summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--apt-pkg/acquire-item.cc6
-rw-r--r--apt-pkg/deb/debmetaindex.cc12
-rw-r--r--apt-pkg/indexrecords.cc24
-rw-r--r--apt-pkg/indexrecords.h27
-rw-r--r--test/integration/framework9
-rwxr-xr-xtest/integration/test-sourceslist-trusted-options168
6 files changed, 229 insertions, 17 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 6731e07d5..97ff1bd18 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1777,7 +1777,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
TransactionManager->TransactionStageRemoval(this, DestFile);
// only allow going further if the users explicitely wants it
- if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
+ if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
{
// we parse the indexes here because at this point the user wanted
// a repository that may potentially harm him
@@ -2155,7 +2155,7 @@ void pkgAcqMetaIndex::Failed(string Message,
// No Release file was present so fall
// back to queueing Packages files without verification
// only allow going further if the users explicitely wants it
- if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
+ if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
{
// Done, queue for rename on transaction finished
if (FileExists(DestFile))
@@ -2279,7 +2279,7 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*
// No Release file was present, or verification failed, so fall
// back to queueing Packages files without verification
// only allow going further if the users explicitely wants it
- if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
+ if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
{
Status = StatDone;
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index f2d637676..c103da8f7 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -253,6 +253,12 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
{
bool const tryInRelease = _config->FindB("Acquire::TryInRelease", true);
+ indexRecords * const iR = new indexRecords(Dist);
+ if (Trusted == ALWAYS_TRUSTED)
+ iR->SetTrusted(true);
+ else if (Trusted == NEVER_TRUSTED)
+ iR->SetTrusted(false);
+
// special case for --print-uris
if (GetAll) {
vector <IndexTarget *> *targets = ComputeIndexTargets();
@@ -270,7 +276,7 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
MetaIndexInfo("Release"), "Release",
MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
ComputeIndexTargets(),
- new indexRecords (Dist));
+ iR);
}
if (tryInRelease == true)
new pkgAcqMetaClearSig(Owner,
@@ -278,13 +284,13 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
ComputeIndexTargets(),
- new indexRecords (Dist));
+ iR);
else
new pkgAcqMetaIndex(Owner, NULL,
MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
ComputeIndexTargets(),
- new indexRecords (Dist));
+ iR);
return true;
}
diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc
index 8c1e2229b..bf1901e11 100644
--- a/apt-pkg/indexrecords.cc
+++ b/apt-pkg/indexrecords.cc
@@ -253,12 +253,30 @@ bool indexRecords::parseSumData(const char *&Start, const char *End, /*{{{*/
return true;
}
/*}}}*/
-indexRecords::indexRecords()
+
+APT_PURE bool indexRecords::IsAlwaysTrusted() const
+{
+ if (Trusted == ALWAYS_TRUSTED)
+ return true;
+ return false;
+}
+APT_PURE bool indexRecords::IsNeverTrusted() const
+{
+ if (Trusted == NEVER_TRUSTED)
+ return true;
+ return false;
+}
+void indexRecords::SetTrusted(bool const Trusted)
{
+ if (Trusted == true)
+ this->Trusted = ALWAYS_TRUSTED;
+ else
+ this->Trusted = NEVER_TRUSTED;
}
-indexRecords::indexRecords(const string ExpectedDist) :
- ExpectedDist(ExpectedDist), ValidUntil(0), SupportsAcquireByHash(false)
+indexRecords::indexRecords(const string &ExpectedDist) :
+ Trusted(CHECK_TRUST), d(NULL), ExpectedDist(ExpectedDist), ValidUntil(0),
