diff options
author | Julien Cristau <jcristau@debian.org> | 2016-10-20 07:19:16 (GMT) |
---|---|---|
committer | Julien Cristau <jcristau@debian.org> | 2016-10-20 07:22:41 (GMT) |
commit | 901022bcb8ad256b8d614762b2ce4210705f3207 (patch) | |
tree | f4edec88081ed615b71fca64b2d4b26afe53514f | |
parent | 9e8bc60ad1ccf3a25ce7890526b70059f3e770de (diff) | |
download | debootstrap-901022bcb8ad256b8d614762b2ce4210705f3207.zip debootstrap-901022bcb8ad256b8d614762b2ce4210705f3207.tar.gz debootstrap-901022bcb8ad256b8d614762b2ce4210705f3207.tar.bz2 |
Refactor (In)Release(.gpg) download
- make a separate split_inline_sig function
- move downloading all three files to download_release_sig
- don't check InRelease signature if signature checking is disabled
Thanks to Ansgar Burchardt for the suggestions.
Signed-off-by: Julien Cristau <jcristau@debian.org>
-rw-r--r-- | functions | 68 |
1 files changed, 37 insertions, 31 deletions
@@ -526,18 +526,46 @@ validate_suite () { fi } -download_release_sig () { - local m1="$1" +split_inline_sig () { + local inreldest="$1" local reldest="$2" local relsigdest="$3" + sed -n '/^-----BEGIN PGP SIGNATURE-----$/,/^-----END PGP SIGNATURE-----$/p' < \ + "$inreldest" > "$relsigdest" + # We assume \a does not appear in the Release file, and strip + # the last \n through the tr round-trip. + sed '/^-----BEGIN PGP SIGNED MESSAGE-----$/,/^$/ d + /^-----BEGIN PGP SIGNATURE-----$/,/^-----END PGP SIGNATURE-----$/ d + ' < "$inreldest" | + tr '\n' '\a' | sed 's/\a$//' | tr '\a' '\n' > "$reldest" +} + +download_release_sig () { + local m1="$1" + local inreldest="$2" + local reldest="$3" + local relsigdest="$4" + + progress 0 100 DOWNREL "Downloading Release file" + progress_next 100 + if get "$m1/dists/$SUITE/InRelease" "$inreldest" nocache; then + split_inline_sig "$inreldest" "$reldest" "$relsigdest" + progress 100 100 DOWNREL "Downloading Release file" + else + get "$m1/dists/$SUITE/Release" "$reldest" nocache || + error 1 NOGETREL "Failed getting release file %s" "$m1/dists/$SUITE/Release" + progress 100 100 DOWNREL "Downloading Release file" + fi if [ -n "$KEYRING" ] && [ -z "$DISABLE_KEYRING" ]; then progress 0 100 DOWNRELSIG "Downloading Release file signature" - progress_next 50 - get "$m1/dists/$SUITE/Release.gpg" "$relsigdest" nocache || - error 1 NOGETRELSIG "Failed getting release signature file %s" \ - "$m1/dists/$SUITE/Release.gpg" - progress 50 100 DOWNRELSIG "Downloading Release file signature" + if ! [ -f "$relsigdest" ]; then + progress_next 50 + get "$m1/dists/$SUITE/Release.gpg" "$relsigdest" nocache || + error 1 NOGETRELSIG "Failed getting release signature file %s" \ + "$m1/dists/$SUITE/Release.gpg" + progress 50 100 DOWNRELSIG "Downloading Release file signature" + fi info RELEASESIG "Checking Release signature" # Don't worry about the exit status from gpgv; parsing the output will @@ -550,33 +578,11 @@ download_release_sig () { download_release_indices () { local m1="${MIRRORS%% *}" - local reldest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/Release")" local inreldest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/InRelease")" + local reldest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/Release")" local relsigdest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/Release.gpg")" - progress 0 100 DOWNREL "Downloading Release file" - progress_next 100 - if get "$m1/dists/$SUITE/InRelease" "$inreldest" nocache; then - sed -n '/^-----BEGIN PGP SIGNATURE-----$/,/^-----END PGP SIGNATURE-----$/p' < \ - "$inreldest" > "$relsigdest" - # We assume \a does not appear in the Release file, and strip - # the last \n through the tr round-trip. - sed '/^-----BEGIN PGP SIGNED MESSAGE-----$/,/^$/ d - /^-----BEGIN PGP SIGNATURE-----$/,/^-----END PGP SIGNATURE-----$/ d - ' < "$inreldest" | - tr '\n' '\a' | sed 's/\a$//' | tr '\a' '\n' > "$reldest" - progress 100 100 DOWNREL "Downloading Release file" - info RELEASESIG "Checking Release signature" - # Don't worry about the exit status from gpgv; parsing the output will - # take care of that. - (gpgv --status-fd 1 --keyring "$KEYRING" --ignore-time-conflict \ - "$relsigdest" "$reldest" || true) | read_gpg_status - else - get "$m1/dists/$SUITE/Release" "$reldest" nocache || - error 1 NOGETREL "Failed getting release file %s" "$m1/dists/$SUITE/Release" - progress 100 100 DOWNREL "Downloading Release file" - download_release_sig "$m1" "$reldest" "$relsigdest" - fi + download_release_sig "$m1" "$inreldest" "$reldest" "$relsigdest" validate_suite "$reldest" |