[maemo-commits] [maemo-commits] r14886 - in projects/haf/trunk/apt: . apt-pkg debian
From: subversion at stage.maemo.org subversion at stage.maemo.orgDate: Thu Dec 6 18:48:32 EET 2007
- Previous message: [maemo-commits] r14885 - in projects/haf/trunk/apt: . apt-pkg debian
- Next message: [maemo-commits] r14887 - projects/haf/trunk
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Author: marivoll
Date: 2007-12-06 18:48:28 +0200 (Thu, 06 Dec 2007)
New Revision: 14886
Added:
projects/haf/trunk/apt/trusthook.patch
Modified:
projects/haf/trunk/apt/README.maemo
projects/haf/trunk/apt/apt-pkg/acquire-item.cc
projects/haf/trunk/apt/apt-pkg/acquire-item.h
projects/haf/trunk/apt/debian/changelog
Log:
* Applied trusthook.patch
Modified: projects/haf/trunk/apt/README.maemo
===================================================================
--- projects/haf/trunk/apt/README.maemo 2007-12-06 16:35:44 UTC (rev 14885)
+++ projects/haf/trunk/apt/README.maemo 2007-12-06 16:48:28 UTC (rev 14886)
@@ -1,6 +1,8 @@
Patches for maemo
-----------------
+Patched marked with "**" should be pushed upstream in some form.
+
- maemostrip.diff
Don't build docs. Don't build the https method. Don't build
@@ -18,7 +20,7 @@
Include a default Basic Authentication header in every HTTP request
that identifies the hardware model of the device.
-- mmap.patch
+- mmap.patch [**]
Make it work in filesystems that don't support writable mmaps.
@@ -26,6 +28,13 @@
Don't fail to add or use keys when the clock is wrong.
-- gpgvinfo.patch
+- gpgvinfo.patch [**]
Store a foo.gpg.info with the results of verifying signatures.
+
+- tusthook.patch [**]
+
+Allow outside influence into deciding whether to trust a source for a
+particular version of a package. This is used, together with the
+gpgvinfo.patch to implement the domain system of the Hildon
+Application Manager.
Modified: projects/haf/trunk/apt/apt-pkg/acquire-item.cc
===================================================================
--- projects/haf/trunk/apt/apt-pkg/acquire-item.cc 2007-12-06 16:35:44 UTC (rev 14885)
+++ projects/haf/trunk/apt/apt-pkg/acquire-item.cc 2007-12-06 16:48:28 UTC (rev 14886)
@@ -1223,7 +1223,26 @@
}
/*}}}*/
+static int
+default_index_trust_level_for_package (pkgIndexFile *Index,
+ const pkgCache::VerIterator &Ver)
+{
+ return Index->IsTrusted ()? 1 : 0;
+}
+static int (*index_trust_level_for_package) (pkgIndexFile *Index,
+ const pkgCache::VerIterator &Ver)
+ = default_index_trust_level_for_package;
+
+void
+apt_set_index_trust_level_for_package_hook (int (*hook)
+ (pkgIndexFile *Index,
+ const pkgCache::VerIterator &Ver))
+{
+ index_trust_level_for_package = hook;
+}
+
+
// AcqArchive::AcqArchive - Constructor /*{{{*/
// ---------------------------------------------------------------------
/* This just sets up the initial fetch environment and queues the first
@@ -1232,8 +1251,8 @@
pkgRecords *Recs,pkgCache::VerIterator const &Version,
string &StoreFilename) :
Item(Owner), Version(Version), Sources(Sources), Recs(Recs),
- StoreFilename(StoreFilename), Vf(Version.FileList()),
- Trusted(false)
+ StoreFilename(StoreFilename),
+ TrustLevel(0)
{
Retries = _config->FindI("Acquire::Retries",0);
@@ -1249,6 +1268,9 @@
/* We need to find a filename to determine the extension. We make the
assumption here that all the available sources for this version share
the same extension.. */
+
+ pkgCache::VerFileIterator Vf = Version.FileList();
+
// Skip not source sources, they do not have file fields.
