From: Nicolas Frey <n.frey@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH proxmox v5 4/4] apt: check for local POM InRelease as fallback
Date: Thu, 23 Oct 2025 12:39:53 +0200 [thread overview]
Message-ID: <20251023103953.305810-5-n.frey@proxmox.com> (raw)
In-Reply-To: <20251023103953.305810-1-n.frey@proxmox.com>
Add local file fallback in case that the URI starts with `file://`,
which is useful if a POM repo is stored on a medium. This improves
UX by not necessarily needing to apt update to see immediate feedback
in the Repositories UI of pve/pbs.
If the medium is not present, the signature verification will simply
fail.
Signed-off-by: Nicolas Frey <n.frey@proxmox.com>
---
proxmox-apt/src/repositories/repository.rs | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/proxmox-apt/src/repositories/repository.rs b/proxmox-apt/src/repositories/repository.rs
index 1b3f010e..b8b2ecc4 100644
--- a/proxmox-apt/src/repositories/repository.rs
+++ b/proxmox-apt/src/repositories/repository.rs
@@ -396,12 +396,7 @@ fn write_stanza(repo: &APTRepository, w: &mut dyn Write) -> Result<(), Error> {
/// Reads file contents of cached/local POM InRelease file from uri
/// and key to verify pgp signature
fn is_signed_by_key(uri: &str, suite: &str, key_path: &str) -> bool {
- let data = match std::fs::read(&release_filename(
- Path::new("/var/lib/apt/lists"),
- uri,
- suite,
- false,
- )) {
+ let data = match read_inrelease(uri, suite) {
Ok(d) => d,
Err(err) => {
log::warn!("could not read InRelease file: {err}");
@@ -425,6 +420,20 @@ fn is_signed_by_key(uri: &str, suite: &str, key_path: &str) -> bool {
true
}
+/// Reads cached/local POM InRelease file
+fn read_inrelease(uri: &str, suite: &str) -> Result<Vec<u8>, Error> {
+ let path = release_filename(Path::new("/var/lib/apt/lists"), uri, suite, false);
+
+ if path.exists() {
+ std::fs::read(&path).map_err(Into::into)
+ } else if let Some(local_path) = uri.strip_prefix("file://") {
+ let inrelease_path = format!("{}/dists/{}/InRelease", local_path, suite);
+ std::fs::read(&inrelease_path).map_err(Into::into)
+ } else {
+ bail!("Unsupported URI scheme: {}", uri);
+ }
+}
+
#[test]
fn test_uri_to_filename() {
let filename = uri_to_filename("https://some_host/some/path");
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-10-23 10:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-23 10:39 [pve-devel] [PATCH proxmox v5 0/4] fix #5207: apt: check signage of repos with proxmox-pgp Nicolas Frey
2025-10-23 10:39 ` [pve-devel] [PATCH proxmox v5 1/4] add proxmox-pgp subcrate, move POM verifier code to it Nicolas Frey
2025-10-23 10:39 ` [pve-devel] [PATCH proxmox v5 2/4] fix #5207: apt: check signage of repos with proxmox-pgp Nicolas Frey
2025-10-23 14:24 ` Nicolas Frey
2025-10-23 10:39 ` [pve-devel] [PATCH proxmox v5 3/4] apt: add tests for POM release filenames Nicolas Frey
2025-10-23 10:39 ` Nicolas Frey [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251023103953.305810-5-n.frey@proxmox.com \
--to=n.frey@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.