From 4b42f43bed369817398b6c8d538f08e5bf6dff76 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 14 Jul 2011 21:06:09 +0200 Subject: * apt-pkg/deb/debmetaindex.cc: - add trusted=yes option to mark unsigned (local) repository as trusted based on a patch from Ansgar Burchardt, thanks a lot! (Closes: #596498) Note that "apt-get update" still warns about unknown signatures even when [trusted=yes] is given for the source. --- apt-pkg/deb/debmetaindex.cc | 39 ++++++++++++++---- apt-pkg/deb/debmetaindex.h | 3 ++ apt-pkg/metaindex.h | 4 ++ debian/changelog | 5 ++- doc/sources.list.5.xml | 9 ++++- .../test-bug-596498-trusted-unsigned-repo | 47 ++++++++++++++++++++++ 6 files changed, 97 insertions(+), 10 deletions(-) create mode 100755 test/integration/test-bug-596498-trusted-unsigned-repo diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index a91cc34e9..81afb22b6 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -142,11 +142,13 @@ string debReleaseIndex::TranslationIndexURI(const char *Type, const string &Sect return URI + "dists/" + Dist + "/" + TranslationIndexURISuffix(Type, Section); } -debReleaseIndex::debReleaseIndex(string const &URI, string const &Dist) { - this->URI = URI; - this->Dist = Dist; - this->Indexes = NULL; - this->Type = "deb"; +debReleaseIndex::debReleaseIndex(string const &URI, string const &Dist) : + metaIndex(URI, Dist, "deb"), Trusted(CHECK_TRUST) +{} + +debReleaseIndex::debReleaseIndex(string const &URI, string const &Dist, bool const Trusted) : + metaIndex(URI, Dist, "deb") { + SetTrusted(Trusted); } debReleaseIndex::~debReleaseIndex() { @@ -252,8 +254,22 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const return true; } +void debReleaseIndex::SetTrusted(bool const Trusted) +{ + if (Trusted == true) + this->Trusted = ALWAYS_TRUSTED; + else + this->Trusted = NEVER_TRUSTED; +} + bool debReleaseIndex::IsTrusted() const { + if (Trusted == ALWAYS_TRUSTED) + return true; + else if (Trusted == NEVER_TRUSTED) + return false; + + if(_config->FindB("APT::Authentication::TrustCDROM", false)) if(URI.substr(0,strlen("cdrom:")) == "cdrom:") return true; @@ -349,6 +365,7 @@ class debSLTypeDebian : public pkgSourceList::Type vector const Archs = (arch != Options.end()) ? VectorizeString(arch->second, ',') : APT::Configuration::getArchitectures(); + map::const_iterator const trusted = Options.find("trusted"); for (vector::const_iterator I = List.begin(); I != List.end(); I++) @@ -358,6 +375,9 @@ class debSLTypeDebian : public pkgSourceList::Type continue; debReleaseIndex *Deb = (debReleaseIndex *) (*I); + if (trusted != Options.end()) + Deb->SetTrusted(StringToBool(trusted->second, false)); + /* This check insures that there will be only one Release file queued for all the Packages files and Sources files it corresponds to. */ @@ -375,9 +395,14 @@ class debSLTypeDebian : public pkgSourceList::Type return true; } } + // No currently created Release file indexes this entry, so we create a new one. - // XXX determine whether this release is trusted or not - debReleaseIndex *Deb = new debReleaseIndex(URI, Dist); + debReleaseIndex *Deb; + if (trusted != Options.end()) + Deb = new debReleaseIndex(URI, Dist, StringToBool(trusted->second, false)); + else + Deb = new debReleaseIndex(URI, Dist); + if (IsSrc == true) Deb->PushSectionEntry ("source", new debReleaseIndex::debSectionEntry(Section, IsSrc)); else diff --git a/apt-pkg/deb/debmetaindex.h b/apt-pkg/deb/debmetaindex.h index 0aaf7f14a..695cfa7cc 100644 --- a/apt-pkg/deb/debmetaindex.h +++ b/apt-pkg/deb/debmetaindex.h @@ -22,10 +22,12 @@ class debReleaseIndex : public metaIndex { /** \brief dpointer placeholder (for later in case we need it) */ void *d; std::map > ArchEntries; + enum { ALWAYS_TRUSTED, NEVER_TRUSTED, CHECK_TRUST } Trusted; public: debReleaseIndex(string const &URI, string const &Dist); + debReleaseIndex(string const &URI, string const &Dist, bool const Trusted); virtual ~debReleaseIndex(); virtual string ArchiveURI(string const &File) const {return URI + File;}; @@ -43,6 +45,7 @@ class debReleaseIndex : public