for (; Vf.end() == false; Vf++)
{
@@ -1272,31 +1294,62 @@
"." + flExtension(Parse.FileName());
}
- // check if we have one trusted source for the package. if so, switch
- // to "TrustedOnly" mode
- for (pkgCache::VerFileIterator i = Version.FileList(); i.end() == false; i++)
- {
- pkgIndexFile *Index;
- if (Sources->FindIndex(i.File(),Index) == false)
- continue;
- if (_config->FindB("Debug::pkgAcquire::Auth", false))
- {
- std::cerr << "Checking index: " << Index->Describe()
- << "(Trusted=" << Index->IsTrusted() << ")\n";
- }
- if (Index->IsTrusted()) {
- Trusted = true;
- break;
- }
- }
+ VerFileCandidates.clear();
+ TrustLevel = 0;
- // "allow-unauthenticated" restores apts old fetching behaviour
- // that means that e.g. unauthenticated file:// uris are higher
- // priority than authenticated http:// uris
if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
- Trusted = false;
+ {
+ // "allow-unauthenticated" restores apts old fetching behaviour
+ // that means that e.g. unauthenticated file:// uris are higher
+ // priority than authenticated http:// uris
+
+ while (!Vf.end())
+ {
+ if ((Vf.File()->Flags & pkgCache::Flag::NotSource) != 0)
+ {
+ Vf++;
+ continue;
+ }
+ VerFileCandidates.push_back (Vf);
+ Vf++;
+ }
+ }
+ else
+ {
+ // Find the sources with the highest trust level.
+
+ while (!Vf.end())
+ {
+ pkgIndexFile *Index;
+ if (Sources->FindIndex(Vf.File(),Index) == false)
+ {
+ Vf++;
+ continue;
+ }
+
+ int l = index_trust_level_for_package (Index, Version);
+
+ if (_config->FindB("Debug::pkgAcquire::Auth", false))
+ {
+ std::cerr << "Checking index: " << Index->Describe()
+ << "(Trust level =" << l << ")\n";
+ }
+
+ if (l >= TrustLevel)
+ {
+ if (l > TrustLevel)
+ VerFileCandidates.clear ();
+ VerFileCandidates.push_back (Vf);
+ TrustLevel = l;
+ }
+
+ Vf++;
+ }
+ }
+
// Select a source
+ CurVerFile = VerFileCandidates.begin ();
if (QueueNext() == false && _error->PendingError() == false)
_error->Error(_("I wasn't able to locate file for the %s package. "
"This might mean you need to manually fix this package."),
@@ -1310,22 +1363,15 @@
checking later. */
bool pkgAcqArchive::QueueNext()
{
- for (; Vf.end() == false; Vf++)
+ while (CurVerFile != VerFileCandidates.end())
{
- // Ignore not source sources
- if ((Vf.File()->Flags & pkgCache::Flag::NotSource) != 0)
- continue;
+ pkgCache::VerFileIterator Vf = *CurVerFile++;
// Try to cross match against the source list
pkgIndexFile *Index;
if (Sources->FindIndex(Vf.File(),Index) == false)
continue;
- // only try to get a trusted package from another source if that source
- // is also trusted
- if(Trusted && !Index->IsTrusted())
- continue;
-
// Grab the text package record
pkgRecords::Parser &Parse = Recs->Lookup(Vf);
if (_error->PendingError() == true)
@@ -1403,7 +1449,6 @@
Desc.ShortDesc = Version.ParentPkg().Name();
QueueURI(Desc);
- Vf++;
return true;
}
return false;
@@ -1480,7 +1525,7 @@
StringToBool(LookupTag(Message,"Transient-Failure"),false) == true)
{
// Vf = Version.FileList();
- while (Vf.end() == false) Vf++;
+ CurVerFile = VerFileCandidates.end ();
StoreFilename = string();
Item::Failed(Message,Cnf);
return;
@@ -1494,7 +1539,7 @@
StringToBool(LookupTag(Message,"Transient-Failure"),false) == true)
{
Retries--;
- Vf = Version.FileList();
+ CurVerFile = VerFileCandidates.begin ();
if (QueueNext() == true)
return;
}
@@ -1509,7 +1554,7 @@
// ---------------------------------------------------------------------
bool pkgAcqArchive::IsTrusted()
{
- return Trusted;
+ return TrustLevel > 0;
}
// AcqArchive::Finished - Fetching has finished, tidy up /*{{{*/
Modified: projects/haf/trunk/apt/apt-pkg/acquire-item.h
===================================================================
--- projects/haf/trunk/apt/apt-pkg/acquire-item.h 2007-12-06 16:35:44 UTC (rev 14885)
+++ projects/haf/trunk/apt/apt-pkg/acquire-item.h 2007-12-06 16:48:28 UTC (rev 14886)
@@ -27,6 +27,7 @@
#include <apt-pkg/pkgrecords.h>
#include <apt-pkg/indexrecords.h>
+#include <list>
/** \addtogroup acquire
* @{
@@ -787,8 +788,8 @@
*/
string &StoreFilename;
- /** \brief The next file for this version to try to download. */
- pkgCache::VerFileIterator Vf;
+ std::list<pkgCache::VerFileIterator> VerFileCandidates;
+ std::list<pkgCache::VerFileIterator>::const_iterator CurVerFile;
/** \brief How many (more) times to try to find a new source from
* which to download this package version if it fails.
