Bug#837075: debootstrap: does not validate `suite` parameter against Release file
On Thu, 2016-09-08 at 16:09 +0200, Ansgar Burchardt wrote:
>
> debootstrap should validate that ${suite} is listed in the Release
> file in either the Suite: or Codename: fields. Additionally storing
> the codename in a variable would also be useful for suite-specific
> workarounds, such as [1].
>
> [1] <https://bugs.debian.org/810301#69>
>
I've attached a patch that implements this.
Ansgar
From 81ebc7df61e8a80915126351e01e016f6a57a52a Mon Sep 17 00:00:00 2001
From: Ansgar Burchardt <ansgar@debian.org>
Date: Thu, 8 Sep 2016 17:28:19 +0200
Subject: [PATCH 1/6] Validate SUITE against Release's Suite or Codename
Bug: https://bugs.debian.org/837075
---
debian/changelog | 7 +++++++
functions | 14 ++++++++++++++
2 files changed, 21 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 9a6412b..96a1dc9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+debootstrap (1.0.83) UNRELEASED; urgency=medium
+
+ * functions: Validate that the requested suite is listed in the
+ Release file's Suite or Codename field. (Closes: #837075)
+
+ -- Ansgar Burchardt <ansgar@debian.org> Thu, 08 Sep 2016 17:26:53 +0200
+
debootstrap (1.0.82) unstable; urgency=medium
[ Alex Bennée ]
diff --git a/functions b/functions
index 67701ee..336f220 100644
--- a/functions
+++ b/functions
@@ -512,6 +512,18 @@ extract_release_components () {
fi
}
+CODENAME=""
+validate_suite () {
+ local reldest="$1"
+
+ CODENAME=$(sed -n "s/^Codename: *//p" "$reldest")
+ local suite=$(sed -n "s/^Suite: *//p" "$reldest")
+
+ if [ "$SUITE" != "$suite" ] && [ "$SUITE" != "$CODENAME" ]; then
+ error 1 WRONGSUITE "Asked to install suite %s, but got %s (codename: %s) from mirror" "$SUITE" "$suite" "$CODENAME"
+ fi
+}
+
download_release_sig () {
local m1="$1"
local reldest="$2"
@@ -547,6 +559,8 @@ download_release_indices () {
download_release_sig "$m1" "$reldest" "$relsigdest"
+ validate_suite "$reldest"
+
extract_release_components $reldest
local totalpkgs=0
--
2.9.3
Reply to: