diff options
| -rw-r--r-- | apt-pkg/acquire-item.cc | 6 | ||||
| -rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 12 | ||||
| -rw-r--r-- | apt-pkg/indexrecords.cc | 24 | ||||
| -rw-r--r-- | apt-pkg/indexrecords.h | 27 | ||||
| -rw-r--r-- | test/integration/framework | 9 | ||||
| -rwxr-xr-x | test/integration/test-sourceslist-trusted-options | 168 |
6 files changed, 229 insertions, 17 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 6731e07d5..97ff1bd18 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1777,7 +1777,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ TransactionManager->TransactionStageRemoval(this, DestFile); // only allow going further if the users explicitely wants it - if(_config->FindB("Acquire::AllowInsecureRepositories") == true) + if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) { // we parse the indexes here because at this point the user wanted // a repository that may potentially harm him @@ -2155,7 +2155,7 @@ void pkgAcqMetaIndex::Failed(string Message, // No Release file was present so fall // back to queueing Packages files without verification // only allow going further if the users explicitely wants it - if(_config->FindB("Acquire::AllowInsecureRepositories") == true) + if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) { // Done, queue for rename on transaction finished if (FileExists(DestFile)) @@ -2279,7 +2279,7 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /* // No Release file was present, or verification failed, so fall // back to queueing Packages files without verification // only allow going further if the users explicitely wants it - if(_config->FindB("Acquire::AllowInsecureRepositories") == true) + if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) { Status = StatDone; diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index f2d637676..c103da8f7 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -253,6 +253,12 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const { bool const tryInRelease = _config->FindB("Acquire::TryInRelease", true); + indexRecords * const iR = new indexRecords(Dist); + if (Trusted == ALWAYS_TRUSTED) + iR->SetTrusted(true); + else if (Trusted == NEVER_TRUSTED) + iR->SetTrusted(false); + // special case for --print-uris if (GetAll) { vector <IndexTarget *> *targets = ComputeIndexTargets(); @@ -270,7 +276,7 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const MetaIndexInfo("Release"), "Release", MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg", ComputeIndexTargets(), - new indexRecords (Dist)); + iR); } if (tryInRelease == true) new pkgAcqMetaClearSig(Owner, @@ -278,13 +284,13 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release", MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg", ComputeIndexTargets(), - new indexRecords (Dist)); + iR); else new pkgAcqMetaIndex(Owner, NULL, MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release", MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg", ComputeIndexTargets(), - new indexRecords (Dist)); + iR); return true; } diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index 8c1e2229b..bf1901e11 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -253,12 +253,30 @@ bool indexRecords::parseSumData(const char *&Start, const char *End, /*{{{*/ return true; } /*}}}*/ -indexRecords::indexRecords() + +APT_PURE bool indexRecords::IsAlwaysTrusted() const +{ + if (Trusted == ALWAYS_TRUSTED) + return true; + return false; +} +APT_PURE bool indexRecords::IsNeverTrusted() const +{ + if (Trusted == NEVER_TRUSTED) + return true; + return false; +} +void indexRecords::SetTrusted(bool const Trusted) { + if (Trusted == true) + this->Trusted = ALWAYS_TRUSTED; + else + this->Trusted = NEVER_TRUSTED; } -indexRecords::indexRecords(const string ExpectedDist) : - ExpectedDist(ExpectedDist), ValidUntil(0), SupportsAcquireByHash(false) +indexRecords::indexRecords(const string &ExpectedDist) : + Trusted(CHECK_TRUST), d(NULL), ExpectedDist(ExpectedDist), ValidUntil(0), + SupportsAcquireByHash(false) { } diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index e1a2c0f74..88a06779c 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -26,9 +26,12 @@ class indexRecords public: struct checkSum; std::string ErrorText; - // dpointer (for later9 + + private: + enum APT_HIDDEN { ALWAYS_TRUSTED, NEVER_TRUSTED, CHECK_TRUST } Trusted; + // dpointer (for later) void * d; - + protected: std::string Dist; std::string Suite; @@ -40,8 +43,7 @@ class indexRecords public: - indexRecords(); - indexRecords(const std::string ExpectedDist); + indexRecords(const std::string &ExpectedDist = ""); // Lookup function virtual checkSum *Lookup(const std::string MetaKey); @@ -50,12 +52,27 @@ class indexRecords std::vector<std::string> MetaKeys(); virtual bool Load(std::string Filename); + virtual bool CheckDist(const std::string MaybeDist) const; + std::string GetDist() const; std::string GetSuite() const; bool GetSupportsAcquireByHash() const; time_t GetValidUntil() const; - virtual bool CheckDist(const std::string MaybeDist) const; std::string GetExpectedDist() const; + + /** \brief check if source is marked as always trusted */ + bool IsAlwaysTrusted() const; + /** \brief check if source is marked as never trusted */ + bool IsNeverTrusted() const; + + /** \brief sets an explicit trust value + * + * \b true means that the source should always be considered trusted, + * while \b false marks a source as always untrusted, even if we have + * a valid signature and everything. + */ + void SetTrusted(bool const Trusted); + virtual ~indexRecords(); }; diff --git a/test/integration/framework b/test/integration/framework index 75cec204c..76425f0c3 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -859,6 +859,7 @@ setupaptarchive() { signreleasefiles() { local SIGNER="${1:-Joe Sixpack}" + local