+ SupportsAcquireByHash(false)
{
}
diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h
index e1a2c0f74..88a06779c 100644
--- a/apt-pkg/indexrecords.h
+++ b/apt-pkg/indexrecords.h
@@ -26,9 +26,12 @@ class indexRecords
public:
struct checkSum;
std::string ErrorText;
- // dpointer (for later9
+
+ private:
+ enum APT_HIDDEN { ALWAYS_TRUSTED, NEVER_TRUSTED, CHECK_TRUST } Trusted;
+ // dpointer (for later)
void * d;
-
+
protected:
std::string Dist;
std::string Suite;
@@ -40,8 +43,7 @@ class indexRecords
public:
- indexRecords();
- indexRecords(const std::string ExpectedDist);
+ indexRecords(const std::string &ExpectedDist = "");
// Lookup function
virtual checkSum *Lookup(const std::string MetaKey);
@@ -50,12 +52,27 @@ class indexRecords
std::vector<std::string> MetaKeys();
virtual bool Load(std::string Filename);
+ virtual bool CheckDist(const std::string MaybeDist) const;
+
std::string GetDist() const;
std::string GetSuite() const;
bool GetSupportsAcquireByHash() const;
time_t GetValidUntil() const;
- virtual bool CheckDist(const std::string MaybeDist) const;
std::string GetExpectedDist() const;
+
+ /** \brief check if source is marked as always trusted */
+ bool IsAlwaysTrusted() const;
+ /** \brief check if source is marked as never trusted */
+ bool IsNeverTrusted() const;
+
+ /** \brief sets an explicit trust value
+ *
+ * \b true means that the source should always be considered trusted,
+ * while \b false marks a source as always untrusted, even if we have
+ * a valid signature and everything.
+ */
+ void SetTrusted(bool const Trusted);
+
virtual ~indexRecords();
};
diff --git a/test/integration/framework b/test/integration/framework
index 75cec204c..76425f0c3 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -859,6 +859,7 @@ setupaptarchive() {
signreleasefiles() {
local SIGNER="${1:-Joe Sixpack}"
+ local REPODIR="${2:-aptarchive}"
local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes"
msgninfo "\tSign archive with $SIGNER key $KEY… "
@@ -885,7 +886,7 @@ signreleasefiles() {
cp ${REXKEY}.pub $PUBUNEXPIRED
fi
fi
- for RELEASE in $(find aptarchive/ -name Release); do
+ for RELEASE in $(find ${REPODIR}/ -name Release); do
$GPG --default-key "$SIGNER" --armor --detach-sign --sign --output ${RELEASE}.gpg ${RELEASE}
local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
$GPG --default-key "$SIGNER" --clearsign --output $INRELEASE $RELEASE
@@ -1167,9 +1168,10 @@ testsuccess() {
if $@ >${OUTPUT} 2>&1; then
msgpass
else
+ local EXITCODE=$?
echo >&2
cat >&2 $OUTPUT
- msgfail
+ msgfail "exitcode $EXITCODE"
fi
}
@@ -1181,9 +1183,10 @@ testfailure() {
fi
local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output"
if $@ >${OUTPUT} 2>&1; then
+ local EXITCODE=$?
echo >&2
cat >&2 $OUTPUT
- msgfail
+ msgfail "exitcode $EXITCODE"
else
msgpass
fi
diff --git a/test/integration/test-sourceslist-trusted-options b/test/integration/test-sourceslist-trusted-options
new file mode 100755
index 000000000..ae65cca83
--- /dev/null
+++ b/test/integration/test-sourceslist-trusted-options
@@ -0,0 +1,168 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture 'amd64'
+
+buildsimplenativepackage 'foo' 'amd64' '1' 'stable'
+buildsimplenativepackage 'foo' 'amd64' '2' 'testing'
+
+setupaptarchive --no-update
+
+APTARCHIVE=$(readlink -f ./aptarchive)
+
+everythingsucceeds() {
+ testequal 'Listing...
+foo/testing 2 amd64
+foo/stable 1 amd64
+' apt list foo -a
+
+ rm -f foo_1_amd64.deb foo_2_amd64.deb
+ testsuccess aptget download foo "$@"
+ testsuccess test -s foo_1_amd64.deb -o -s foo_2_amd64.deb
+
+ rm -f foo_1.dsc foo_2.dsc
+ testsuccess aptget source foo --dsc-only -d "$@"
+ testsuccess test -s foo_1.dsc -o -s foo_2.dsc
+}
+
+everythingfails() {
+ testequal 'Listing...
