diff options
| author | David Kalnischkies <kalnischkies@gmail.com> | 2013-09-26 13:32:49 +0200 |
|---|---|---|
| committer | David Kalnischkies <kalnischkies@gmail.com> | 2013-09-26 14:02:08 +0200 |
| commit | 6c34cccad778bd8db0ce03b7596cbef03afa9688 (patch) | |
| tree | 1801df1d599468a9eb8cc69ce684d53287f51b98 | |
| parent | b4140ecf132d15adf740f23330054b6788d4f9a6 (diff) | |
pkg from only trusted sources keeps being trusted
--allow-unauthenticated switches the download to a pre-0.6 system in
which a package can come from any source, rather than that trusted
packages can only come from trusted sources.
To allow this the flag used to set all packages as untrusted, which is a
bit much, so we check now if the package can be acquired via an
untrusted source and only if this is the case set it as untrusted.
As APT nowadays supports setting sources as trusted via a flag in the
sources.list this mode shouldn't be used that much anymore though.
[Note that this is not the patch from the BTS]
Closes: 617690
| -rw-r--r-- | apt-pkg/acquire-item.cc | 23 | ||||
| -rwxr-xr-x | test/integration/test-bug-596498-trusted-unsigned-repo | 9 | ||||
| -rwxr-xr-x | test/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted | 52 |
3 files changed, 76 insertions, 8 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 97b2d1e29..222b78671 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1719,27 +1719,34 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *Owner,pkgSourceList *Sources, } // check if we have one trusted source for the package. if so, switch - // to "TrustedOnly" mode + // to "TrustedOnly" mode - but only if not in AllowUnauthenticated mode + bool const allowUnauth = _config->FindB("APT::Get::AllowUnauthenticated", false); + bool const debugAuth = _config->FindB("Debug::pkgAcquire::Auth", false); + bool seenUntrusted = false; for (pkgCache::VerFileIterator i = Version.FileList(); i.end() == false; ++i) { pkgIndexFile *Index; if (Sources->FindIndex(i.File(),Index) == false) continue; - if (_config->FindB("Debug::pkgAcquire::Auth", false)) - { + + if (debugAuth == true) std::cerr << "Checking index: " << Index->Describe() - << "(Trusted=" << Index->IsTrusted() << ")\n"; - } - if (Index->IsTrusted()) { + << "(Trusted=" << Index->IsTrusted() << ")" << std::endl; + + if (Index->IsTrusted() == true) + { Trusted = true; - break; + if (allowUnauth == false) + break; } + else + seenUntrusted = true; } // "allow-unauthenticated" restores apts old fetching behaviour // that means that e.g. unauthenticated file:// uris are higher // priority than authenticated http:// uris - if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true) + if (allowUnauth == true && seenUntrusted == true) Trusted = false; // Select a source diff --git a/test/integration/test-bug-596498-trusted-unsigned-repo b/test/integration/test-bug-596498-trusted-unsigned-repo index 5c643c40e..06c9c8285 100755 --- a/test/integration/test-bug-596498-trusted-unsigned-repo +++ b/test/integration/test-bug-596498-trusted-unsigned-repo @@ -21,6 +21,9 @@ DEBFILE='rootdir/etc/apt/sources.list.d/apt-test-unstable-deb.list' testequal "$PKGTEXT Download complete and in download only mode" aptget install cool --assume-no -d +testequal "$PKGTEXT +Download complete and in download only mode" aptget install cool --assume-no -d --allow-unauthenticated + sed -i -e 's#deb#deb [trusted=no]#' $DEBFILE aptgetupdate @@ -40,6 +43,12 @@ WARNING: The following packages cannot be authenticated! Install these packages without verification? [y/N] N E: Some packages could not be authenticated" aptget install cool --assume-no -d +testequal "$PKGTEXT +WARNING: The following packages cannot be authenticated! + cool +Authentication warning overridden. +Download complete and in download only mode" aptget install cool --assume-no -d --allow-unauthenticated + sed -i -e 's#deb#deb [trusted=yes]#' $DEBFILE aptgetupdate diff --git a/test/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted b/test/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted new file mode 100755 index 000000000..1c2514938 --- /dev/null +++ b/test/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted @@ -0,0 +1,52 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'i386' + +buildsimplenativepackage 'cool' 'i386' '1.0' 'unstable' + +setupaptarchive --no-update + +testfileexists() { + msgtest 'Test for existance of file' "$1" + test -e "$1" && msgpass || msgfail + rm -f "$1" +} + +testfilemissing() { + msgtest 'Test for non-existance of file' "$1" + test -e "$1" && msgfail || msgpass + rm -f "$1" +} + +testrun() { + rm -rf rootdir/var/lib/apt + testsuccess aptget update + + testsuccess aptget download cool + testfileexists 'cool_1.0_i386.deb' + + mv aptarchive/pool/cool_1.0_i386.deb aptarchive/pool/cool_1.0_i386.deb.bak + echo 'this is not a good package' > aptarchive/pool/cool_1.0_i386.deb + # FIXME: apt-get download should exit non-zero if download fails + aptget download cool + testfilemissing cool_1.0_i386.deb + + # FIXME: apt-get download should exit non-zero if download fails + aptget download cool --allow-unauthenticated # unauthenticated doesn't mean unchecked + testfilemissing cool_1.0_i386.deb + + rm -f aptarchive/pool/cool_1.0_i386.deb + mv aptarchive/pool/cool_1.0_i386.deb.bak aptarchive/pool/cool_1.0_i386.deb + testsuccess aptget download cool --allow-unauthenticated + testfileexists 'cool_1.0_i386.deb' +} + +testrun + +find aptarchive/ \( -name 'Release.gpg' -o -name 'InRelease' \) -delete +# FIXME: apt-get download should warn about untrusted downloads +testrun |