Merge branch 'pu/dead-pin' into 'master'

A pin of -32768 overrides any other, disables repo See merge request apt-team/apt!40
author: Julian Andres Klode <jak@debian.org> 2019-02-04 12:44:08 +0000
committer: Julian Andres Klode <jak@debian.org> 2019-02-04 12:44:08 +0000
commit: 3a015964dd56edf897ee062b2eafa2cfc0584380 (patch)
tree: b7c47f960d6281195ea7fd3f90a6404b939df134 /apt-pkg
parent: d5dcc2e9d3008b57c3fae0bcb5b1c2a197f5430c (diff)
parent: c2b9b0489538fed4770515bd8853a960b13a2618 (diff)
6 files changed, 83 insertions, 7 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 755e1fb59..bb3bc1b56 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -25,6 +25,7 @@
 #include <apt-pkg/hashes.h>
 #include <apt-pkg/indexfile.h>
 #include <apt-pkg/metaindex.h>
+#include <apt-pkg/netrc.h>
 #include <apt-pkg/pkgcache.h>
 #include <apt-pkg/pkgrecords.h>
 #include <apt-pkg/sourcelist.h>
@@ -3394,6 +3395,7 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *const Owner, pkgSourceList *const Sourc
 
    StoreFilename.clear();
    std::set<string> targetComponents, targetCodenames, targetSuites;
+   std::vector<std::unique_ptr<FileFd>> authconfs;
    for (auto Vf = Version.FileList(); Vf.end() == false; ++Vf)
    {
       auto const PkgF = Vf.File();
@@ -3401,6 +3403,8 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *const Owner, pkgSourceList *const Sourc
 	 continue;
       if (PkgF.Flagged(pkgCache::Flag::NotSource))
 	 continue;
+      if (PkgF.Flagged(pkgCache::Flag::PackagesRequireAuthorization) && !IsAuthorized(PkgF, authconfs))
+	 continue;
       pkgIndexFile *Index;
       if (Sources->FindIndex(PkgF, Index) == false)
 	 continue;
diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index 84b4c0ed8..48114ba3c 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -13,6 +13,7 @@
 #include <config.h>
 
 #include <apt-pkg/configuration.h>
+#include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
 #include <apt-pkg/strutl.h>
 
@@ -149,3 +150,46 @@ void maybe_add_auth(URI &Uri, std::string NetRCFile)
    if (fd.Open(NetRCFile, FileFd::ReadOnly))
       MaybeAddAuth(fd, Uri);
 }
+
+/* Check if we are authorized. */
+bool IsAuthorized(pkgCache::PkgFileIterator const I, std::vector<std::unique_ptr<FileFd>> &authconfs)
+{
+   if (authconfs.empty())
+   {
+      _error->PushToStack();
+      auto const netrc = _config->FindFile("Dir::Etc::netrc");
+      if (not netrc.empty())
+      {
+	 authconfs.emplace_back(new FileFd());
+	 authconfs.back()->Open(netrc, FileFd::ReadOnly);
+      }
+
+      auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts");
+      if (not netrcparts.empty())
+      {
+	 for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true))
+	 {
+	    authconfs.emplace_back(new FileFd());
+	    authconfs.back()->Open(netrc, FileFd::ReadOnly);
+	 }
+      }
+      _error->RevertToStack();
+   }
+
+   // FIXME: Use the full base url
+   URI uri(std::string("http://") + I.Site() + "/");
+   for (auto &authconf : authconfs)
+   {
+      if (not authconf->IsOpen())
+	 continue;
+      if (not authconf->Seek(0))
+	 continue;
+
+      MaybeAddAuth(*authconf, uri);
+
+      if (not uri.User.empty() || not uri.Password.empty())
+	 return true;
+   }
+
+   return false;
+}
diff --git a/apt-pkg/contrib/netrc.h b/apt-pkg/contrib/netrc.h
index 981494064..80d95acc1 100644
--- a/apt-pkg/contrib/netrc.h
+++ b/apt-pkg/contrib/netrc.h
@@ -13,9 +13,12 @@
 #ifndef NETRC_H
 #define NETRC_H
 
+#include <memory>
 #include <string>
+#include <vector>
 
 #include <apt-pkg/macros.h>
+#include <apt-pkg/pkgcache.h>
 
 #ifndef APT_8_CLEANER_HEADERS
 #include <apt-pkg/strutl.h>
@@ -32,4 +35,5 @@ class FileFd;
 APT_DEPRECATED_MSG("Use FileFd-based MaybeAddAuth instead")
 void maybe_add_auth(URI &Uri, std::string NetRCFile);
 bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri);
+bool IsAuthorized(pkgCache::PkgFileIterator const I, std::vector<std::unique_ptr<FileFd>> &authconfs) APT_HIDDEN;
 #endif
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 1afcdf2c0..f88076abf 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -918,6 +918,7 @@ bool debReleaseIndex::Merge(pkgCacheGenerator &Gen,OpProgress * /*Prog*/) const/
    #undef APT_INRELEASE
    Section.FindFlag("NotAutomatic", File->Flags, pkgCache::Flag::NotAutomatic);
    Section.FindFlag("ButAutomaticUpgrades", File->Flags, pkgCache::Flag::ButAutomaticUpgrades);
+   Section.FindFlag("Packages-Require-Authorization", File->Flags, pkgCache::Flag::PackagesRequireAuthorization);
 
