submitting the patch :)

Thanks a lot for the prompt review! Here's the updated patch taking into
account your remarks.

Regards,

--
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/

>From 7790976684ac5e943958a7d93f80c8dbcfa0f195 Mon Sep 17 00:00:00 2001
From: Mehdi Dogguy <mehdi@debian.org>
Date: Tue, 22 May 2012 12:18:31 +0200
Subject: [PATCH] Add support for InRelease files (Closes: #638682)

---
 debian/changelog |    7 +++++
 functions        |   85 +++++++++++++++++++++++++++++++++++-------------------
 2 files changed, 62 insertions(+), 30 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 904f437..d437191 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+debootstrap (1.0.40+nmu1) UNRELEASED; urgency=low
+
+  * Non-maintainer upload.
+  * Add support for InRelease files (Closes: #638682)
+
+ -- Mehdi Dogguy <mehdi@debian.org>  Tue, 22 May 2012 12:16:57 +0200
+
 debootstrap (1.0.40) unstable; urgency=low
 
   [ Joey Hess ]
diff --git a/functions b/functions
index ad7b211..44f1cae 100644
--- a/functions
+++ b/functions
@@ -480,57 +480,82 @@ get_release_checksum () {
 		done | head -n 1
 }
 
+extract_release_components () {
+	local reldest="$1"; shift
+	TMPCOMPONENTS="$(sed -n 's/Components: *//p' "$reldest")"
+	for c in $TMPCOMPONENTS ; do
+		eval "
+		case \"\$c\" in
+		    $USE_COMPONENTS)
+			COMPONENTS=\"\$COMPONENTS \$c\"
+			;;
+		esac
+		"
+	done
+	COMPONENTS="$(echo $COMPONENTS)"
+	if [ -z "$COMPONENTS" ]; then
+		mv "$reldest" "$reldest.malformed"
+		error 1 INVALIDREL "Invalid Release file, no valid components"
+	fi
+}
+
 download_release_sig () {
 	local m1="$1"
 	local reldest="$2"
-	local relsigdest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/Release.gpg")"
+	local relsigdest="$3"
+	local release_file_variant="$4"
 
 	if [ -n "$KEYRING" ] && [ -z "$DISABLE_KEYRING" ]; then
-		progress 0 100 DOWNRELSIG "Downloading Release file signature"
-		progress_next 50
-		get "$m1/dists/$SUITE/Release.gpg" "$relsigdest" nocache ||
-			error 1 NOGETRELSIG "Failed getting release signature file %s" \
-			"$m1/dists/$SUITE/Release.gpg"
-		progress 50 100 DOWNRELSIG "Downloading Release file signature"
+		if [ "$release_file_variant" != "IN" ]; then
+			progress 0 100 DOWNRELSIG "Downloading Release file signature"
+			progress_next 50
+			get "$m1/dists/$SUITE/Release.gpg" "$relsigdest" nocache ||
+				error 1 NOGETRELSIG "Failed getting release signature file %s" \
+				"$m1/dists/$SUITE/Release.gpg"
+			progress 50 100 DOWNRELSIG "Downloading Release file signature"
+		fi
 
 		info RELEASESIG "Checking Release signature"
-		# Don't worry about the exit status from gpgv; parsing the output will
-		# take care of that.
-		(gpgv --status-fd 1 --keyring "$KEYRING" --ignore-time-conflict \
-		 "$relsigdest" "$reldest" || true) | read_gpg_status
+		if [ "$release_file_variant" = "IN" ]; then
+			(gpgv --status-fd 1 --keyring "$KEYRING" --ignore-time-conflict \
+			 "$relsigdest" || true) | read_gpg_status
+		else
+			# Don't worry about the exit status from gpgv; parsing the output will
+			# take care of that.
+			(gpgv --status-fd 1 --keyring "$KEYRING" --ignore-time-conflict \
+			 "$relsigdest" "$reldest" || true) | read_gpg_status
+		fi
 		progress 100 100 DOWNRELSIG "Downloading Release file signature"
 	elif [ -z "$DISABLE_KEYRING" ] && [ -n "$KEYRING_WANTED" ]; then
 		warning KEYRING "Cannot check Release signature; keyring file not available %s" "$KEYRING_WANTED"
 	fi
+	if [ "$release_file_variant" = "IN" ]; then
+		mv "$relsigdest" "$reldest"
+	fi
 }
 
 download_release_indices () {
 	local m1="${MIRRORS%% *}"
 	local reldest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/Release")"
+	local inreldest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/InRelease")"
+	local relsigdest
+	local release_file_variant="IN"
 	progress 0 100 DOWNREL "Downloading Release file"
 	progress_next 100
-	get "$m1/dists/$SUITE/Release" "$reldest" nocache ||
-		error 1 NOGETREL "Failed getting release file %s" "$m1/dists/$SUITE/Release"
-
-	TMPCOMPONENTS="$(sed -n 's/Components: *//p' "$reldest")"
-	for c in $TMPCOMPONENTS ; do
-		eval "
-		case \"\$c\" in
-		    $USE_COMPONENTS)
-			COMPONENTS=\"\$COMPONENTS \$c\"
-			;;
-		esac
-		"
-	done
-	COMPONENTS="$(echo $COMPONENTS)"
-
-	if [ -z "$COMPONENTS" ]; then
-		mv "$reldest" "$reldest.malformed"
-		error 1 INVALIDREL "Invalid Release file, no valid components"
+	if get "$m1/dists/$SUITE/InRelease" "$inreldest" nocache; then
+		extract_release_components $inreldest
+		relsigdest="$inreldest"
+	else
+		warning RETRIEVING "Failed to retrieve InRelease"
+		get "$m1/dists/$SUITE/Release" "$reldest" nocache ||
+			error 1 NOGETREL "Failed getting release file %s" "$m1/dists/$SUITE/Release"
+		release_file_variant="GPG"
+		relsigdest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/Release.gpg")"
+		extract_release_components $reldest
 	fi
 	progress 100 100 DOWNREL "Downloading Release file"
 
-	download_release_sig "$m1" "$reldest"
+	download_release_sig "$m1" "$reldest" "$relsigdest" "$release_file_variant"
 
 	local totalpkgs=0
 	for c in $COMPONENTS; do
-- 
1.7.10

Reply to:

References:
- Bug#638682: Higher severity
  - From: Joerg Jaspert <joerg@ganneff.de>
- Bug#638682: Higher severity
  - From: Mehdi Dogguy <mehdi@dogguy.org>
- Bug#638682: Higher severity
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Bug#638682: Higher severity
Next by Date: Bug#656877: Also seen on Thecus (iop32x)
Previous by thread: Bug#638682: Higher severity
Next by thread: Bug#673644: Message at end of successful install talks about floppies (should be updated)
Index(es):
- Date
- Thread