From 7aeab5cb220c0a6ddfbbf9335276940a3a096fb4 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 13 Oct 2014 07:26:27 +0200 Subject: display a warning for unsigned repos The same message is used for InRelease if fails in gpgv, but the Release/Release.gpg duo needs to handle the failing download case as well (InRelease just defers to the duo if download fails) and print a message accompaning the insecure error to provide a hint on what is going on. --- apt-pkg/acquire-item.cc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 3e4016ac6..6731e07d5 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1738,6 +1738,10 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ // check if we need to fail at this point if (AuthPass == true && CheckStopAuthentication(RealURI, Message)) return; + else if (AuthPass == false) + _error->Warning(_("The data from '%s' is not signed. Packages " + "from that repository can not be authenticated."), + URIDesc.c_str()); // FIXME: meh, this is not really elegant string InReleaseURI = RealURI.replace(RealURI.rfind("Release.gpg"), 12, -- cgit v1.2.3