summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2019-02-01 14:43:52 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2019-02-05 13:34:00 +0100
commitd75162bc67d5a1a690eb2a8747d31ad68353823e (patch)
tree3eecd82a60d1874bd79c66ed28896a83f30d7b46 /apt-pkg/contrib
parentf52e7a2040f461fb37f88751f5a42a5d5c130441 (diff)
Add a Packages-Require-Authorization Release file field
This new field allows a repository to declare that access to packages requires authorization. The current implementation will set the pin to -32768 if no authorization has been provided in the auth.conf(.d) files. This implementation is suboptimal in two aspects: (1) A repository should behave more like NotSource repositories (2) We only have the host name for the repository, we cannot use paths yet. - We can fix those after an ABI break. The code also adds a check to acquire-item.cc to not use the specified repository as a download source, mimicking NotSource. (cherry picked from commit c2b9b0489538fed4770515bd8853a960b13a2618) LP: #1814727
Diffstat (limited to 'apt-pkg/contrib')
-rw-r--r--apt-pkg/contrib/netrc.cc44
-rw-r--r--apt-pkg/contrib/netrc.h4
2 files changed, 48 insertions, 0 deletions
diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index 84b4c0ed8..48114ba3c 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -13,6 +13,7 @@
#include <config.h>
#include <apt-pkg/configuration.h>
+#include <apt-pkg/error.h>
#include <apt-pkg/fileutl.h>
#include <apt-pkg/strutl.h>
@@ -149,3 +150,46 @@ void maybe_add_auth(URI &Uri, std::string NetRCFile)
if (fd.Open(NetRCFile, FileFd::ReadOnly))
MaybeAddAuth(fd, Uri);
}
+
+/* Check if we are authorized. */
+bool IsAuthorized(pkgCache::PkgFileIterator const I, std::vector<std::unique_ptr<FileFd>> &authconfs)
+{
+ if (authconfs.empty())
+ {
+ _error->PushToStack();
+ auto const netrc = _config->FindFile("Dir::Etc::netrc");
+ if (not netrc.empty())
+ {
+ authconfs.emplace_back(new FileFd());
+ authconfs.back()->Open(netrc, FileFd::ReadOnly);
+ }
+
+ auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts");
+ if (not netrcparts.empty())
+ {
+ for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true))
+ {
+ authconfs.emplace_back(new FileFd());
+ authconfs.back()->Open(netrc, FileFd::ReadOnly);
+ }
+ }
+ _error->RevertToStack();
+ }
+
+ // FIXME: Use the full base url
+ URI uri(std::string("http://") + I.Site() + "/");
+ for (auto &authconf : authconfs)
+ {
+ if (not authconf->IsOpen())
+ continue;
+ if (not authconf->Seek(0))
+ continue;
+
+ MaybeAddAuth(*authconf, uri);
+
+ if (not uri.User.empty() || not uri.Password.empty())
+ return true;
+ }
+
+ return false;
+}
diff --git a/apt-pkg/contrib/netrc.h b/apt-pkg/contrib/netrc.h
index 981494064..80d95acc1 100644
--- a/apt-pkg/contrib/netrc.h
+++ b/apt-pkg/contrib/netrc.h
@@ -13,9 +13,12 @@
#ifndef NETRC_H
#define NETRC_H
+#include <memory>
#include <string>
+#include <vector>
#include <apt-pkg/macros.h>
+#include <apt-pkg/pkgcache.h>
#ifndef APT_8_CLEANER_HEADERS
#include <apt-pkg/strutl.h>
@@ -32,4 +35,5 @@ class FileFd;
APT_DEPRECATED_MSG("Use FileFd-based MaybeAddAuth instead")
void maybe_add_auth(URI &Uri, std::string NetRCFile);
bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri);
+bool IsAuthorized(pkgCache::PkgFileIterator const I, std::vector<std::unique_ptr<FileFd>> &authconfs) APT_HIDDEN;
#endif