diff options
Diffstat (limited to 'apt-pkg')
| -rw-r--r-- | apt-pkg/acquire-item.cc | 52 | ||||
| -rw-r--r-- | apt-pkg/acquire-item.h | 5 | ||||
| -rw-r--r-- | apt-pkg/acquire-worker.cc | 16 | ||||
| -rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 118 | ||||
| -rw-r--r-- | apt-pkg/deb/debmetaindex.h | 5 | ||||
| -rw-r--r-- | apt-pkg/indexcopy.cc | 2 | ||||
| -rw-r--r-- | apt-pkg/indexfile.cc | 5 | ||||
| -rw-r--r-- | apt-pkg/indexfile.h | 3 | ||||
| -rw-r--r-- | apt-pkg/init.cc | 1 |
9 files changed, 149 insertions, 58 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 63b3c9a1f..a4b1d4897 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -175,7 +175,7 @@ static void ReportMirrorFailureToCentral(pkgAcquire::Item const &I, std::string } /*}}}*/ -static bool MessageInsecureRepository(bool const isError, char const * const msg, std::string const &repo)/*{{{*/ +static APT_NONNULL(2) bool MessageInsecureRepository(bool const isError, char const * const msg, std::string const &repo)/*{{{*/ { std::string m; strprintf(m, msg, repo.c_str()); @@ -195,7 +195,28 @@ static bool MessageInsecureRepository(bool const isError, char const * const msg /*}}}*/ // AllowInsecureRepositories /*{{{*/ enum class InsecureType { UNSIGNED, WEAK, NORELEASE }; -static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType msg, std::string const &repo, +static bool TargetIsAllowedToBe(IndexTarget const &Target, InsecureType const type) +{ + if (_config->FindB("Acquire::AllowInsecureRepositories")) + return true; + + if (Target.OptionBool(IndexTarget::ALLOW_INSECURE)) + return true; + + switch (type) + { + case InsecureType::UNSIGNED: break; + case InsecureType::NORELEASE: break; + case InsecureType::WEAK: + if (_config->FindB("Acquire::AllowWeakRepositories")) + return true; + if (Target.OptionBool(IndexTarget::ALLOW_WEAK)) + return true; + break; + } + return false; +} +static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType const msg, std::string const &repo, metaIndex const * const MetaIndexParser, pkgAcqMetaClearSig * const TransactionManager, pkgAcquire::Item * const I) { // we skip weak downgrades as its unlikely that a repository gets really weaker – @@ -213,7 +234,8 @@ static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType msg, std case InsecureType::NORELEASE: msgstr = _("The repository '%s' does no longer have a Release file."); break; case InsecureType::WEAK: /* unreachable */ break; } - if (_config->FindB("Acquire::AllowDowngradeToInsecureRepositories")) + if (_config->FindB("Acquire::AllowDowngradeToInsecureRepositories") || + TransactionManager->Target.OptionBool(IndexTarget::ALLOW_DOWNGRADE_TO_INSECURE)) { // meh, the users wants to take risks (we still mark the packages // from this repository as unauthenticated) @@ -241,7 +263,7 @@ static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType msg, std case InsecureType::WEAK: msgstr = _("The repository '%s' provides only weak security information."); break; } - if (_config->FindB("Acquire::AllowInsecureRepositories") == true) + if (TargetIsAllowedToBe(TransactionManager->Target, msg) == true) { MessageInsecureRepository(false, msgstr, repo); return true; @@ -277,7 +299,20 @@ APT_CONST bool pkgAcqTransactionItem::HashesRequired() const we can at least trust them for integrity of the download itself. Only repositories without a Release file can (obviously) not have hashes – and they are very uncommon and strongly discouraged */ - return TransactionManager->MetaIndexParser->GetLoadedSuccessfully() == metaIndex::TRI_YES; + if (TransactionManager->MetaIndexParser->GetLoadedSuccessfully() != metaIndex::TRI_YES) + return false; + if (TargetIsAllowedToBe(Target, InsecureType::WEAK)) + { + /* If we allow weak hashes, we check that we have some (weak) and then + declare hashes not needed. That will tip us in the right direction + as if hashes exist, they will be used, even if not required */ + auto const hsl = GetExpectedHashes(); + if (hsl.usable()) + return true; + if (hsl.empty() == false) + return false; + } + return true; } HashStringList pkgAcqTransactionItem::GetExpectedHashes() const { @@ -1333,7 +1368,7 @@ void pkgAcqMetaClearSig::QueueIndexes(bool