Superseded-by: https://lore.proxmox.com/pve-devel/[email protected]/T/#u
On 10/17/25 12:10 PM, Nicolas Frey wrote: > If POM is set up to mirror the PVE repository and only this repository > is added on a PVE host, the `Repositories` panel will show an `Error` > status with the message: > > `No Proxmox VE repository is enabled, you do not get any updates!` > > This is because the current implementation only checks if the uri of > the repo matches that of one of the standard repos. > > This patch aims to fix this issue by verifying it through signage > info via gpgv. Checking against the cached InRelease file at > `/var/lib/apt/lists/` with the help of the function `release_filename` > to encode the uri into the filename generated by APT's URItoFileName > in contrib/strutl.cc. > > Added tests to ensure common file paths for POM would be encoded > correctly. > > Fixes: https://bugzilla.proxmox.com/show_bug.cgi?id=5207 > Signed-off-by: Nicolas Frey <[email protected]> > --- > proxmox-apt/src/repositories/repository.rs | 50 ++++++++++++++++++++-- > 1 file changed, 46 insertions(+), 4 deletions(-) > > diff --git a/proxmox-apt/src/repositories/repository.rs > b/proxmox-apt/src/repositories/repository.rs > index 24e7943b..a460f5e7 100644 > --- a/proxmox-apt/src/repositories/repository.rs > +++ b/proxmox-apt/src/repositories/repository.rs > @@ -122,18 +122,20 @@ impl APTRepositoryImpl for APTRepository { > product: &str, > suite: &str, > ) -> bool { > - let (package_type, handle_uris, component, _key) = > handle.info(product); > + let (package_type, handle_uris, component, key) = > handle.info(product); > > - let mut found_uri = false; > + let mut found_uri_or_signed = false; > > for uri in self.uris.iter() { > let uri = uri.trim_end_matches('/'); > > - found_uri = found_uri || handle_uris.iter().any(|handle_uri| > handle_uri == uri); > + found_uri_or_signed = found_uri_or_signed > + || handle_uris.iter().any(|handle_uri| handle_uri == uri) > + || gpg_signed(uri, suite, key); > } > > self.types.contains(&package_type) > - && found_uri > + && found_uri_or_signed > // using contains would require a &String > && self.suites.iter().any(|self_suite| self_suite == suite) > && self.components.contains(&component) > @@ -389,8 +391,48 @@ fn write_stanza(repo: &APTRepository, w: &mut dyn Write) > -> Result<(), Error> { > Ok(()) > } > > +fn gpg_signed(uri: &str, suite: &str, key: &str) -> bool { > + release_filename(Path::new("/var/lib/apt/lists"), uri, suite, false) > + .to_str() > + .is_some_and(|cached_file| { > + std::process::Command::new("gpgv") > + .args(["--keyring", key, cached_file]) > + .output() > + .is_ok_and(|output| output.status.success()) > + }) > +} > + > #[test] > fn test_uri_to_filename() { > let filename = uri_to_filename("https://some_host/some/path";); > assert_eq!(filename, "some%5fhost_some_path".to_string()); > } > + > +#[test] > +fn test_release_filename() { > + let data = [ > + // testcase for proxmox offline mirror (mounted) > + ( > + Path::new("/var/lib/apt/lists"), > + "file:///mnt/mirror/pve-no-subscription/2025-10-16T08:07:41Z", > + "trixie", > + false, > + // expected > + > "/var/lib/apt/lists/_mnt_mirror_pve-no-subscription_2025-10-16T08:07:41Z_dists_trixie_InRelease" > + ), > + // testcase for proxmox offline mirror (local http server) > + ( > + Path::new("/var/lib/apt/lists"), > + > "http://proxmox-offline-mirror.domain.example/pve-subscription/2025-10-16T08:07:41Z";, > + "trixie", > + false, > + // expected > + > "/var/lib/apt/lists/proxmox-offline-mirror.domain.example_pve-subscription_2025-10-16T08:07:41Z_dists_trixie_InRelease" > + ), > + ]; > + > + for d in data { > + let filename = release_filename(d.0, d.1, d.2, d.3).to_str(); > + assert_eq!(filename, Some(d.4)); > + } > +} _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