REPODIR="${2:-aptarchive}" local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes" msgninfo "\tSign archive with $SIGNER key $KEY… " @@ -885,7 +886,7 @@ signreleasefiles() { cp ${REXKEY}.pub $PUBUNEXPIRED fi fi - for RELEASE in $(find aptarchive/ -name Release); do + for RELEASE in $(find ${REPODIR}/ -name Release); do $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output ${RELEASE}.gpg ${RELEASE} local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')" $GPG --default-key "$SIGNER" --clearsign --output $INRELEASE $RELEASE @@ -1167,9 +1168,10 @@ testsuccess() { if $@ >${OUTPUT} 2>&1; then msgpass else + local EXITCODE=$? echo >&2 cat >&2 $OUTPUT - msgfail + msgfail "exitcode $EXITCODE" fi } @@ -1181,9 +1183,10 @@ testfailure() { fi local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output" if $@ >${OUTPUT} 2>&1; then + local EXITCODE=$? echo >&2 cat >&2 $OUTPUT - msgfail + msgfail "exitcode $EXITCODE" else msgpass fi diff --git a/test/integration/test-sourceslist-trusted-options b/test/integration/test-sourceslist-trusted-options new file mode 100755 index 000000000..ae65cca83 --- /dev/null +++ b/test/integration/test-sourceslist-trusted-options @@ -0,0 +1,168 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture 'amd64' + +buildsimplenativepackage 'foo' 'amd64' '1' 'stable' +buildsimplenativepackage 'foo' 'amd64' '2' 'testing' + +setupaptarchive --no-update + +APTARCHIVE=$(readlink -f ./aptarchive) + +everythingsucceeds() { + testequal 'Listing... +foo/testing 2 amd64 +foo/stable 1 amd64 +' apt list foo -a + + rm -f foo_1_amd64.deb foo_2_amd64.deb + testsuccess aptget download foo "$@" + testsuccess test -s foo_1_amd64.deb -o -s foo_2_amd64.deb + + rm -f foo_1.dsc foo_2.dsc + testsuccess aptget source foo --dsc-only -d "$@" + testsuccess test -s foo_1.dsc -o -s foo_2.dsc +} + +everythingfails() { + testequal 'Listing... +foo/testing 2 amd64 +foo/stable 1 amd64 +' apt list foo -a + + local WARNING='WARNING: The following packages cannot be authenticated! + foo +E: Some packages could not be authenticated' + + rm -f foo_1_amd64.deb foo_2_amd64.deb + testfailure aptget download foo "$@" + testequal "$WARNING" tail -n 3 rootdir/tmp/testfailure.output + testfailure test -s foo_1_amd64.deb -o -s foo_2_amd64.deb + + rm -f foo_1.dsc foo_2.dsc + testfailure aptget source foo --dsc-only -d "$@" + testequal "$WARNING" tail -n 3 rootdir/tmp/testfailure.output + testfailure test -s foo_1.dsc -o -s foo_2.dsc +} + +cp -a rootdir/etc/apt/sources.list.d/ rootdir/etc/apt/sources.list.d.bak/ + +aptgetupdate() { + rm -rf rootdir/var/lib/apt/lists + # note that insecure with trusted=yes are allowed + # as the trusted=yes indicates that security is provided by + # something above the understanding of apt + testsuccess aptget update --no-allow-insecure-repositories +} + +insecureaptgetupdate() { + rm -rf rootdir/var/lib/apt/lists + testfailure aptget update + rm -rf rootdir/var/lib/apt/lists + testsuccess aptget update --allow-insecure-repositories +} + +msgmsg 'Test without trusted option and good sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +aptgetupdate +everythingsucceeds +everythingsucceeds -t stable +everythingsucceeds -t testing + +msgmsg 'Test with trusted=yes option and good sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/* +aptgetupdate +everythingsucceeds +everythingsucceeds -t stable +everythingsucceeds -t testing + +msgmsg 'Test with trusted=no option and good sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/* +# we want the warnings on the actions, but for 'update' everything is fine +aptgetupdate +everythingfails +everythingfails -t stable +everythingfails -t testing + +find aptarchive/dists/stable \( -name 'InRelease' -o -name 'Release.gpg' \) -delete + +msgmsg 'Test without trusted option and good and unsigned sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +insecureaptgetupdate +everythingsucceeds +everythingfails -t stable +everythingsucceeds -t testing + +msgmsg 'Test with trusted=yes option and good and unsigned sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/* +aptgetupdate +everythingsucceeds +everythingsucceeds -t stable +everythingsucceeds -t testing + +msgmsg 'Test with trusted=no option and good and unsigned sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/* +insecureaptgetupdate +everythingfails +everythingfails -t stable +everythingfails -t testing + +signreleasefiles 'Marvin Paranoid' 'aptarchive/dists/stable' + +msgmsg 'Test without trusted option and good and unknown sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +insecureaptgetupdate +everythingsucceeds +everythingfails -t stable +everythingsucceeds -t testing + +msgmsg 'Test with trusted=yes option and good and unknown sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/* +aptgetupdate +everythingsucceeds +everythingsucceeds -t stable +everythingsucceeds -t testing + +msgmsg 'Test with trusted=no option and good and unknown sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/* +insecureaptgetupdate +everythingfails +everythingfails -t stable +everythingfails -t testing + +signreleasefiles 'Rex Expired' 'aptarchive/dists/stable' +cp -a keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg + +msgmsg 'Test without trusted option and good and expired sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +insecureaptgetupdate +everythingsucceeds +everythingfails -t stable +everythingsucceeds -t testing + +msgmsg 'Test with trusted=yes option and good and expired sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/* +aptgetupdate +everythingsucceeds +everythingsucceeds -t stable +everythingsucceeds -t testing + +msgmsg 'Test with trusted=no option and good and expired sources' +cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/ +sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/* +insecureaptgetupdate +everythingfails +everythingfails -t stable +everythingfails -t testing |