rework errors and warnings around insecure repositories

Insecure (aka unsigned) repositories are bad, period. We want to get right of them finally and as a first step we are printing scary warnings. This is already done, this commit just changes the messages to be more consistent and prevents them from being displayed if authenticity is guaranteed some other way (as indicated with trusted=yes). The idea is to first print the pure fact like "repository isn't signed" as a warning (and later as an error), while giving an explaination in a immediately following notice (which is displayed only in quiet level 0: so in interactive use, not in scripts and alike). Closes: 796549
author: David Kalnischkies <david@kalnischkies.de> 2015-10-13 11:37:39 +0200
committer: David Kalnischkies <david@kalnischkies.de> 2015-11-04 18:04:01 +0100
commit: f18f2338a17d3037ac0d6f81a7f1a37df6eaca01 (patch)
tree: 238910fae9d19be36ba3f62903eb52f28d417606 /apt-pkg
parent: bce8e59b81e5bdfa46501c25bc1b3fca60a69cb8 (diff)
1 files changed, 39 insertions, 22 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 98739f7a6..0c7c7c75c 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -148,12 +148,41 @@ static bool BootstrapPDiffWith(std::string const &PartialFile, std::string const
 }
 									/*}}}*/
 
-static bool AllowInsecureRepositories(metaIndex const * const MetaIndexParser, pkgAcqMetaClearSig * const TransactionManager, pkgAcquire::Item * const I) /*{{{*/
+static bool MessageInsecureRepository(bool const isError, std::string const &msg)/*{{{*/
 {
-   if(MetaIndexParser->GetTrusted() == metaIndex::TRI_YES || _config->FindB("Acquire::AllowInsecureRepositories") == true)
+   if (isError)
+   {
+      _error->Error("%s", msg.c_str());
+      _error->Notice("%s", _("Updating such a repository securily is impossible and therefore disabled by default."));
+   }
+   else
+   {
+      _error->Warning("%s", msg.c_str());
+      _error->Notice("%s", _("Data from such a repository can not be authenticated and is therefore potentially dangerous to use."));
+   }
+   return false;
+}
+static bool MessageInsecureRepository(bool const isError, char const * const msg, std::string const &repo)
+{
+   std::string m;
+   strprintf(m, msg, repo.c_str());
+   return MessageInsecureRepository(isError, m);
+}
+									/*}}}*/
+static bool AllowInsecureRepositories(char const * const msg, std::string const &repo,/*{{{*/
+      metaIndex const * const MetaIndexParser, pkgAcqMetaClearSig * const TransactionManager, pkgAcquire::Item * const I)
+{
+   if(MetaIndexParser->GetTrusted() == metaIndex::TRI_YES)
       return true;
 
-   _error->Error(_("Use --allow-insecure-repositories to force the update"));
+   if (_config->FindB("Acquire::AllowInsecureRepositories") == true)
+   {
+      MessageInsecureRepository(false, msg, repo);
+      return true;
+   }
+
+   MessageInsecureRepository(true, msg, repo);
+   _error->Notice(_("Use --allow-insecure-repositories to force an insecure update"));
    TransactionManager->AbortTransaction();
    I->Status = pkgAcquire::Item::StatError;
    return false;
@@ -1308,10 +1337,10 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
 
    if (AuthPass == false)
    {
-      if (Status == StatAuthError)
+      if (Status == StatAuthError || Status == StatTransientNetworkError)
       {
-	 // if we expected a ClearTextSignature (InRelease) and got a file,
-	 // but it wasn't valid we end up here (see VerifyDone).
+	 // if we expected a ClearTextSignature (InRelease) but got a network
+	 // error or got a file, but it wasn't valid, we end up here (see VerifyDone).
 	 // As these is usually called by web-portals we do not try Release/Release.gpg
 	 // as this is gonna fail anyway and instead abort our try (LP#346386)
 	 TransactionManager->AbortTransaction();
@@ -1331,14 +1360,10 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
       if(CheckStopAuthentication(this, Message))
          return;
 
-      _error->Warning(_("The data from '%s' is not signed. Packages "
-                        "from that repository can not be authenticated."),
-                      ClearsignedTarget.Description.c_str());
-
       // No Release file was present, or verification failed, so fall
       // back to queueing Packages files without verification
       // only allow going further if the users explicitely wants it
-      if(AllowInsecureRepositories(TransactionManager->MetaIndexParser, TransactionManager, this) == true)
+      if(AllowInsecureRepositories(_("The repository '%s' is not signed."), ClearsignedTarget.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
       {
 	 Status = StatDone;
 
@@ -1433,14 +1458,10 @@ void pkgAcqMetaIndex::Failed(string const &Message,
    pkgAcquire::Item::Failed(Message, Cnf);
    Status = StatDone;
 
-   _error->Warning(_("The repository '%s' does not have a Release file. "
-                     "This is deprecated, please contact the owner of the "
-                     "repository."), Target.Description.c_str());
-
    // No Release file was present so fall
    // back to queueing Packages files without verification
    // only allow going further if the users explicitely wants it
-   if(AllowInsecureRepositories(TransactionManager->MetaIndexParser, TransactionManager, this) == true)
+   if(AllowInsecureRepositories(_("The repository '%s' does not have a Release file."), Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
    {
       // ensure old Release files are removed
       TransactionManager->TransactionStageRemoval(this, GetFinalFilename());
@@ -1578,7 +1599,7 @@ void pkgAcqMetaSig::Failed(string const &Message,pkgAcquire::MethodConfig const
                            "given to override it."));
          Status = StatDone;
       } else {
-         _error->Error("%s", downgrade_msg.c_str());
+	 MessageInsecureRepository(true, downgrade_msg);
 	 if (TransactionManager->IMSHit == false)
 	    Rename(MetaIndex->DestFile, MetaIndex->DestFile + ".FAILED");
 	 Item::Failed("Message: " + downgrade_msg, Cnf);
@@ -1586,16 +1607,12 @@ void pkgAcqMetaSig::Failed(string const &Message,pkgAcquire::MethodConfig const
          return;
       }
    }
-   else
-      _error->Warning(_("The data from '%s' is not signed. Packages "
-	       "from that repository can not be authenticated."),
-	    MetaIndex->Target.Description.c_str());
 
    // ensures that a Release.gpg file in the lists/ is removed by the transaction
    TransactionManager->TransactionStageRemoval(this, DestFile);
 
    // only allow going further if the users explicitely wants it
-   if(AllowInsecureRepositories(TransactionManager->MetaIndexParser, TransactionManager, this) == true)
+   if (AllowInsecureRepositories(_("The repository '%s' is not signed."), MetaIndex->Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
    {
       if (RealFileExists(FinalReleasegpg) || RealFileExists(FinalInRelease))
       {
author	David Kalnischkies <david@kalnischkies.de>	2015-10-13 11:37:39 +0200
committer	David Kalnischkies <david@kalnischkies.de>	2015-11-04 18:04:01 +0100
commit	f18f2338a17d3037ac0d6f81a7f1a37df6eaca01 (patch)
tree	238910fae9d19be36ba3f62903eb52f28d417606 /apt-pkg
parent	bce8e59b81e5bdfa46501c25bc1b3fca60a69cb8 (diff)