Add a Packages-Require-Authorization Release file field

This new field allows a repository to declare that access to
packages requires authorization. The current implementation will
set the pin to -32768 if no authorization has been provided in
the auth.conf(.d) files.

This implementation is suboptimal in two aspects:
(1) A repository should behave more like NotSource repositories
(2) We only have the host name for the repository, we cannot use
    paths yet.

- We can fix those after an ABI break.

The code also adds a check to acquire-item.cc to not use the
specified repository as a download source, mimicking NotSource.

(cherry picked from commit c2b9b0489538fed4770515bd8853a960b13a2618)
LP: #1814727
(cherry picked from commit d75162bc67d5a1a690eb2a8747d31ad68353823e)

1 files changed, 5 insertions, 1 deletions

diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc
index 097373935..f1ffa7440 100644
--- a/apt-pkg/policy.cc
+++ b/apt-pkg/policy.cc
@@ -19,6 +19,7 @@
 #include <apt-pkg/configuration.h>
 #include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
+#include <apt-pkg/netrc.h>
 #include <apt-pkg/pkgcache.h>
 #include <apt-pkg/policy.h>
 #include <apt-pkg/strutl.h>
@@ -88,7 +89,8 @@ pkgPolicy::pkgPolicy(pkgCache *Owner) : Pins(nullptr), VerPins(nullptr),
 // ---------------------------------------------------------------------
 /* */
 bool pkgPolicy::InitDefaults()
-{   
+{
+   std::vector<std::unique_ptr<FileFd>> authconfs;
    // Initialize the priorities based on the status of the package file
    for (pkgCache::PkgFileIterator I = Cache->FileBegin(); I != Cache->FileEnd(); ++I)
    {
@@ -99,6 +101,8 @@ bool pkgPolicy::InitDefaults()
 	 PFPriority[I->ID] = 100;
       else if (I.Flagged(pkgCache::Flag::NotAutomatic))
 	 PFPriority[I->ID] = 1;
+      if (I.Flagged(pkgCache::Flag::PackagesRequireAuthorization) && !IsAuthorized(I, authconfs))
+	 PFPriority[I->ID] = NEVER_PIN;
    }
 
    // Apply the defaults..