const verify) /*{{{*/ auto const hashes = GetExpectedHashesFor(Target.MetaKey); if (hashes.empty() == false) { - if (hashes.usable() == false) + if (hashes.usable() == false && TargetIsAllowedToBe(TransactionManager->Target, InsecureType::WEAK) == false) { new CleanupItem(Owner, TransactionManager, Target); _error->Warning(_("Skipping acquire of configured file '%s' as repository '%s' provides only weak security information for it"), @@ -1525,8 +1560,7 @@ pkgAcqMetaClearSig::pkgAcqMetaClearSig(pkgAcquire * const Owner, /*{{{*/ IndexTarget const &DetachedDataTarget, IndexTarget const &DetachedSigTarget, metaIndex * const MetaIndexParser) : pkgAcqMetaIndex(Owner, this, ClearsignedTarget, DetachedSigTarget), - d(NULL), ClearsignedTarget(ClearsignedTarget), - DetachedDataTarget(DetachedDataTarget), + d(NULL), DetachedDataTarget(DetachedDataTarget), MetaIndexParser(MetaIndexParser), LastMetaIndexParser(NULL) { // index targets + (worst case:) Release/Release.gpg @@ -1640,7 +1674,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c if(CheckStopAuthentication(this, Message)) return; - if(AllowInsecureRepositories(InsecureType::UNSIGNED, ClearsignedTarget.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) + if(AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) { Status = StatDone; diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index 92f1ac215..ac4994738 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -368,12 +368,13 @@ class APT_HIDDEN pkgAcqTransactionItem: public pkgAcquire::Item /*{{{*/ { void * const d; protected: - IndexTarget const Target; HashStringList GetExpectedHashesFor(std::string const &MetaKey) const; bool QueueURI(pkgAcquire::ItemDesc &Item) APT_OVERRIDE; public: + IndexTarget const Target; + /** \brief storge name until a transaction is finished */ std::string PartialFile; @@ -559,8 +560,6 @@ class APT_HIDDEN pkgAcqMetaSig : public pkgAcqTransactionItem class APT_HIDDEN pkgAcqMetaClearSig : public pkgAcqMetaIndex { void * const d; - - IndexTarget const ClearsignedTarget; IndexTarget const DetachedDataTarget; public: diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc index d3d95998c..9ed7b5b28 100644 --- a/apt-pkg/acquire-worker.cc +++ b/apt-pkg/acquire-worker.cc @@ -378,6 +378,7 @@ bool pkgAcquire::Worker::RunMessages() bool const isIMSHit = StringToBool(LookupTag(Message,"IMS-Hit"),false) || StringToBool(LookupTag(Message,"Alt-IMS-Hit"),false); + auto const forcedHash = _config->Find("Acquire::ForceHash"); for (auto const Owner: ItmOwners) { HashStringList const ExpectedHashes = Owner->GetExpectedHashes(); @@ -395,9 +396,10 @@ bool pkgAcquire::Worker::RunMessages() // decide if what we got is what we expected bool consideredOkay = false; - if (ExpectedHashes.usable()) + if ((forcedHash.empty() && ExpectedHashes.empty() == false) || + (forcedHash.empty() == false && ExpectedHashes.usable())) { - if (ReceivedHashes.usable() == false) + if (ReceivedHashes.empty()) { /* IMS-Hits can't be checked here as we will have uncompressed file, but the hashes for the compressed file. What we have was good through @@ -410,16 +412,8 @@ bool pkgAcquire::Worker::RunMessages() consideredOkay = false; } - else if (Owner->HashesRequired() == true) - consideredOkay = false; else - { - consideredOkay = true; - // even if the hashes aren't usable to declare something secure - // we can at least use them to declare it an integrity failure - if (ExpectedHashes.empty() == false && ReceivedHashes != ExpectedHashes && _config->Find("Acquire::ForceHash").empty()) - consideredOkay = false; - } + consideredOkay = !Owner->HashesRequired(); if (consideredOkay == true) consideredOkay = Owner->VerifyDone(Message, Config); diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 0c9cde620..2671fc30d 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -51,8 +51,9 @@ class APT_HIDDEN debReleaseIndexPrivate /*{{{*/ std::vector<std::string> Architectures; std::vector<std::string> NoSupportForAll; + std::map<std::string, std::string> const ReleaseOptions; - debReleaseIndexPrivate() : CheckValidUntil(metaIndex::TRI_UNSET), ValidUntilMin(0), ValidUntilMax(0) {} + debReleaseIndexPrivate(std::map<std::string, std::string> const &Options) : CheckValidUntil(metaIndex::TRI_UNSET), ValidUntilMin(0), ValidUntilMax(0), ReleaseOptions(Options) {} }; /*}}}*/ // ReleaseIndex::MetaIndex* - display helpers /*{{{*/ @@ -96,11 +97,11 @@ std::string debReleaseIndex::MetaIndexURI(const char *Type) const } /*}}}*/ // ReleaseIndex Con- and Destructors /*{{{*/ -debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist) : - metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate()) +debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, std::map<std::string, std::string> const &Options) : + metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate(Options)) {} -debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, bool const pTrusted) : - metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate()) +debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, bool const pTrusted, std::map<std::string, std::string> const &Options) : + metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate(Options)) { Trusted = pTrusted ? TRI_YES : TRI_NO; } @@ -112,17 +113,10 @@ debReleaseIndex::~debReleaseIndex() { // ReleaseIndex::GetIndexTargets /*{{{*/ static void GetIndexTargetsFor(char const * const Type, std::string const &URI, std::string const &Dist, std::vector<debReleaseIndexPrivate::debSectionEntry> const &entries, - std::vector<IndexTarget> &IndexTargets) + std::vector<IndexTarget> &IndexTargets, std::map<std::string, std::string> const &ReleaseOptions) { bool const flatArchive = (Dist[Dist.length() - 1] == '/'); - std::string baseURI = URI; - if (flatArchive) - { - if (Dist != "/") - baseURI += Dist; - } - else - baseURI += "dists/" + Dist + "/"; + std::string const baseURI = constructMetaIndexURI(URI, Dist, ""); std::string const Release = (Dist == "/") ? "" : Dist; std::string const Site = ::URI::ArchiveOnly(URI); @@ -292,8 +286,7 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI, } // not available in templates, but in the indextarget - Options.insert(std::make_pair("BASE_URI", baseURI)); - Options.insert(std::make_pair("REPO_URI", URI)); + Options.insert(ReleaseOptions.begin(), ReleaseOptions.end()); Options.insert(std::make_pair("IDENTIFIER", Identifier)); Options.insert(std::make_pair("TARGET_OF", Type)); Options.insert(std::make_pair("CREATED_BY", *T)); @@ -317,7 +310,7 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI, MetaKey, ShortDesc, LongDesc, - Options.find("BASE_URI")->second + MetaKey, + baseURI + MetaKey, IsOpt, KeepCompressed, Options @@ -344,8 +337,8 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI, std::vector<IndexTarget> debReleaseIndex::GetIndexTargets() const { std::vector<IndexTarget> IndexTargets; - GetIndexTargetsFor("deb-src", URI, Dist, d->DebSrcEntries, IndexTargets); - GetIndexTargetsFor("deb", URI, Dist, d->DebEntries, IndexTargets); + GetIndexTargetsFor("deb-src", URI, Dist, d->DebSrcEntries, IndexTargets, d->ReleaseOptions); + GetIndexTargetsFor("deb", URI, Dist, d->DebEntries, IndexTargets, d->ReleaseOptions); return IndexTargets; } /*}}}*/ @@ -542,11 +535,11 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro metaIndex * debReleaseIndex::UnloadedClone() const /*{{{*/ { if (Trusted == TRI_NO) - return new debReleaseIndex(URI, Dist, false); + return new debReleaseIndex(URI, Dist, false, d->ReleaseOptions); else if (Trusted == TRI_YES) - return new debReleaseIndex(URI, Dist, true); + return new debReleaseIndex(URI, Dist, true, d->ReleaseOptions); else - return new debReleaseIndex(URI, Dist); + return new debReleaseIndex(URI, Dist, d->ReleaseOptions); } /*}}}*/ bool debReleaseIndex::parseSumData(const char *&Start, const char *End, /*{{{*/ @@ -611,7 +604,7 @@ bool debReleaseIndex::parseSumData(const char *&Start, const char *End, /*{{{*/ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll)/*{{{*/ { -#define APT_TARGET(X) IndexTarget("", X, MetaIndexInfo(X), MetaIndexURI(X), false, false, std::map<std::string,std::string>()) +#define APT_TARGET(X) IndexTarget("", X, MetaIndexInfo(X), MetaIndexURI(X), false, false, d->ReleaseOptions) pkgAcqMetaClearSig * const TransactionManager = new pkgAcqMetaClearSig(Owner, APT_TARGET("InRelease"), APT_TARGET("Release"), APT_TARGET("Release.gpg"), this); #undef