diff options
| -rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 43 | ||||
| -rw-r--r-- | apt-pkg/deb/debmetaindex.h | 8 | ||||
| -rw-r--r-- | apt-pkg/metaindex.cc | 2 | ||||
| -rw-r--r-- | apt-pkg/metaindex.h | 1 | ||||
| -rw-r--r-- | doc/sources.list.5.xml | 8 | ||||
| -rwxr-xr-x | test/integration/test-bug-596498-trusted-unsigned-repo | 8 | ||||
| -rwxr-xr-x | test/integration/test-sourceslist-trusted-options | 17 |
7 files changed, 63 insertions, 24 deletions
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index f690a8d64..1f725ba05 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -29,6 +29,8 @@ #include <unistd.h> #include <string.h> +#include <apti18n.h> + class APT_HIDDEN debReleaseIndexPrivate /*{{{*/ { public: @@ -42,6 +44,11 @@ class APT_HIDDEN debReleaseIndexPrivate /*{{{*/ std::vector<debSectionEntry> DebEntries; std::vector<debSectionEntry> DebSrcEntries; + + debReleaseIndex::TriState Trusted; + + debReleaseIndexPrivate() : Trusted(debReleaseIndex::TRI_UNSET) {} + debReleaseIndexPrivate(bool const pTrusted) : Trusted(pTrusted ? debReleaseIndex::TRI_YES : debReleaseIndex::TRI_NO) {} }; /*}}}*/ // ReleaseIndex::MetaIndex* - display helpers /*{{{*/ @@ -101,12 +108,11 @@ std::string debReleaseIndex::LocalFileName() const /*{{{*/ /*}}}*/ // ReleaseIndex Con- and Destructors /*{{{*/ debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist) : - metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate()), Trusted(CHECK_TRUST) + metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate()) {} debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, bool const Trusted) : - metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate()) { - SetTrusted(Trusted); -} + metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate(Trusted)) +{} debReleaseIndex::~debReleaseIndex() { if (d != NULL) delete d; @@ -225,9 +231,9 @@ void debReleaseIndex::AddComponent(bool const isSrc, std::string const &Name,/*{ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const/*{{{*/ { indexRecords * const iR = new indexRecords(Dist); - if (Trusted == ALWAYS_TRUSTED) + if (d->Trusted == TRI_YES) iR->SetTrusted(true); - else if (Trusted == NEVER_TRUSTED) + else if (d->Trusted == TRI_NO) iR->SetTrusted(false); // special case for --print-uris @@ -246,19 +252,21 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const/*{ return true; } /*}}}*/ -// ReleaseIndex::*Trusted setters and checkers /*{{{*/ -void debReleaseIndex::SetTrusted(bool const Trusted) +// ReleaseIndex::IsTrusted /*{{{*/ +bool debReleaseIndex::SetTrusted(TriState const Trusted) { - if (Trusted == true) - this->Trusted = ALWAYS_TRUSTED; - else - this->Trusted = NEVER_TRUSTED; + if (d->Trusted == TRI_UNSET) + d->Trusted = Trusted; + else if (d->Trusted != Trusted) + // TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite + return _error->Error(_("Conflicting values set for option %s concerning source %s %s"), "Trusted", URI.c_str(), Dist.c_str()); + return true; } bool debReleaseIndex::IsTrusted() const { - if (Trusted == ALWAYS_TRUSTED) + if (d->Trusted == TRI_YES) return true; - else if (Trusted == NEVER_TRUSTED) + else if (d->Trusted == TRI_NO) return false; @@ -476,7 +484,12 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ std::map<std::string, std::string>::const_iterator const trusted = Options.find("trusted"); if (trusted != Options.end()) - Deb->SetTrusted(StringToBool(trusted->second, false)); + { + if (Deb->SetTrusted(StringToBool(trusted->second, false) ? debReleaseIndex::TRI_YES : debReleaseIndex::TRI_NO) == false) + return false; + } + else if (Deb->SetTrusted(debReleaseIndex::TRI_DONTCARE) == false) + return false; return true; } diff --git a/apt-pkg/deb/debmetaindex.h b/apt-pkg/deb/debmetaindex.h index 9b60b6137..a6db4e287 100644 --- a/apt-pkg/deb/debmetaindex.h +++ b/apt-pkg/deb/debmetaindex.h @@ -27,8 +27,6 @@ class APT_HIDDEN debReleaseIndex : public metaIndex { debReleaseIndexPrivate * const d; - enum APT_HIDDEN { ALWAYS_TRUSTED, NEVER_TRUSTED, CHECK_TRUST } Trusted; - public: APT_HIDDEN std::string MetaIndexInfo(const char *Type) const; @@ -51,7 +49,11 @@ class APT_HIDDEN debReleaseIndex : public metaIndex virtual std::vector <pkgIndexFile *> *GetIndexFiles(); - void SetTrusted(bool const Trusted); + enum APT_HIDDEN TriState { + TRI_YES, TRI_DONTCARE, TRI_NO, TRI_UNSET + }; + bool SetTrusted(TriState const Trusted); + virtual bool IsTrusted() const; void AddComponent(bool const isSrc, std::string