    return true;
 }
diff --git a/apt-pkg/pkgcache.h b/apt-pkg/pkgcache.h
index 5c33c7073..787e3995f 100644
--- a/apt-pkg/pkgcache.h
+++ b/apt-pkg/pkgcache.h
@@ -182,9 +182,11 @@ class pkgCache								/*{{{*/
 	 LocalSource=(1<<1), /*!< local sources can't and will not be verified by hashes */
 	 NoPackages=(1<<2), /*!< the file includes no package records itself, but additions like Translations */
       };
-      enum ReleaseFileFlags {
-	 NotAutomatic=(1<<0), /*!< archive has a default pin of 1 */
-	 ButAutomaticUpgrades=(1<<1), /*!< (together with the previous) archive has a default pin of 100 */
+      enum ReleaseFileFlags
+      {
+	 NotAutomatic = (1 << 0),		  /*!< archive has a default pin of 1 */
+	 ButAutomaticUpgrades = (1 << 1),	 /*!< (together with the previous) archive has a default pin of 100 */
+	 PackagesRequireAuthorization = (1 << 2), /*!< (together with the previous) archive has a default pin of 100 */
       };
       enum ProvidesFlags {
 	 MultiArchImplicit=pkgCache::Dep::MultiArchImplicit, /*!< generated internally, not spelled out in the index */
diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc
index d7eb43c0f..7986aa506 100644
--- a/apt-pkg/policy.cc
+++ b/apt-pkg/policy.cc
@@ -18,6 +18,7 @@
 #include <apt-pkg/configuration.h>
 #include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
+#include <apt-pkg/netrc.h>
 #include <apt-pkg/pkgcache.h>
 #include <apt-pkg/policy.h>
 #include <apt-pkg/strutl.h>
@@ -38,6 +39,8 @@
 
 using namespace std;
 
+constexpr short NEVER_PIN = std::numeric_limits<short>::min();
+
 // Policy::Init - Startup and bind to a cache				/*{{{*/
 // ---------------------------------------------------------------------
 /* Set the defaults for operation. The default mode with no loaded policy
@@ -85,7 +88,8 @@ pkgPolicy::pkgPolicy(pkgCache *Owner) : Pins(nullptr), VerPins(nullptr),
 // ---------------------------------------------------------------------
 /* */
 bool pkgPolicy::InitDefaults()
-{   
+{
+   std::vector<std::unique_ptr<FileFd>> authconfs;
    // Initialize the priorities based on the status of the package file
    for (pkgCache::PkgFileIterator I = Cache->FileBegin(); I != Cache->FileEnd(); ++I)
    {
@@ -96,6 +100,8 @@ bool pkgPolicy::InitDefaults()
 	 PFPriority[I->ID] = 100;
       else if (I.Flagged(pkgCache::Flag::NotAutomatic))
 	 PFPriority[I->ID] = 1;
+      if (I.Flagged(pkgCache::Flag::PackagesRequireAuthorization) && !IsAuthorized(I, authconfs))
+	 PFPriority[I->ID] = NEVER_PIN;
    }
 
    // Apply the defaults..
@@ -107,7 +113,7 @@ bool pkgPolicy::InitDefaults()
       pkgVersionMatch Match(I->Data,I->Type);
       for (pkgCache::PkgFileIterator F = Cache->FileBegin(); F != Cache->FileEnd(); ++F)
       {
-	 if (Fixed[F->ID] == false && Match.FileMatch(F) == true)
+	 if ((Fixed[F->ID] == false || I->Priority == NEVER_PIN) && PFPriority[F->ID] != NEVER_PIN && Match.FileMatch(F) == true)
 	 {
 	    PFPriority[F->ID] = I->Priority;
 
@@ -271,7 +277,14 @@ APT_PURE signed short pkgPolicy::GetPriority(pkgCache::PkgIterator const &Pkg)
 APT_PURE signed short pkgPolicy::GetPriority(pkgCache::VerIterator const &Ver, bool ConsiderFiles)
 {
    if (VerPins[Ver->ID].Type != pkgVersionMatch::None)
-      return VerPins[Ver->ID].Priority;
+   {
+      // If all sources are never pins, the never pin wins.
+      if (VerPins[Ver->ID].Priority == NEVER_PIN)
+	 return NEVER_PIN;
+      for (pkgCache::VerFileIterator file = Ver.FileList(); file.end() == false; file++)
+	 if (GetPriority(file.File()) != NEVER_PIN)
+	    return VerPins[Ver->ID].Priority;
+   }
    if (!ConsiderFiles)
       return 0;
 
@@ -388,9 +401,17 @@ bool ReadPinFile(pkgPolicy &Plcy,string File)
       for (; Word != End && isspace(*Word) != 0; Word++);
 
       _error->PushToStack();
-      int const priority = Tags.FindI("Pin-Priority", 0);
+      std::string sPriority = Tags.FindS("Pin-Priority");
+      int priority = sPriority == "never" ? NEVER_PIN : Tags.FindI("Pin-Priority", 0);
       bool const newError = _error->PendingError();
       _error->MergeWithStack();
+
+      if (sPriority == "never" && not Name.empty())
+	 return _error->Error(_("%s: The special 'Pin-Priority: %s' can only be used for 'Package: *' records"), File.c_str(), "never");
+
+      // Silently clamp the never pin to never pin + 1
+      if (priority == NEVER_PIN && sPriority != "never")
+	 priority = NEVER_PIN + 1;
       if (priority < std::numeric_limits<short>::min() ||
           priority > std::numeric_limits<short>::max() ||
 	  newError) {
author	Julian Andres Klode <jak@debian.org>	2019-02-04 12:44:08 +0000
committer	Julian Andres Klode <jak@debian.org>	2019-02-04 12:44:08 +0000
commit	3a015964dd56edf897ee062b2eafa2cfc0584380 (patch)
tree	b7c47f960d6281195ea7fd3f90a6404b939df134 /apt-pkg
parent	d5dcc2e9d3008b57c3fae0bcb5b1c2a197f5430c (diff)
parent	c2b9b0489538fed4770515bd8853a960b13a2618 (diff)