APT_TARGET @@ -751,6 +744,10 @@ std::vector <pkgIndexFile *> *debReleaseIndex::GetIndexFiles() /*{{{*/ return Indexes; } /*}}}*/ +std::map<std::string, std::string> debReleaseIndex::GetReleaseOptions() +{ + return d->ReleaseOptions; +} static bool ReleaseFileName(debReleaseIndex const * const That, std::string &ReleaseFile)/*{{{*/ { @@ -900,7 +897,7 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ return metaIndex::TRI_DONTCARE; } - time_t GetTimeOption(std::map<std::string, std::string>const &Options, char const * const name) const + static time_t GetTimeOption(std::map<std::string, std::string>const &Options, char const * const name) { std::map<std::string, std::string>::const_iterator const opt = Options.find(name); if (opt == Options.end()) @@ -908,12 +905,74 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ return strtoull(opt->second.c_str(), NULL, 10); } + static bool GetBoolOption(std::map<std::string, std::string> const &Options, char const * const name, bool const defVal) + { + std::map<std::string, std::string>::const_iterator const opt = Options.find(name); + if (opt == Options.end()) + return defVal; + return StringToBool(opt->second, defVal); + } + + static std::vector<std::string> GetMapKeys(std::map<std::string, std::string> const &Options) + { + std::vector<std::string> ret; + ret.reserve(Options.size()); + for (auto &&O: Options) + ret.emplace_back(O.first); + std::sort(ret.begin(), ret.end()); + return ret; + } + + static bool MapsAreEqual(std::map<std::string, std::string> const &OptionsA, + std::map<std::string, std::string> const &OptionsB, + std::string const &URI, std::string const &Dist) + { + auto const KeysA = GetMapKeys(OptionsA); + auto const KeysB = GetMapKeys(OptionsB); + auto const m = std::mismatch(KeysA.begin(), KeysA.end(), KeysB.begin()); + if (m.first != KeysA.end()) + { + if (std::find(KeysB.begin(), KeysB.end(), *m.first) == KeysB.end()) + return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.first->c_str(), "<set>", "<unset>"); + else + return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.second->c_str(), "<set>", "<unset>"); + } + if (m.second != KeysB.end()) + { + if (std::find(KeysA.begin(), KeysA.end(), *m.second) == KeysA.end()) + return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.first->c_str(), "<set>", "<unset>"); + else + return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.second->c_str(), "<set>", "<unset>"); + } + for (auto&& key: KeysA) + { + if (key == "BASE_URI" || key == "REPO_URI") + continue; + auto const a = OptionsA.find(key); + auto const b = OptionsB.find(key); + if (unlikely(a == OptionsA.end() || b == OptionsB.end()) || a->second != b->second) + return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), key.c_str(), URI.c_str(), Dist.c_str()); + } + return true; + } + protected: bool CreateItemInternal(std::vector<metaIndex *> &List, std::string const &URI, std::string const &Dist, std::string const &Section, bool const &IsSrc, std::map<std::string, std::string> const &Options) const { + std::map<std::string,std::string> ReleaseOptions = {{ + { "BASE_URI", constructMetaIndexURI(URI, Dist, "") }, + { "REPO_URI", URI }, + }}; + if (GetBoolOption(Options, "allow-insecure", _config->FindB("Acquire::AllowInsecureRepositories"))) + ReleaseOptions.emplace("ALLOW_INSECURE", "true"); + if (GetBoolOption(Options, "allow-weak", _config->FindB("Acquire::AllowWeakRepositories"))) + ReleaseOptions.emplace("ALLOW_WEAK", "true"); + if (GetBoolOption(Options, "allow-downgrade-to-insecure", _config->FindB("Acquire::AllowDowngradeToInsecureRepositories"))) + ReleaseOptions.emplace("ALLOW_DOWNGRADE_TO_INSECURE", "true"); + debReleaseIndex * Deb = nullptr; std::string const FileName = URItoFileName(constructMetaIndexURI(URI, Dist, "Release")); for (auto const &I: List) @@ -931,6 +990,8 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ corresponds to. */ if (URItoFileName(D->MetaIndexURI("Release")) == FileName) { + if (MapsAreEqual(ReleaseOptions, D->GetReleaseOptions(), URI, Dist) == false) + return false; Deb = D; break; } @@ -939,7 +1000,7 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ // No currently created Release file indexes this entry, so we create a new one. if (Deb == nullptr) { - Deb = new debReleaseIndex(URI, Dist); + Deb = new debReleaseIndex(URI, Dist, ReleaseOptions); List.push_back(Deb); } @@ -993,12 +1054,7 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ }), mytargets.end()); } - bool UsePDiffs = _config->FindB("Acquire::PDiffs", true); - { - std::map<std::string, std::string>::const_iterator const opt = Options.find("pdiffs"); - if (opt != Options.end()) - UsePDiffs = StringToBool(opt->second); - } + bool const UsePDiffs = GetBoolOption(Options, "pdiffs", _config->FindB("Acquire::PDiffs", true)); std::string UseByHash = _config->Find("APT::Acquire::By-Hash", "yes"); UseByHash = _config->Find("Acquire::By-Hash", UseByHash); diff --git a/apt-pkg/deb/debmetaindex.h b/apt-pkg/deb/debmetaindex.h index 2bb9ed693..f903617f7 100644 --- a/apt-pkg/deb/debmetaindex.h +++ b/apt-pkg/deb/debmetaindex.h @@ -34,8 +34,8 @@ class APT_HIDDEN debReleaseIndex : public metaIndex APT_HIDDEN std::string MetaIndexFile(const char *Types) const; APT_HIDDEN std::string MetaIndexURI(const char *Type) const; - debReleaseIndex(std::string const &URI, std::string const &Dist); - debReleaseIndex(std::string const &URI, std::string const &Dist, bool const Trusted); + debReleaseIndex(std::string const &URI, std::string const &Dist, std::map<std::string,std::string> const &Options); + debReleaseIndex(std::string const &URI, std::string const &Dist, bool const Trusted, std::map<std::string,std::string> const &Options); virtual ~debReleaseIndex(); virtual std::string ArchiveURI(std::string const &File) const APT_OVERRIDE {return URI + File;}; @@ -56,6 +56,7 @@ class APT_HIDDEN debReleaseIndex : public metaIndex bool SetValidUntilMin(time_t const Valid); bool SetValidUntilMax(time_t const Valid); bool SetSignedBy(std::string const &SignedBy); + std::map<std::string, std::string> GetReleaseOptions(); virtual bool IsTrusted() const APT_OVERRIDE; bool IsArchitectureSupported(std::string const &arch) const; diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index 4aade6e8a..4a35e3847 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -550,7 +550,7 @@ bool SigVerify::CopyAndVerify(string CDROM,string Name,vector<string> &SigList, if(Debug) cout << "Signature verify for: " << *I << endl; - metaIndex *MetaIndex = new debReleaseIndex("",""); + metaIndex *MetaIndex = new debReleaseIndex("","", {}); string prefix = *I; string const releasegpg = *I+"Release.gpg"; diff --git a/apt-pkg/indexfile.cc b/apt-pkg/indexfile.cc index 7ded0101b..b1435d32c 100644 --- a/apt-pkg/indexfile.cc +++ b/apt-pkg/indexfile.cc @@ -147,6 +147,9 @@ std::string IndexTarget::Option(OptionKeys const EnumKey) const /*{{{*/ APT_CASE(SOURCESENTRY); APT_CASE(BY_HASH); APT_CASE(KEEPCOMPRESSEDAS); + APT_CASE(ALLOW_INSECURE); + APT_CASE(ALLOW_WEAK); + APT_CASE(ALLOW_DOWNGRADE_TO_INSECURE); #undef APT_CASE case FILENAME: return _config->FindDir("Dir::State::lists") + URItoFileName(URI); case EXISTING_FILENAME: @@ -170,7 +173,7 @@ std::string IndexTarget::Option(OptionKeys const EnumKey) const /*{{{*/ /*}}}*/ bool IndexTarget::OptionBool(OptionKeys const EnumKey) const /*{{{*/ { - return StringToBool(Option(EnumKey)); + return StringToBool(Option(EnumKey), false); } /*}}}*/ std::string IndexTarget::Format(std::string format) const /*{{{*/ diff --git a/apt-pkg/indexfile.h b/apt-pkg/indexfile.h index 76a3d069e..68753a40a 100644 --- a/apt-pkg/indexfile.h +++ b/apt-pkg/indexfile.h @@ -93,6 +93,9 @@ class IndexTarget /*{{{*/ KEEPCOMPRESSEDAS, FALLBACK_OF, IDENTIFIER, + ALLOW_INSECURE, + ALLOW_WEAK, + ALLOW_DOWNGRADE_TO_INSECURE, }; std::string Option(OptionKeys const Key) const; bool OptionBool(OptionKeys const Key) const; diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index c77e8e2fe..70a119a6e 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -87,6 +87,7 @@ bool pkgInitConfig(Configuration &Cnf) // Repository security Cnf.CndSet("Acquire::AllowInsecureRepositories", false); + Cnf.CndSet("Acquire::AllowWeakRepositories", false); Cnf.CndSet("Acquire::AllowDowngradeToInsecureRepositories", false); // Default cdrom mount point |