@@ -797,10 +798,10 @@
*/
unsigned int Retries;
- /** \brief \b true if this version file is being downloaded from a
+ /** \brief \b Positive if this version file is being downloaded from a
* trusted source.
*/
- bool Trusted;
+ int TrustLevel;
/** \brief Queue up the next available file for this version. */
bool QueueNext();
@@ -904,4 +905,28 @@
/** @} */
+/* For influencing the IsTrusted decision when acquiring a new version
+ of a package and for influencing which source is selected if the
+ highest version of a package is available from multiple sources.
+
+ The hook should return a integer indicating the 'trust level' that
+ a given index should be afforded for a given package. Indices with
+ higher trust levels will be preferred.
+
+ The default behavior is to use a trust level of zero for unsigned
+ repositories and a level of one for repositories with valid
+ signatures.
+
+ The IsTrusted predicate on a pkgAcqArchive object will return true
+ when the highest trust level is non-zero, false otherwise.
+
+ A trust level can be negative. In that case, the index will never
+ be considered as a source for the package.
+*/
+
+void
+apt_set_index_trust_level_for_package_hook (int (*hook)
+ (pkgIndexFile *Index,
+ const pkgCache::VerIterator &V));
+
#endif
Modified: projects/haf/trunk/apt/debian/changelog
===================================================================
--- projects/haf/trunk/apt/debian/changelog 2007-12-06 16:35:44 UTC (rev 14885)
+++ projects/haf/trunk/apt/debian/changelog 2007-12-06 16:48:28 UTC (rev 14886)
@@ -5,7 +5,8 @@
* Applied mmap.patch
* Applied ignoretimeconflict.patch
* Applied ggpvinfo.patch
-
+ * Applied trusthook.patch
+
-- Marius Vollmer <mvo at zagadka.de> Thu, 06 Dec 2007 17:15:19 +0200
apt (0.7.6) unstable; urgency=low
Added: projects/haf/trunk/apt/trusthook.patch
===================================================================
--- projects/haf/trunk/apt/trusthook.patch 2007-12-06 16:35:44 UTC (rev 14885)
+++ projects/haf/trunk/apt/trusthook.patch 2007-12-06 16:48:28 UTC (rev 14886)
@@ -0,0 +1,261 @@
+Index: apt-pkg/acquire-item.cc
+===================================================================
+--- apt-pkg/acquire-item.cc (revision 14885)
++++ apt-pkg/acquire-item.cc (working copy)
+@@ -1223,7 +1223,26 @@
+ }
+
+ /*}}}*/
++static int
++default_index_trust_level_for_package (pkgIndexFile *Index,
++ const pkgCache::VerIterator &Ver)
++{
++ return Index->IsTrusted ()? 1 : 0;
++}
+
++static int (*index_trust_level_for_package) (pkgIndexFile *Index,
++ const pkgCache::VerIterator &Ver)
++ = default_index_trust_level_for_package;
++
++void
++apt_set_index_trust_level_for_package_hook (int (*hook)
++ (pkgIndexFile *Index,
++ const pkgCache::VerIterator &Ver))
++{
++ index_trust_level_for_package = hook;
++}
++
++
+ // AcqArchive::AcqArchive - Constructor /*{{{*/
+ // ---------------------------------------------------------------------
+ /* This just sets up the initial fetch environment and queues the first
+@@ -1232,8 +1251,8 @@
+ pkgRecords *Recs,pkgCache::VerIterator const &Version,
+ string &StoreFilename) :
+ Item(Owner), Version(Version), Sources(Sources), Recs(Recs),
+- StoreFilename(StoreFilename), Vf(Version.FileList()),
+- Trusted(false)
++ StoreFilename(StoreFilename),
++ TrustLevel(0)
+ {
+ Retries = _config->FindI("Acquire::Retries",0);
+
+@@ -1249,6 +1268,9 @@
+ /* We need to find a filename to determine the extension. We make the
+ assumption here that all the available sources for this version share
+ the same extension.. */
++
++ pkgCache::VerFileIterator Vf = Version.FileList();
++
+ // Skip not source sources, they do not have file fields.
