summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <kalnischkies@gmail.com>2010-06-09 10:46:35 +0200
committerDavid Kalnischkies <kalnischkies@gmail.com>2010-06-09 10:46:35 +0200
commitb02fffa64833e1f8e2617669d89de0a6d0882747 (patch)
tree0d3289bf1d913ee9d2313e0fcae6071f943d43bc
parent96cc64a521957d63704de72ed95f1c839698c53c (diff)
rename the options, document them and reorder the changelog a bit
-rw-r--r--apt-pkg/indexrecords.cc4
-rw-r--r--debian/changelog24
-rw-r--r--doc/apt.conf.5.xml24
-rw-r--r--doc/examples/configure-index4
4 files changed, 46 insertions, 10 deletions
diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc
index cdc2897bf..3bde7437d 100644
--- a/apt-pkg/indexrecords.cc
+++ b/apt-pkg/indexrecords.cc
@@ -104,9 +104,9 @@ bool indexRecords::Load(const string Filename) /*{{{*/
}
}
// get the user settings for this archive and use what expires earlier
- int MaxAge = _config->FindI("APT::Acquire::Max-Default-Age", 0);
+ int MaxAge = _config->FindI("Acquire::Max-ValidTime", 0);
if (Label.empty() == true)
- MaxAge = _config->FindI(string("APT::Acquire::Max-Default-Age::" + Label).c_str(), MaxAge);
+ MaxAge = _config->FindI(string("Acquire::Max-ValidTime::" + Label).c_str(), MaxAge);
if(MaxAge == 0) // No user settings, use the one from the Release file
return true;
diff --git a/debian/changelog b/debian/changelog
index 049999230..c3f7a3e25 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,25 @@
-apt (0.7.26~exp5) experimental; urgency=low
+apt (0.7.26~exp6) UNRELEASED; urgency=low
[ David Kalnischkies ]
+ * doc/apt.conf.5.xml:
+ - document the new Valid-Until related options
* apt-pkg/indexrecords.cc:
- backport forgotten Valid-Until patch from the obsolete experimental
branch to prevent replay attacks better, thanks to Thomas Viehmann
for the initial patch! (Closes: #499897)
+ * apt-pkg/contrib/strutl.cc:
+ - split StrToTime() into HTTP1.1 and FTP date parser methods and
+ use strptime() instead of some self-made scanf mangling
+ - use the portable timegm shown in his manpage instead of a strange
+ looking code copycat from wget
+ * ftparchive/writer.cc:
+ - add ValidTime option to generate a Valid-Until header in Release file
+
+ -- David Kalnischkies <kalnischkies@gmail.com> Wed, 09 Jun 2010 10:43:58 +0200
+
+apt (0.7.26~exp5) experimental; urgency=low
+
+ [ David Kalnischkies ]
* cmdline/apt-get.cc:
- rerun dpkg-source in source if --fix-broken is given (Closes: #576752)
- don't suggest held packages as they are installed (Closes: #578135)
@@ -44,13 +59,6 @@ apt (0.7.26~exp5) experimental; urgency=low
- add 'disappear' to the known processing states, thanks Jonathan Nieder
* apt-pkg/packagemanager.h:
- export info about disappeared packages with GetDisappearedPackages()
- * apt-pkg/contrib/strutl.cc:
- - split StrToTime() into HTTP1.1 and FTP date parser methods and
- use strptime() instead of some selfmade scanf mangling
- - use the portable timegm shown in his manpage instead of a strange
- looking code copycat from wget
- * ftparchive/writer.cc:
- - add ValidTime option to generate a Valid-Until header in Release file
[ Michael Vogt ]
* methods/http.{cc,h}:
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index fe005e0f1..0cf4bb663 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -230,6 +230,30 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
and the URI handlers.
<variablelist>
+ <varlistentry><term>Check-Valid-Until</term>
+ <listitem><para>Security related option defaulting to true as an
+ expiring validation for a Release file prevents longtime replay attacks
+ and can e.g. also help users to identify no longer updated mirrors -
+ but the feature depends on the correctness of the time on the user system.
+ Archive maintainers are encouraged to create Release files with the
+ <literal>Valid-Until</literal> header, but if they don't or a stricter value
+ is volitional the following <literal>Max-ValidTime</literal> option can be used.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry><term>Max-ValidTime</term>
+ <listitem><para>Seconds the Release file should be considered valid after
+ it was created. The default is "for ever" (0) if the Release file of the
+ archive doesn't include a <literal>Valid-Until</literal> header.
+ If it does then this date is the default. The date from the Release file or
+ the date specified by the creation time of the Release file
+ (<literal>Date</literal> header) plus the seconds specified with this
+ options are used to check if the validation of a file has expired by using
+ the earlier date of the two. Archive specific settings can be made by
+ appending the label of the archive to the option name.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry><term>PDiffs</term>
<listitem><para>Try to download deltas called <literal>PDiffs</literal> for
Packages or Sources files instead of downloading whole ones. True
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index d168417d8..127feb9e9 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -176,6 +176,10 @@ Acquire
PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess
// 50% of the size of the original file
+ Check-Valid-Until "true";
+ Max-ValidTime "864000"; // 10 days
+ Max-ValidTime::Debian-Security "604800"; // 7 days, label specific configuration
+
// HTTP method configuration
http
{