From: Nicolas Frey <n.frey@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH proxmox v7 4/4] apt: check for local POM InRelease as fallback
Date: Thu, 20 Nov 2025 09:00:59 +0100 [thread overview]
Message-ID: <20251120080059.79547-5-n.frey@proxmox.com> (raw)
In-Reply-To: <20251120080059.79547-1-n.frey@proxmox.com>
Signed-off-by: Nicolas Frey <n.frey@proxmox.com>
---
No changes since v6
proxmox-apt/src/repositories/repository.rs | 24 ++++++++++++++--------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/proxmox-apt/src/repositories/repository.rs b/proxmox-apt/src/repositories/repository.rs
index 066b71a3..7fd13e02 100644
--- a/proxmox-apt/src/repositories/repository.rs
+++ b/proxmox-apt/src/repositories/repository.rs
@@ -396,21 +396,27 @@ fn write_stanza(repo: &APTRepository, w: &mut dyn Write) -> Result<(), Error> {
/// Reads file contents of cached/local POM InRelease file from uri
/// and key to verify pgp signature
fn is_signed_by_key(uri: &str, suite: &str, key_path: &str) -> bool {
- let (Ok(data), Ok(key)) = (
- std::fs::read(release_filename(
- Path::new("/var/lib/apt/lists"),
- uri,
- suite,
- false,
- )),
- std::fs::read(key_path),
- ) else {
+ let (Ok(data), Ok(key)) = (read_inrelease(uri, suite), std::fs::read(key_path)) else {
return false;
};
verify_signature(&data, &key, None, &WeakCryptoConfig::default()).is_ok()
}
+/// Reads cached/local POM InRelease file
+fn read_inrelease(uri: &str, suite: &str) -> Result<Vec<u8>, Error> {
+ let path = release_filename(Path::new("/var/lib/apt/lists"), uri, suite, false);
+
+ if path.exists() {
+ std::fs::read(&path).map_err(Into::into)
+ } else if let Some(local_path) = uri.strip_prefix("file://") {
+ let inrelease_path = format!("{local_path}/dists/{suite}/InRelease");
+ std::fs::read(&inrelease_path).map_err(Into::into)
+ } else {
+ bail!("Unsupported URI scheme: {uri}");
+ }
+}
+
#[test]
fn test_uri_to_filename() {
let filename = uri_to_filename("https://some_host/some/path");
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-11-20 8:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-20 8:00 [pve-devel] [PATCH proxmox v7 0/4] fix #5207: apt: check signature of repos with proxmox-pgp Nicolas Frey
2025-11-20 8:00 ` [pve-devel] [PATCH proxmox v7 1/4] add proxmox-pgp subcrate, move POM verifier code to it Nicolas Frey
2025-11-20 8:00 ` [pve-devel] [PATCH proxmox v7 2/4] fix #5207: apt: check signature of repos with proxmox-pgp Nicolas Frey
2025-11-20 8:00 ` [pve-devel] [PATCH proxmox v7 3/4] apt: add tests for POM release filenames Nicolas Frey
2025-11-20 8:00 ` Nicolas Frey [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251120080059.79547-5-n.frey@proxmox.com \
--to=n.frey@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.