+ for (; Vf.end() == false; Vf++)
+ {
+@@ -1272,31 +1294,62 @@
+ "." + flExtension(Parse.FileName());
+ }
+
+- // check if we have one trusted source for the package. if so, switch
+- // to "TrustedOnly" mode
+- for (pkgCache::VerFileIterator i = Version.FileList(); i.end() == false; i++)
+- {
+- pkgIndexFile *Index;
+- if (Sources->FindIndex(i.File(),Index) == false)
+- continue;
+- if (_config->FindB("Debug::pkgAcquire::Auth", false))
+- {
+- std::cerr << "Checking index: " << Index->Describe()
+- << "(Trusted=" << Index->IsTrusted() << ")\n";
+- }
+- if (Index->IsTrusted()) {
+- Trusted = true;
+- break;
+- }
+- }
++ VerFileCandidates.clear();
++ TrustLevel = 0;
+
+- // "allow-unauthenticated" restores apts old fetching behaviour
+- // that means that e.g. unauthenticated file:// uris are higher
+- // priority than authenticated http:// uris
+ if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
+- Trusted = false;
++ {
++ // "allow-unauthenticated" restores apts old fetching behaviour
++ // that means that e.g. unauthenticated file:// uris are higher
++ // priority than authenticated http:// uris
++
++ while (!Vf.end())
++ {
++ if ((Vf.File()->Flags & pkgCache::Flag::NotSource) != 0)
++ {
++ Vf++;
++ continue;
++ }
+
++ VerFileCandidates.push_back (Vf);
++ Vf++;
++ }
++ }
++ else
++ {
++ // Find the sources with the highest trust level.
++
++ while (!Vf.end())
++ {
++ pkgIndexFile *Index;
++ if (Sources->FindIndex(Vf.File(),Index) == false)
++ {
++ Vf++;
++ continue;
++ }
++
++ int l = index_trust_level_for_package (Index, Version);
++
++ if (_config->FindB("Debug::pkgAcquire::Auth", false))
++ {
++ std::cerr << "Checking index: " << Index->Describe()
++ << "(Trust level =" << l << ")\n";
++ }
++
++ if (l >= TrustLevel)
++ {
++ if (l > TrustLevel)
++ VerFileCandidates.clear ();
++ VerFileCandidates.push_back (Vf);
++ TrustLevel = l;
++ }
++
++ Vf++;
++ }
++ }
++
+ // Select a source
++ CurVerFile = VerFileCandidates.begin ();
+ if (QueueNext() == false && _error->PendingError() == false)
+ _error->Error(_("I wasn't able to locate file for the %s package. "
+ "This might mean you need to manually fix this package."),
+@@ -1310,22 +1363,15 @@
+ checking later. */
+ bool pkgAcqArchive::QueueNext()
+ {
+- for (; Vf.end() == false; Vf++)
++ while (CurVerFile != VerFileCandidates.end())
+ {
+- // Ignore not source sources
+- if ((Vf.File()->Flags & pkgCache::Flag::NotSource) != 0)
+- continue;
++ pkgCache::VerFileIterator Vf = *CurVerFile++;
+
+ // Try to cross match against the source list
+ pkgIndexFile *Index;
+ if (Sources->FindIndex(Vf.File(),Index) == false)
+ continue;
+
+- // only try to get a trusted package from another source if that source
+- // is also trusted
+- if(Trusted && !Index->IsTrusted())
+- continue;
+-
+ // Grab the text package record
+ pkgRecords::Parser &Parse = Recs->Lookup(Vf);
+ if (_error->PendingError() == true)
+@@ -1403,7 +1449,6 @@
+ Desc.ShortDesc = Version.ParentPkg().Name();
+ QueueURI(Desc);
+
+- Vf++;
+ return true;
+ }
+ return false;
