summaryrefslogtreecommitdiff
path: root/cmdline
diff options
context:
space:
mode:
authorMatt Zimmerman <matt.zimmerman@canonical.com>2004-12-13 09:13:21 +0000
committerMatt Zimmerman <matt.zimmerman@canonical.com>2004-12-13 09:13:21 +0000
commit7db98ffceda347f0bc457c6bdc4ff33d60e26b18 (patch)
tree5cb13e3842c09ba097bd22cf69079ef74bdd5f49 /cmdline
parent63f56a3117fcd0b2e5a67c1dc71305f40291ff78 (diff)
Merge apt--authentication--0
Patches applied: * apt@arch.ubuntu.com/apt--experimental--0.6--base-0 tag of apt@arch.ubuntu.com/apt--MAIN--0--patch-1190 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-1 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-2 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-3 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-4 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-5 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-6 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-7 Merge working copy of v0.6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-8 0.6.0 is headed for experimental, not unstable * apt@arch.ubuntu.com/apt--experimental--0.6--patch-9 Date * apt@arch.ubuntu.com/apt--experimental--0.6--patch-10 Update LIB_APT_PKG_MAJOR * apt@arch.ubuntu.com/apt--experimental--0.6--patch-11 - Fix a heap corruption bug in pkgSrcRecords::pkgSrcRec... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-12 Resynch * apt@arch.ubuntu.com/apt--experimental--0.6--patch-13 * Merge apt 0.5.17 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-14 * Rearrange Release file authentication code to be more... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-15 * Convert distribution "../project/experimental" to "ex... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-16 Merge 1.11 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-17 Merge 1.7 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-18 Merge 1.10 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-19 * Make a number of Release file errors into warnings; f... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-20 * Add space between package names when multiple unauthe... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-21 * Provide apt-key with a secret keyring and a trustdb, ... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-22 * Fix typo in apt-key(8) (standard input is '-', not '/') * apt@arch.ubuntu.com/apt--experimental--0.6--patch-23 0.6.2 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-24 Resynch * apt@arch.ubuntu.com/apt--experimental--0.6--patch-25 * Fix MetaIndexURI for flat ("foo/") sources * apt@arch.ubuntu.com/apt--experimental--0.6--patch-26 0.6.3 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-27 * Use the top-level Release file in LoadReleaseInfo, ra... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-28 0.6.4 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-29 Clarify * apt@arch.ubuntu.com/apt--experimental--0.6--patch-30 * Move the authentication check into a separate functio... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-31 * Fix display of unauthenticated packages when they are... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-32 * Move the authentication check into a separate functio... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-33 * Restore the ugly hack I removed from indexRecords::Lo... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-34 0.6.6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-35 * Forgot to revert part of the changes to tagfile in 0.... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-36 * Add a config option and corresponding command line option * apt@arch.ubuntu.com/apt--experimental--0.6--patch-37 0.6.8 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-38 hopefully avoid more segfaults * apt@arch.ubuntu.com/apt--experimental--0.6--patch-39 XXX * apt@arch.ubuntu.com/apt--experimental--0.6--patch-40 * Another tagfile workaround * apt@arch.ubuntu.com/apt--experimental--0.6--patch-41 * Use "Codename" (woody, sarge, etc.) to supply the val... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-42 * Support IMS requests of Release.gpg and Release * apt@arch.ubuntu.com/apt--experimental--0.6--patch-43 * Have pkgAcquireIndex calculate an MD5 sum if one is n... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-44 * Merge 0.5.18 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-45 apt (0.6.13) experimental; urgency=low * apt@arch.ubuntu.com/apt--experimental--0.6--patch-46 0.6.13 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-47 Merge 0.5.20 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-48 The source list works a bit differently in 0.6; fix the... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-49 * s/Debug::Acquire::gpg/&v/ * apt@arch.ubuntu.com/apt--experimental--0.6--patch-50 * Honor the [vendor] syntax in sources.list again (thou... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-51 * Don't ship vendors.list(5) since it isn't used yet * apt@arch.ubuntu.com/apt--experimental--0.6--patch-52 * Revert change from 0.6.10; it was right in the first ... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-53 * Fix some cases where the .gpg file could be left in p... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-54 Print a warning if gnupg is not installed * apt@arch.ubuntu.com/apt--experimental--0.6--patch-55 * Handle more IMS stuff correctly * apt@arch.ubuntu.com/apt--experimental--0.6--patch-56 0.6.17 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-57 * Merge 0.5.21 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-58 * Add new Debian Archive Automatic Signing Key to the d... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-59 0.6.18 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-60 * Merge 0.5.22 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-61 * Convert apt-key(8) to docbook XML * apt@arch.ubuntu.com/apt--experimental--0.6--patch-62 Merge 0.5.23 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-63 Remove bogus partial 0.5.22 changelog entry * apt@arch.ubuntu.com/apt--experimental--0.6--patch-64 Make the auth warning a bit less redundant * apt@arch.ubuntu.com/apt--experimental--0.6--patch-65 * Merge 0.5.24 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-66 * Make the unauthenticated packages prompt more intuiti... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-67 Merge 0.5.25 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-68 * Remove obsolete pkgIterator::TargetVer() (Closes: #230159) * apt@arch.ubuntu.com/apt--experimental--0.6--patch-69 * Reverse test in CheckAuth to match new prompt (Closes... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-70 Update version * apt@arch.ubuntu.com/apt--experimental--0.6--patch-71 Fix backwards sense of CheckAuth prompt * apt@arch.ubuntu.com/apt--experimental--0.6--patch-72 0.6.24 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-73 Close bug * apt@arch.ubuntu.com/apt--experimental--0.6--patch-74 * Fix handling of two-part sources for sources.list deb... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-75 0.6.25 * apt@packages.debian.org/apt--authentication--0--base-0 tag of apt@arch.ubuntu.com/apt--experimental--0.6--patch-75 * apt@packages.debian.org/apt--authentication--0--patch-1 Michael Vogt's merge of apt--experimental--0 onto apt--main--0 * apt@packages.debian.org/apt--authentication--0--patch-2 Merge from apt--main--0 * apt@packages.debian.org/apt--authentication--0--patch-3 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-4 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-5 Update version number in configure.in * apt@packages.debian.org/apt--authentication--0--patch-6 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-7 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-8 Merge from mvo's branch * apt@packages.debian.org/apt--authentication--0--patch-9 Merge from mvo's tree * apt@packages.debian.org/apt--authentication--0--patch-10 Merge from mvo * apt@packages.debian.org/apt--authentication--0--patch-11 Fix permissions AGAIN * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--base-0 tag of michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-1 * star-merged matt's changes (bz2 support for data-members in debs) * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-1 tag