const &Name, diff --git a/apt-pkg/metaindex.cc b/apt-pkg/metaindex.cc index d96349974..0c88ee9cd 100644 --- a/apt-pkg/metaindex.cc +++ b/apt-pkg/metaindex.cc @@ -41,7 +41,7 @@ bool metaIndex::Merge(pkgCacheGenerator &Gen,OpProgress *) const metaIndex::metaIndex(std::string const &URI, std::string const &Dist, char const * const Type) -: d(NULL), Indexes(NULL), Type(Type), URI(URI), Dist(Dist), Trusted(false) +: d(NULL), Indexes(NULL), Type(Type), URI(URI), Dist(Dist) { /* nothing */ } diff --git a/apt-pkg/metaindex.h b/apt-pkg/metaindex.h index 1bcec1c4a..9667e1c92 100644 --- a/apt-pkg/metaindex.h +++ b/apt-pkg/metaindex.h @@ -34,7 +34,6 @@ class metaIndex const char *Type; std::string URI; std::string Dist; - bool Trusted; public: diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml index 8506017ad..f87dcda23 100644 --- a/doc/sources.list.5.xml +++ b/doc/sources.list.5.xml @@ -223,7 +223,15 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [. source. If not specified, the default set is defined by the <literal>APT::Acquire::Targets</literal> configuration scope. </para></listitem> + </itemizedlist> + + Further more, there are options which if set effect + <emphasis>all</emphasis> sources with the same URI and Suite, so they + have to be set on all such entries and can not be varied between + different components. APT will try to detect and error out on such + anomalies. + <itemizedlist> <listitem><para><literal>Trusted</literal> (<literal>trusted</literal>) is a tri-state value which defaults to APT deciding if a source is considered trusted or if warnings should be raised before e.g. diff --git a/test/integration/test-bug-596498-trusted-unsigned-repo b/test/integration/test-bug-596498-trusted-unsigned-repo index 1ff0f1d8d..c515837a3 100755 --- a/test/integration/test-bug-596498-trusted-unsigned-repo +++ b/test/integration/test-bug-596498-trusted-unsigned-repo @@ -18,7 +18,7 @@ aptgetupdate() { PKGTEXT="$(aptget install cool --assume-no -d | head -n 8)" DOWNLOG="$(echo "$PKGTEXT" | tail -n 1)" PKGTEXT="$(echo "$PKGTEXT" | head -n 7)" -DEBFILE='rootdir/etc/apt/sources.list.d/apt-test-unstable-deb.list' +DEBFILE='rootdir/etc/apt/sources.list.d/apt-test-unstable-*.list' testsuccessequal "$PKGTEXT $DOWNLOG @@ -28,7 +28,7 @@ testsuccessequal "$PKGTEXT $DOWNLOG Download complete and in download only mode" aptget install cool --assume-no -d --allow-unauthenticated -sed -i -e 's#deb#deb [trusted=no]#' $DEBFILE +sed -i -e 's#\(deb\(-src\)\?\) #\1 [trusted=no] #' $DEBFILE aptgetupdate 'testsuccess' testfailureequal "$PKGTEXT @@ -38,7 +38,7 @@ Install these packages without verification? [y/N] N E: Some packages could not be authenticated" aptget install cool --assume-no -d find aptarchive/ \( -name 'Release.gpg' -o -name 'InRelease' \) -delete -sed -i -e 's#deb \[trusted=no\]#deb#' $DEBFILE +sed -i -e 's#\(deb\(-src\)\?\) \[trusted=no\] #\1 #' $DEBFILE aptgetupdate testfailureequal "$PKGTEXT @@ -54,7 +54,7 @@ Authentication warning overridden. $DOWNLOG Download complete and in download only mode" aptget install cool --assume-no -d --allow-unauthenticated -sed -i -e 's#deb#deb [trusted=yes]#' $DEBFILE +sed -i -e 's#\(deb\(-src\)\?\) #\1 [trusted=yes] #' $DEBFILE aptgetupdate testsuccessequal "$PKGTEXT diff --git a/test/integration/test-sourceslist-trusted-options b/test/integration/test-sourceslist-trusted-options index 5fe4933ce..86036e242 100755 --- a/test/integration/test-sourceslist-trusted-options +++ b/test/integration/test-sourceslist-trusted-options @@ -199,3 +199,20 @@ insecureaptgetupdate everythingfails everythingfails -t stable everythingfails -t testing + +msgmsg 'Test conflicting trusted options are refused' +testsource() { + echo "$@" > rootdir/etc/apt/sources.list.d/example.list + testfailuremsg 'E: Conflicting values set for option Trusted concerning source http://example.org/bad/ unstable +E: The list of sources could not be read.' aptget update --print-uris +} +for VAL in 'yes' 'no'; do + testsource "deb http://example.org/bad unstable main +deb [trusted=${VAL}] http://example.org/bad unstable non-free" + testsource "deb [trusted=${VAL}] http://example.org/bad unstable main +deb http://example.org/bad unstable non-free" +done +testsource 'deb [trusted=yes] http://example.org/bad unstable main +deb [trusted=no] http://example.org/bad unstable non-free' +testsource 'deb [trusted=no] http://example.org/bad unstable main +deb [trusted=yes] http://example.org/bad unstable non-free' |