+@@ -1480,7 +1525,7 @@
+ StringToBool(LookupTag(Message,"Transient-Failure"),false) == true)
+ {
+ // Vf = Version.FileList();
+- while (Vf.end() == false) Vf++;
++ CurVerFile = VerFileCandidates.end ();
+ StoreFilename = string();
+ Item::Failed(Message,Cnf);
+ return;
+@@ -1494,7 +1539,7 @@
+ StringToBool(LookupTag(Message,"Transient-Failure"),false) == true)
+ {
+ Retries--;
+- Vf = Version.FileList();
++ CurVerFile = VerFileCandidates.begin ();
+ if (QueueNext() == true)
+ return;
+ }
+@@ -1509,7 +1554,7 @@
+ // ---------------------------------------------------------------------
+ bool pkgAcqArchive::IsTrusted()
+ {
+- return Trusted;
++ return TrustLevel > 0;
+ }
+
+ // AcqArchive::Finished - Fetching has finished, tidy up /*{{{*/
+Index: apt-pkg/acquire-item.h
+===================================================================
+--- apt-pkg/acquire-item.h (revision 14885)
++++ apt-pkg/acquire-item.h (working copy)
+@@ -27,6 +27,7 @@
+ #include <apt-pkg/pkgrecords.h>
+ #include <apt-pkg/indexrecords.h>
+
++#include <list>
+
+ /** \addtogroup acquire
+ * @{
+@@ -787,8 +788,8 @@
+ */
+ string &StoreFilename;
+
+- /** \brief The next file for this version to try to download. */
+- pkgCache::VerFileIterator Vf;
++ std::list<pkgCache::VerFileIterator> VerFileCandidates;
++ std::list<pkgCache::VerFileIterator>::const_iterator CurVerFile;
+
+ /** \brief How many (more) times to try to find a new source from
+ * which to download this package version if it fails.
+@@ -797,10 +798,10 @@
+ */
+ unsigned int Retries;
+
+- /** \brief \b true if this version file is being downloaded from a
++ /** \brief \b Positive if this version file is being downloaded from a
+ * trusted source.
+ */
+- bool Trusted;
++ int TrustLevel;
+
+ /** \brief Queue up the next available file for this version. */
+ bool QueueNext();
+@@ -904,4 +905,28 @@
+
+ /** @} */
+
++/* For influencing the IsTrusted decision when acquiring a new version
++ of a package and for influencing which source is selected if the
++ highest version of a package is available from multiple sources.
++
++ The hook should return a integer indicating the 'trust level' that
++ a given index should be afforded for a given package. Indices with
++ higher trust levels will be preferred.
++
++ The default behavior is to use a trust level of zero for unsigned
++ repositories and a level of one for repositories with valid
++ signatures.
++
++ The IsTrusted predicate on a pkgAcqArchive object will return true
++ when the highest trust level is non-zero, false otherwise.
++
++ A trust level can be negative. In that case, the index will never
++ be considered as a source for the package.
++*/
++
++void
++apt_set_index_trust_level_for_package_hook (int (*hook)
++ (pkgIndexFile *Index,
++ const pkgCache::VerIterator &V));
++
+ #endif
- Previous message: [maemo-commits] r14885 - in projects/haf/trunk/apt: . apt-pkg debian
- Next message: [maemo-commits] r14887 - projects/haf/trunk
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]