diff options
Diffstat (limited to 'apt-pkg')
| -rw-r--r-- | apt-pkg/acquire-item.cc | 6 | ||||
| -rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 12 | ||||
| -rw-r--r-- | apt-pkg/indexrecords.cc | 24 | ||||
| -rw-r--r-- | apt-pkg/indexrecords.h | 27 |
4 files changed, 55 insertions, 14 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 6731e07d5..97ff1bd18 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1777,7 +1777,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ TransactionManager->TransactionStageRemoval(this, DestFile); // only allow going further if the users explicitely wants it - if(_config->FindB("Acquire::AllowInsecureRepositories") == true) + if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) { // we parse the indexes here because at this point the user wanted // a repository that may potentially harm him @@ -2155,7 +2155,7 @@ void pkgAcqMetaIndex::Failed(string Message, // No Release file was present so fall // back to queueing Packages files without verification // only allow going further if the users explicitely wants it - if(_config->FindB("Acquire::AllowInsecureRepositories") == true) + if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) { // Done, queue for rename on transaction finished if (FileExists(DestFile)) @@ -2279,7 +2279,7 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /* // No Release file was present, or verification failed, so fall // back to queueing Packages files without verification // only allow going further if the users explicitely wants it - if(_config->FindB("Acquire::AllowInsecureRepositories") == true) + if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true) { Status = StatDone; diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index f2d637676..c103da8f7 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -253,6 +253,12 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const { bool const tryInRelease = _config->FindB("Acquire::TryInRelease", true); + indexRecords * const iR = new indexRecords(Dist); + if (Trusted == ALWAYS_TRUSTED) + iR->SetTrusted(true); + else if (Trusted == NEVER_TRUSTED) + iR->SetTrusted(false); + // special case for --print-uris if (GetAll) { vector <IndexTarget *> *targets = ComputeIndexTargets(); @@ -270,7 +276,7 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const MetaIndexInfo("Release"), "Release", MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg", ComputeIndexTargets(), - new indexRecords (Dist)); + iR); } if (tryInRelease == true) new pkgAcqMetaClearSig(Owner, @@ -278,13 +284,13 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release", MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg", ComputeIndexTargets(), - new indexRecords (Dist)); + iR); else new pkgAcqMetaIndex(Owner, NULL, MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release", MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg", ComputeIndexTargets(), - new indexRecords (Dist)); + iR); return true; } diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index 8c1e2229b..bf1901e11 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -253,12 +253,30 @@ bool indexRecords::parseSumData(const char *&Start, const char *End, /*{{{*/ return true; } /*}}}*/ -indexRecords::indexRecords() + +APT_PURE bool indexRecords::IsAlwaysTrusted() const +{ + if (Trusted == ALWAYS_TRUSTED) + return true; + return false; +} +APT_PURE bool indexRecords::IsNeverTrusted() const +{ + if (Trusted == NEVER_TRUSTED) + return true; + return false; +} +void indexRecords::SetTrusted(bool const Trusted) { + if (Trusted == true) + this->Trusted = ALWAYS_TRUSTED; + else + this->Trusted = NEVER_TRUSTED; } -indexRecords::indexRecords(const string ExpectedDist) : - ExpectedDist(ExpectedDist), ValidUntil(0), SupportsAcquireByHash(false) +indexRecords::indexRecords(const string &ExpectedDist) : + Trusted(CHECK_TRUST), d(NULL), ExpectedDist(ExpectedDist), ValidUntil(0), + SupportsAcquireByHash(false) { } diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index e1a2c0f74..88a06779c 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -26,9 +26,12 @@ class indexRecords public: struct checkSum; std::string ErrorText; - // dpointer (for later9 + + private: + enum APT_HIDDEN { ALWAYS_TRUSTED, NEVER_TRUSTED, CHECK_TRUST } Trusted; + // dpointer (for later) void * d; - + protected: std::string Dist; std::string Suite; @@ -40,8 +43,7 @@ class indexRecords public: - indexRecords(); - indexRecords(const std::string ExpectedDist); + indexRecords(const std::string &ExpectedDist = ""); // Lookup function virtual checkSum *Lookup(const std::string MetaKey); @@ -50,12 +52,27 @@ class indexRecords std::vector<std::string> MetaKeys(); virtual bool Load(std::string Filename); + virtual bool CheckDist(const std::string MaybeDist) const; + std::string GetDist() const; std::string GetSuite() const; bool GetSupportsAcquireByHash() const; time_t GetValidUntil() const; - virtual bool CheckDist(const std::string MaybeDist) const; std::string GetExpectedDist() const; + + /** \brief check if source is marked as always trusted */ + bool IsAlwaysTrusted() const; + /** \brief check if source is marked as never trusted */ + bool IsNeverTrusted() const; + + /** \brief sets an explicit trust value + * + * \b true means that the source should always be considered trusted, + * while \b false marks a source as always untrusted, even if we have + * a valid signature and everything. + */ + void SetTrusted(bool const Trusted); + virtual ~indexRecords(); }; |