of apt@packages.debian.org/apt--authentication--0--base-0 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-2 merged "tla apply-delta -A foo@ apt@arch.ubuntu.com/apt--MAIN--0--patch-1190 apt@arch.ubuntu.com/apt--MAIN--0--patch-1343" and cleaned up conflicts * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-3 * missing bits from the merge added * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-4 * star-merged with apt@packages.debian.org/apt--main--0 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-5 * tree-synced to the apt--authentication tree * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-6 * use the ubuntu-key in this version * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-7 * imported the patches from mdz * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-8 * apt-get update --print-uris works now as before (fallback to 0.5.x behaviour) * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-9 * fix for the "if any source unauthenticated, all other sources are unauthenticated too" problem * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-10 * reworked the "--print-uris" patch. it no longer uses: "APT::Get::Print-URIs" in the library * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-11 * version of the library set to 3.6 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12 * changelog finallized, will upload to people.ubuntulinux.org/~mvo/apt-authentication * michael.vogt@canonical.com--2004/apt--main-authentication--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-22 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-1 * star-merge from apt--experimental--0.6 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-2 * compile failure fix for methods/http.cc, po-file fixes
Diffstat (limited to 'cmdline')
-rw-r--r--cmdline/apt-cache.cc15
-rw-r--r--cmdline/apt-get.cc66
-rw-r--r--cmdline/apt-key60
-rw-r--r--cmdline/makefile6
4 files changed, 136 insertions, 11 deletions
diff --git a/cmdline/apt-cache.cc b/cmdline/apt-cache.cc
index b3468a97a..18680a5db 100644
--- a/cmdline/apt-cache.cc
+++ b/cmdline/apt-cache.cc
@@ -1599,11 +1599,16 @@ bool Madison(CommandLine &CmdL)
// Locate the associated index files so we can derive a description
for (pkgSourceList::const_iterator S = SrcList->begin(); S != SrcList->end(); S++)
{
- if ((*S)->FindInCache(*(VF.File().Cache())) == VF.File())
- {
- cout << setw(10) << Pkg.Name() << " | " << setw(10) << V.VerStr() << " | "
- << (*S)->Describe(true) << endl;
- }
+ vector<pkgIndexFile *> *Indexes = (*S)->GetIndexFiles();
+ for (vector<pkgIndexFile *>::const_iterator IF = Indexes->begin();
+ IF != Indexes->end(); IF++)
+ {
+ if ((*IF)->FindInCache(*(VF.File().Cache())) == VF.File())
+ {
+ cout << setw(10) << Pkg.Name() << " | " << setw(10) << V.VerStr() << " | "
+ << (*IF)->Describe(true) << endl;
+ }
+ }
}
}
}
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index 0d7e5239c..6dbb8285f 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -111,7 +111,7 @@ class CacheFile : public pkgCacheFile
// YnPrompt - Yes No Prompt. /*{{{*/
// ---------------------------------------------------------------------
/* Returns true on a Yes.*/
-bool YnPrompt()
+bool YnPrompt(bool Default=true)
{
if (_config->FindB("APT::Get::Assume-Yes",false) == true)
{
@@ -126,7 +126,7 @@ bool YnPrompt()
return false;
if (strlen(response) == 0)
- return true;
+ return Default;
regex_t Pattern;
int Res;
@@ -544,6 +544,7 @@ bool ShowEssential(ostream &out,CacheFile &Cache)
return ShowList(out,_("WARNING: The following essential packages will be removed\n"
"This should NOT be done unless you know exactly what you are doing!"),List,VersionsList);
}
+
/*}}}*/
// Stats - Show some statistics /*{{{*/
// ---------------------------------------------------------------------
@@ -666,6 +667,49 @@ bool CacheFile::CheckDeps(bool AllowBroken)
return true;
}
+
+static bool CheckAuth(pkgAcquire& Fetcher)
+{
+ string UntrustedList;
+ for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
+ {
+ if (!(*I)->IsTrusted())
+ {
+ UntrustedList += string((*I)->ShortDesc()) + " ";
+ }
+ }
+
+ if (UntrustedList == "")
+ {
+ return true;
+ }
+
+ ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
+
+ if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
+ {
+ c2out << "Authentication warning overridden.\n";
+ return true;
+ }
+
+ if (_config->FindI("quiet",0) < 2
+ && _config->FindB("APT::Get::Assume-Yes",false) == false)
+ {
+ c2out << _("Install these packages without verification? [y/N] ") << flush;
+ if (!YnPrompt(false))
+ return _error->Error(_("Some packages could not be authenticated"));
+
+ return true;
+ }
+ else if (_config->FindB("APT::Get::Force-Yes",false) == true)
+ {
+ return true;
+ }
+
+ return _error->Error(_("There are problems and -y was used without --force-yes"));
+}
+
+
/*}}}*/
// InstallPackages - Actually download and install the packages /*{{{*/
@@ -701,7 +745,7 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask = true,
Essential = !ShowEssential(c1out,Cache);
Fail |= Essential;
Stats(c1out,Cache);
-
+
// Sanity check
if (Cache->BrokenCount() != 0)
{
@@ -860,6 +904,9 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask = true,
return true;
}
+ if (!CheckAuth(Fetcher))
+ return false;
+
/* Unlock the dpkg lock if we are not going to be doing an install
after. */
if (_config->FindB("APT::Get::Download-Only",false) == true)
@@ -1252,19 +1299,25 @@ bool DoUpdate(CommandLine &CmdL)
AcqTextStatus Stat(ScreenWidth,_config->FindI("quiet",0));
pkgAcquire Fetcher(&Stat);
- // Populate it with the source selection
- if (List.GetIndexes(&Fetcher) == false)
- return false;
// Just print out the uris an exit if the --print-uris flag was used
if (_config->FindB("APT::Get::Print-URIs") == true)
{
+ // Populate it with the source selection and get all Indexes
+ // (GetAll=true)
+ if (List.GetIndexes(&Fetcher,true) == false)
+ return false;
+
pkgAcquire::UriIterator I = Fetcher.UriBegin();
for (; I != Fetcher.UriEnd(); I++)
cout << '\'' << I->URI << "' " << flNotDir(I->Owner->DestFile) << ' ' <<
I->Owner->FileSize << ' ' << I->Owner->MD5Sum() << endl;
return true;
}
+
+ // Populate it with the source selection
+ if (List.GetIndexes(&Fetcher) == false)
+ return false;
// Run it
if (Fetcher.Run() == pkgAcquire::Failed)
@@ -2412,6 +2465,7 @@ int main(int argc,const char *argv[])
{0,"remove","APT::Get::Remove",0},
{0,"only-source","APT::Get::Only-Source",0},
{0,"arch-only","APT::Get::Arch-Only",0},
+ {0,"allow-unauthenticated","APT::Get::AllowUnauthenticated",0},
{'c',"config-file",0,CommandLine::ConfigFile},
{'o',"option",0,CommandLine::ArbItem},
{0,0,0,0}};
diff --git a/cmdline/apt-key b/cmdline/apt-key
new file mode 100644
index 000000000..583cde191
--- /dev/null
+++ b/cmdline/apt-key
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+usage() {
+ echo "Usage: apt-key [command] [arguments]"
+ echo
+ echo "Manage apt's list of trusted keys"
+ echo
+ echo " apt-key add <file> - add the key contained in <file> ('-' for stdin)"
+ echo " apt-key del <keyid> - remove the key <keyid>"
+ echo " apt-key list - list keys"
+ echo
+}
+
+command="$1"
+if [ -z "$command" ]; then
+ usage
+ exit 1
+fi
+shift
+
+if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
+ echo >&2 "Warning: gnupg does not seem to be installed."
+ echo >&2 "Warning: apt-key requires gnupg for most operations."
+ echo >&2
+fi
+
+# We don't use a secret keyring, of course, but gpg panics and
+# implodes if there isn't one available
+
+GPG="gpg --no-options --no-default-keyring --keyring /etc/apt/trusted.gpg --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg"
+
+case "$command" in
+ add)
+ $GPG --quiet --batch --import "$1"
+ echo "OK"
+ ;;
+ del|rm|remove)
+ $GPG --quiet --batch --delete-key --yes "$1"
+ echo "OK"
+ ;;
+ list)
+ $GPG --batch --list-keys
+ ;;
+ finger*)
+ $GPG --batch --fingerprint
+ ;;
+ adv*)
+ echo "Executing: $GPG $*"
+ $GPG $*
+ ;;
+ help)
+ usage
+ ;;
+ *)
+ usage
+ exit 1
+ ;;
+esac
diff --git a/cmdline/makefile b/cmdline/makefile
index 0c34c1ff9..21a6d47d4 100644
--- a/cmdline/makefile
+++ b/cmdline/makefile
@@ -46,3 +46,9 @@ SLIBS = -lapt-pkg -lapt-inst
LIB_MAKES = apt-pkg/makefile
SOURCE = apt-extracttemplates.cc
include $(PROGRAM_H)
+
+# The apt-key program
+SOURCE=apt-key
+TO=$(BIN)
+TARGET=program
+include $(COPY_H)