summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Vogt <mvo@debian.org>2014-05-30 14:47:56 +0200
committerMichael Vogt <mvo@ubuntu.com>2014-06-02 08:53:09 +0200
commita3f1d60cb75ab83f63a52a43c056a4752c8fdeb2 (patch)
tree00acd57805d51fe2422fe6b0d5bc4fcbaca6247e
parent7adaab0430308a17f1db279f0ebbed8068dd4308 (diff)
Show unauthenticated warning for source packages as well
This will show the same unauthenticated warning for source packages as for binary packages and will not download a source package if it is unauthenticated. This can be overridden with --allow-unauthenticated Closes: #749795
-rw-r--r--apt-private/private-download.cc5
-rw-r--r--apt-private/private-download.h6
-rw-r--r--cmdline/apt-get.cc9
-rwxr-xr-xtest/integration/test-apt-get-source-authenticated31
4 files changed, 51 insertions, 0 deletions
diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc
index a095f0c67..be7d23c31 100644
--- a/apt-private/private-download.cc
+++ b/apt-private/private-download.cc
@@ -28,6 +28,11 @@ bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
if (UntrustedList == "")
return true;
+ return AuthPrompt(UntrustedList, PromptUser);
+}
+
+bool AuthPrompt(std::string UntrustedList, bool const PromptUser)
+{
ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
diff --git a/apt-private/private-download.h b/apt-private/private-download.h
index a108aa531..a90ac7eaa 100644
--- a/apt-private/private-download.h
+++ b/apt-private/private-download.h
@@ -5,7 +5,13 @@
class pkgAcquire;
+// Check if all files in the fetcher are authenticated
APT_PUBLIC bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser);
+
+// show a authentication warning prompt and return true if the system
+// should continue
+APT_PUBLIC bool AuthPrompt(std::string UntrustedList, bool const PromptUser);
+
APT_PUBLIC bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure);
#endif
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index 0f18b0e7c..a58386eb0 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -76,6 +76,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/statfs.h>
#include <sys/statvfs.h>
@@ -755,6 +756,7 @@ static bool DoSource(CommandLine &CmdL)
// Load the requestd sources into the fetcher
unsigned J = 0;
+ std::string UntrustedList;
for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++)
{
string Src;
@@ -763,6 +765,9 @@ static bool DoSource(CommandLine &CmdL)
if (Last == 0) {
return _error->Error(_("Unable to find a source package for %s"),Src.c_str());
}
+
+ if (Last->Index().IsTrusted() == false)
+ UntrustedList += Src + " ";
string srec = Last->AsStr();
string::size_type pos = srec.find("\nVcs-");
@@ -846,6 +851,10 @@ static bool DoSource(CommandLine &CmdL)
Last->Index().SourceInfo(*Last,*I),Src);
}
}
+
+ // check authentication status of the source as well
+ if (UntrustedList != "" && !AuthPrompt(UntrustedList, false))
+ return false;
// Display statistics
unsigned long long FetchBytes = Fetcher.FetchNeeded();
diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated
new file mode 100755
index 000000000..2cee13923
--- /dev/null
+++ b/test/integration/test-apt-get-source-authenticated
@@ -0,0 +1,31 @@
+#!/bin/sh
+#
+# Regression test for debian bug #749795. Ensure that we fail with
+# a error if apt-get source foo will download a source that comes
+# from a unauthenticated repository
+#
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+# a "normal" package with source and binary
+buildsimplenativepackage 'foo' 'all' '2.0'
+
+setupaptarchive --no-update
+
+APTARCHIVE=$(readlink -f ./aptarchive)
+rm -f $APTARCHIVE/dists/unstable/*Release*
+
+# update without authenticated InRelease file
+testsuccess aptget update
+
+# this all should fail
+testfailure aptget install -y foo
+testfailure aptget source foo
+
+# allow overriding the warning
+testsuccess aptget source --allow-unauthenticated foo