metaIndex { string TranslationIndexURISuffix(const char *Type, const string &Section) const; virtual vector *GetIndexFiles(); + void SetTrusted(bool const Trusted); virtual bool IsTrusted() const; void PushSectionEntry(vector const &Archs, const debSectionEntry *Entry); diff --git a/apt-pkg/metaindex.h b/apt-pkg/metaindex.h index 1d2140799..f60235a5d 100644 --- a/apt-pkg/metaindex.h +++ b/apt-pkg/metaindex.h @@ -39,6 +39,10 @@ class metaIndex virtual vector *GetIndexFiles() = 0; virtual bool IsTrusted() const = 0; + metaIndex(string const &URI, string const &Dist, char const * const Type) : + Indexes(NULL), Type(Type), URI(URI), Dist(Dist) { + } + virtual ~metaIndex() { if (Indexes == 0) return; diff --git a/debian/changelog b/debian/changelog index 5686e02fa..d226d91c4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,13 +11,16 @@ apt (0.8.16~exp3) UNRELEASEDexperimental; urgency=low - generate all checksums in one run over the file for Release * cmdline/apt-get.cc: - add an --assume-no option for testing to say 'no' to everything + * apt-pkg/deb/debmetaindex.cc: + - add trusted=yes option to mark unsigned (local) repository as trusted + based on a patch from Ansgar Burchardt, thanks a lot! (Closes: #596498) [ Michael Vogt ] * merge fixes from the debian/unstable upload * merge lp:~mvo/apt/sha512-template to get fixes for the sha1/md5 verifiation (closes: #632520) - -- David Kalnischkies Thu, 14 Jul 2011 12:01:53 +0200 + -- David Kalnischkies Thu, 14 Jul 2011 20:56:45 +0200 apt (0.8.16~exp2) experimental; urgency=low diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml index fab125b4e..bf8356348 100644 --- a/doc/sources.list.5.xml +++ b/doc/sources.list.5.xml @@ -117,8 +117,13 @@ arch=arch1,arch2,… can be used to specify for which architectures packages information should be downloaded. If this option is not set all architectures defined by the - APT::Architectures option will be downloaded. - + APT::Architectures option will be downloaded. + trusted=yes can be set to indicate that packages + from this source are always authenificated even if the Release file + is not signed or the signature can't be checked. This disables parts of &apt-secure; + and should therefore only be used in a local and trusted context. trusted=no + is the opposite which handles even correctly authenificated sources as not authenificated. + It is important to list sources in order of preference, with the most preferred source listed first. Typically this will result in sorting diff --git a/test/integration/test-bug-596498-trusted-unsigned-repo b/test/integration/test-bug-596498-trusted-unsigned-repo new file mode 100755 index 000000000..6ebc4a3bb --- /dev/null +++ b/test/integration/test-bug-596498-trusted-unsigned-repo @@ -0,0 +1,47 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'i386' + +buildsimplenativepackage 'cool' 'i386' '1.0' 'unstable' + +setupaptarchive + +aptgetupdate() { + rm -rf rootdir/var/lib/apt/ rootdir/var/cache/apt/*.bin + aptget update -qq +} + +PKGTEXT="$(aptget install cool --assume-no -d | head -n 7)" +DEBFILE='rootdir/etc/apt/sources.list.d/apt-test-unstable-deb.list' + +testequal "$PKGTEXT +Download complete and in download only mode" aptget install cool --assume-no -d + +sed -i -e 's#deb#deb [trusted=no]#' $DEBFILE +aptgetupdate + +testequal "$PKGTEXT +WARNING: The following packages cannot be authenticated! + cool +Install these packages without verification [y/N]? N +E: Some packages could not be authenticated" aptget install cool --assume-no -d + +find aptarchive/ \( -name 'Release.gpg' -o -name 'InRelease' \) -delete +sed -i -e 's#deb \[trusted=no\]#deb#' $DEBFILE +aptgetupdate + +testequal "$PKGTEXT +WARNING: The following packages cannot be authenticated! + cool +Install these packages without verification [y/N]? N +E: Some packages could not be authenticated" aptget install cool --assume-no -d + +sed -i -e 's#deb#deb [trusted=yes]#' $DEBFILE +aptgetupdate + +testequal "$PKGTEXT +Download complete and in download only mode" aptget install cool --assume-no -d -- cgit v1.2.3