diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2016-03-17 16:36:14 +0100 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2016-06-22 14:05:01 +0200 |
| commit | ab94dcece2465f824bea80fc9158bf9a028b2e87 (patch) | |
| tree | d4aed383e010d64ca5a689216b36ab28929c06a8 /apt-pkg/deb/debmetaindex.cc | |
| parent | 57f7fb6511fcc7c55ee7a88475d15385093c048e (diff) | |
handle weak-security repositories as unauthenticated
APT can be forced to deal with repositories which have no security
features whatsoever, so just giving up on repositories which "just" fail
our current criteria of good security features is the wrong incentive.
Of course, repositories are better of fixing their setup to provide the
minimum of security features, but sometimes this isn't possible:
Historic repositories for example which do not change (anymore).
That also fixes problem with repositories which are marked as trusted,
but are providing only weak security features which would fail the
parsing of the Release file.
Closes: 827364
Diffstat (limited to 'apt-pkg/deb/debmetaindex.cc')
| -rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index c70c39a45..0c9cde620 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -440,18 +440,13 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro } } + bool AuthPossible = false; if(FoundHashSum == false) - { - if (ErrorText != NULL) - strprintf(*ErrorText, _("No Hash entry in Release file %s"), Filename.c_str()); - return false; - } - if(FoundStrongHashSum == false) - { - if (ErrorText != NULL) - strprintf(*ErrorText, _("No Hash entry in Release file %s which is considered strong enough for security purposes"), Filename.c_str()); - return false; - } + _error->Warning(_("No Hash entry in Release file %s"), Filename.c_str()); + else if(FoundStrongHashSum == false) + _error->Warning(_("No Hash entry in Release file %s which is considered strong enough for security purposes"), Filename.c_str()); + else + AuthPossible = true; std::string const StrDate = Section.FindS("Date"); if (RFC1123StrToTime(StrDate.c_str(), Date) == false) @@ -539,8 +534,9 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro } } - LoadedSuccessfully = TRI_YES; - return true; + if (AuthPossible) + LoadedSuccessfully = TRI_YES; + return AuthPossible; } /*}}}*/ metaIndex * debReleaseIndex::UnloadedClone() const /*{{{*/ |