vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-05-30 04:20:53 +00:00
Code Issues Projects Releases Wiki Activity

Security: don't download files we don't have checksums for. #324

Browse Source
This commit is contained in:
Andrey Smirnov
2015-12-22 13:52:53 +03:00
parent ca319c804e
commit 631fe44c6b
6 changed files with 4 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
http/download.go
+4
View File
@@ -327,6 +327,10 @@ func DownloadTryCompression(downloader aptly.Downloader, url string, expectedChe
} }
if !foundChecksum { if !foundChecksum {
if !ignoreMismatch {
continue
}
file, err = DownloadTemp(downloader, tryURL) file, err = DownloadTemp(downloader, tryURL)
} }
system/t04_mirror/UpdateMirror10Test_gold
-2
View File
@@ -5,11 +5,9 @@ Building download queue...
Download queue: 4 items (287.73 KiB) Download queue: 4 items (287.73 KiB)
Downloading & parsing package files... Downloading & parsing package files...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/InRelease... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/InRelease...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Packages.bz2...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Packages.gz... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Packages.gz...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release.gpg... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release.gpg...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Sources.bz2...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Sources.gz... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Sources.gz...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/amd64/ferrisloki-dev_3.0.1-1_amd64.deb... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/amd64/ferrisloki-dev_3.0.1-1_amd64.deb...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/amd64/ferrisloki1_3.0.1-1_amd64.deb... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/amd64/ferrisloki1_3.0.1-1_amd64.deb...
system/t04_mirror/UpdateMirror3Test_gold
-2
View File
@@ -1,6 +1,4 @@
Downloading ${url}dists/hardy/Release... Downloading ${url}dists/hardy/Release...
Downloading & parsing package files... Downloading & parsing package files...
Downloading ${url}dists/hardy/main/binary-amd64/Packages.bz2...
Downloading ${url}dists/hardy/main/binary-amd64/Packages.gz...
Downloading ${url}dists/hardy/main/binary-amd64/Packages... Downloading ${url}dists/hardy/main/binary-amd64/Packages...
ERROR: unable to update: ${url}dists/hardy/main/binary-amd64/Packages: sha256 hash mismatch "494414ded24da13c451b13b424928821351c78fce49f93d9e1b55f102790c206" != "8a21688ae769f2b4ffcaa366409f679d" ERROR: unable to update: ${url}dists/hardy/main/binary-amd64/Packages: sha256 hash mismatch "494414ded24da13c451b13b424928821351c78fce49f93d9e1b55f102790c206" != "8a21688ae769f2b4ffcaa366409f679d"
system/t04_mirror/UpdateMirror5Test_gold
-2
View File
@@ -1,7 +1,5 @@
Downloading ${url}dists/hardy/Release... Downloading ${url}dists/hardy/Release...
Downloading & parsing package files... Downloading & parsing package files...
Downloading ${url}dists/hardy/main/binary-amd64/Packages.bz2...
Downloading ${url}dists/hardy/main/binary-amd64/Packages.gz...
Downloading ${url}dists/hardy/main/binary-amd64/Packages... Downloading ${url}dists/hardy/main/binary-amd64/Packages...
Building download queue... Building download queue...
Download queue: 1 items (30 B) Download queue: 1 items (30 B)
system/t04_mirror/UpdateMirror7Test_gold
-1
View File
@@ -4,7 +4,6 @@ Building download queue...
Download queue: 6 items (292.29 KiB) Download queue: 6 items (292.29 KiB)
Downloading & parsing package files... Downloading & parsing package files...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/InRelease... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/InRelease...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Packages.bz2...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Packages.gz... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Packages.gz...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release.gpg... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release.gpg...
system/t04_mirror/UpdateMirror9Test_gold
-2
View File
@@ -4,11 +4,9 @@ Building download queue...
Download queue: 12 items (0.73 MiB) Download queue: 12 items (0.73 MiB)
Downloading & parsing package files... Downloading & parsing package files...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/InRelease... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/InRelease...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Packages.bz2...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Packages.gz... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Packages.gz...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release.gpg... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Release.gpg...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Sources.bz2...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Sources.gz... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/Sources.gz...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/amd64/ferrisloki-dev_3.0.1-1_amd64.deb... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/amd64/ferrisloki-dev_3.0.1-1_amd64.deb...
Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/amd64/ferrisloki1_3.0.1-1_amd64.deb... Downloading http://download.opensuse.org/repositories/home:/monkeyiq/Debian_7.0/amd64/ferrisloki1_3.0.1-1_amd64.deb...