+foo/testing 2 amd64
+foo/stable 1 amd64
+' apt list foo -a
+
+ local WARNING='WARNING: The following packages cannot be authenticated!
+ foo
+E: Some packages could not be authenticated'
+
+ rm -f foo_1_amd64.deb foo_2_amd64.deb
+ testfailure aptget download foo "$@"
+ testequal "$WARNING" tail -n 3 rootdir/tmp/testfailure.output
+ testfailure test -s foo_1_amd64.deb -o -s foo_2_amd64.deb
+
+ rm -f foo_1.dsc foo_2.dsc
+ testfailure aptget source foo --dsc-only -d "$@"
+ testequal "$WARNING" tail -n 3 rootdir/tmp/testfailure.output
+ testfailure test -s foo_1.dsc -o -s foo_2.dsc
+}
+
+cp -a rootdir/etc/apt/sources.list.d/ rootdir/etc/apt/sources.list.d.bak/
+
+aptgetupdate() {
+ rm -rf rootdir/var/lib/apt/lists
+ # note that insecure with trusted=yes are allowed
+ # as the trusted=yes indicates that security is provided by
+ # something above the understanding of apt
+ testsuccess aptget update --no-allow-insecure-repositories
+}
+
+insecureaptgetupdate() {
+ rm -rf rootdir/var/lib/apt/lists
+ testfailure aptget update
+ rm -rf rootdir/var/lib/apt/lists
+ testsuccess aptget update --allow-insecure-repositories
+}
+
+msgmsg 'Test without trusted option and good sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+aptgetupdate
+everythingsucceeds
+everythingsucceeds -t stable
+everythingsucceeds -t testing
+
+msgmsg 'Test with trusted=yes option and good sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
+aptgetupdate
+everythingsucceeds
+everythingsucceeds -t stable
+everythingsucceeds -t testing
+
+msgmsg 'Test with trusted=no option and good sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
+# we want the warnings on the actions, but for 'update' everything is fine
+aptgetupdate
+everythingfails
+everythingfails -t stable
+everythingfails -t testing
+
+find aptarchive/dists/stable \( -name 'InRelease' -o -name 'Release.gpg' \) -delete
+
+msgmsg 'Test without trusted option and good and unsigned sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+insecureaptgetupdate
+everythingsucceeds
+everythingfails -t stable
+everythingsucceeds -t testing
+
+msgmsg 'Test with trusted=yes option and good and unsigned sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
+aptgetupdate
+everythingsucceeds
+everythingsucceeds -t stable
+everythingsucceeds -t testing
+
+msgmsg 'Test with trusted=no option and good and unsigned sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
+insecureaptgetupdate
+everythingfails
+everythingfails -t stable
+everythingfails -t testing
+
+signreleasefiles 'Marvin Paranoid' 'aptarchive/dists/stable'
+
+msgmsg 'Test without trusted option and good and unknown sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+insecureaptgetupdate
+everythingsucceeds
+everythingfails -t stable
+everythingsucceeds -t testing
+
+msgmsg 'Test with trusted=yes option and good and unknown sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
+aptgetupdate
+everythingsucceeds
+everythingsucceeds -t stable
+everythingsucceeds -t testing
+
+msgmsg 'Test with trusted=no option and good and unknown sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
+insecureaptgetupdate
+everythingfails
+everythingfails -t stable
+everythingfails -t testing
+
+signreleasefiles 'Rex Expired' 'aptarchive/dists/stable'
+cp -a keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
+
+msgmsg 'Test without trusted option and good and expired sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+insecureaptgetupdate
+everythingsucceeds
+everythingfails -t stable
+everythingsucceeds -t testing
+
+msgmsg 'Test with trusted=yes option and good and expired sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
+aptgetupdate
+everythingsucceeds
+everythingsucceeds -t stable
+everythingsucceeds -t testing
+
+msgmsg 'Test with trusted=no option and good and expired sources'
+cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
+sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
+insecureaptgetupdate
+everythingfails
+everythingfails -t stable
+everythingfails -t testing