diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2016-03-18 14:46:24 +0100 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2016-06-22 14:05:01 +0200 |
| commit | 952ee63b0af14a534c0aca00c11d1a99be6b22b2 (patch) | |
| tree | 098154a03b1616e00289074eda11d4bee72ead8c /apt-private | |
| parent | b1bdfe682054ea6fc202416968c5342d59b403b1 (diff) | |
forbid insecure repositories by default expect in apt-get
With this commit all APT-based clients default to refusing to work with
unsigned or otherwise insufficently secured repositories. In terms of
apt and apt-get this changes nothing, but it effects all tools using
libapt like aptitude, synaptic or packagekit.
The exception remains apt-get for stretch for now as this might break
too many scripts/usecases too quickly.
The documentation is updated and extended to reflect how to opt out or
in on this behaviour change.
Closes: 808367
Diffstat (limited to 'apt-private')
| -rw-r--r-- | apt-private/private-cmndline.cc | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/apt-private/private-cmndline.cc b/apt-private/private-cmndline.cc index ba64c5b46..481c23c94 100644 --- a/apt-private/private-cmndline.cc +++ b/apt-private/private-cmndline.cc @@ -372,7 +372,6 @@ std::vector<CommandLine::Args> getCommandArgs(APT_CMD const Program, char const return Args; } /*}}}*/ -#undef CmdMatches #undef addArg static void ShowHelpListCommands(std::vector<aptDispatchWithHelp> const &Cmds)/*{{{*/ { @@ -445,15 +444,22 @@ static void BinarySpecificConfiguration(char const * const Binary) /*{{{*/ _config->CndSet("Binary::apt::APT::Get::Upgrade-Allow-New", true); _config->CndSet("Binary::apt::APT::Cmd::Show-Update-Stats", true); _config->CndSet("Binary::apt::DPkg::Progress-Fancy", true); - _config->CndSet("Binary::apt::Acquire::AllowInsecureRepositories", false); _config->CndSet("Binary::apt::APT::Keep-Downloaded-Packages", false); } + if (binary == "apt-config") + _config->CndSet("Binary::apt-get::Acquire::AllowInsecureRepositories", true); _config->Set("Binary", binary); - std::string const conf = "Binary::" + binary; - _config->MoveSubTree(conf.c_str(), NULL); } /*}}}*/ +static void BinaryCommandSpecificConfiguration(char const * const Binary, char const * const Cmd)/*{{{*/ +{ + std::string const binary = flNotDir(Binary); + if (binary == "apt-get" && CmdMatches("update")) + _config->CndSet("Binary::apt-get::Acquire::AllowInsecureRepositories", true); +} +#undef CmdMatches + /*}}}*/ std::vector<CommandLine::Dispatch> ParseCommandLine(CommandLine &CmdL, APT_CMD const Binary,/*{{{*/ Configuration * const * const Cnf, pkgSystem ** const Sys, int const argc, const char *argv[], bool (*ShowHelp)(CommandLine &), std::vector<aptDispatchWithHelp> (*GetCommands)(void)) @@ -481,11 +487,14 @@ std::vector<CommandLine::Dispatch> ParseCommandLine(CommandLine &CmdL, APT_CMD c // Args running out of scope invalidates the pointer stored in CmdL, // but we don't use the pointer after this function, so we ignore // this problem for now and figure something out if we have to. - std::vector<CommandLine::Args> Args; + char const * CmdCalled = nullptr; if (Cmds.empty() == false && Cmds[0].Handler != nullptr) - Args = getCommandArgs(Binary, CommandLine::GetCommand(Cmds.data(), argc, argv)); - else - Args = getCommandArgs(Binary, nullptr); + CmdCalled = CommandLine::GetCommand(Cmds.data(), argc, argv); + if (CmdCalled != nullptr) + BinaryCommandSpecificConfiguration(argv[0], CmdCalled); + std::string const conf = "Binary::" + _config->Find("Binary"); + _config->MoveSubTree(conf.c_str(), nullptr); + auto Args = getCommandArgs(Binary, CmdCalled); CmdL = CommandLine(Args.data(), _config); if (CmdL.Parse(argc,argv) == false || |