From 9cc0e2cab7c83ede99e21c70f248d884b8930983 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Sun, 16 Feb 2020 11:45:05 +0100 Subject: Revert "Add a Packages-Require-Authorization Release file field" This experiment did not turn out sensibly, as some servers do not accept credentials when none are expected and fail, so you cannot mirror such a repository. This reverts commit c2b9b0489538fed4770515bd8853a960b13a2618. --- apt-pkg/acquire-item.cc | 4 -- apt-pkg/contrib/netrc.cc | 43 --------------- apt-pkg/contrib/netrc.h | 4 -- apt-pkg/deb/debmetaindex.cc | 1 - apt-pkg/pkgcache.h | 8 ++- apt-pkg/policy.cc | 4 -- .../test-packages-require-authorization | 61 ---------------------- 7 files changed, 3 insertions(+), 122 deletions(-) delete mode 100755 test/integration/test-packages-require-authorization diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 92931d1d7..bbbda3bd3 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -25,7 +25,6 @@ #include #include #include -#include #include #include #include @@ -3387,7 +3386,6 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *const Owner, pkgSourceList *const Sourc Trusted = false; StoreFilename.clear(); - std::vector> authconfs; for (auto Vf = Version.FileList(); Vf.end() == false; ++Vf) { auto const PkgF = Vf.File(); @@ -3395,8 +3393,6 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *const Owner, pkgSourceList *const Sourc continue; if (PkgF.Flagged(pkgCache::Flag::NotSource)) continue; - if (PkgF.Flagged(pkgCache::Flag::PackagesRequireAuthorization) && !IsAuthorized(PkgF, authconfs)) - continue; pkgIndexFile *Index; if (Sources->FindIndex(PkgF, Index) == false) continue; diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc index 4f5206e6c..a6f408c0e 100644 --- a/apt-pkg/contrib/netrc.cc +++ b/apt-pkg/contrib/netrc.cc @@ -167,46 +167,3 @@ bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri) } return false; } - -/* Check if we are authorized. */ -bool IsAuthorized(pkgCache::PkgFileIterator const I, std::vector> &authconfs) -{ - if (authconfs.empty()) - { - _error->PushToStack(); - auto const netrc = _config->FindFile("Dir::Etc::netrc"); - if (not netrc.empty()) - { - authconfs.emplace_back(new FileFd()); - authconfs.back()->Open(netrc, FileFd::ReadOnly); - } - - auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts"); - if (not netrcparts.empty()) - { - for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true)) - { - authconfs.emplace_back(new FileFd()); - authconfs.back()->Open(netrc, FileFd::ReadOnly); - } - } - _error->RevertToStack(); - } - - // FIXME: Use the full base url - URI uri(std::string("https://") + I.Site() + "/"); - for (auto &authconf : authconfs) - { - if (not authconf->IsOpen()) - continue; - if (not authconf->Seek(0)) - continue; - - MaybeAddAuth(*authconf, uri); - - if (not uri.User.empty() || not uri.Password.empty()) - return true; - } - - return false; -} diff --git a/apt-pkg/contrib/netrc.h b/apt-pkg/contrib/netrc.h index c8a03a4b7..b13f18187 100644 --- a/apt-pkg/contrib/netrc.h +++ b/apt-pkg/contrib/netrc.h @@ -13,12 +13,9 @@ #ifndef NETRC_H #define NETRC_H -#include #include -#include #include -#include @@ -26,5 +23,4 @@ class URI; class FileFd; bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri); -bool IsAuthorized(pkgCache::PkgFileIterator const I, std::vector> &authconfs) APT_HIDDEN; #endif diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index a88b19807..2c0ab1d0d 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -915,7 +915,6 @@ bool debReleaseIndex::Merge(pkgCacheGenerator &Gen,OpProgress * /*Prog*/) const/ #undef APT_INRELEASE Section.FindFlag("NotAutomatic", File->Flags, pkgCache::Flag::NotAutomatic); Section.FindFlag("ButAutomaticUpgrades", File->Flags, pkgCache::Flag::ButAutomaticUpgrades); - Section.FindFlag("Packages-Require-Authorization", File->Flags, pkgCache::Flag::PackagesRequireAuthorization); return true; } diff --git a/apt-pkg/pkgcache.h b/apt-pkg/pkgcache.h index 3f77d5eae..fcfef012f 100644 --- a/apt-pkg/pkgcache.h +++ b/apt-pkg/pkgcache.h @@ -177,11 +177,9 @@ class pkgCache /*{{{*/ LocalSource=(1<<1), /*!< local sources can't and will not be verified by hashes */ NoPackages=(1<<2), /*!< the file includes no package records itself, but additions like Translations */ }; - enum ReleaseFileFlags - { - NotAutomatic = (1 << 0), /*!< archive has a default pin of 1 */ - ButAutomaticUpgrades = (1 << 1), /*!< (together with the previous) archive has a default pin of 100 */ - PackagesRequireAuthorization = (1 << 2), /*!< (together with the previous) archive has a default pin of 100 */ + enum ReleaseFileFlags { + NotAutomatic=(1<<0), /*!< archive has a default pin of 1 */ + ButAutomaticUpgrades=(1<<1), /*!< (together with the previous) archive has a default pin of 100 */ }; enum ProvidesFlags { MultiArchImplicit=pkgCache::Dep::MultiArchImplicit, /*!< generated internally, not spelled out in the index */ diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc index 5f9ece85f..70d63fedb 100644 --- a/apt-pkg/policy.cc +++ b/apt-pkg/policy.cc @@ -18,7 +18,6 @@ #include #include #include -#include #include #include #include @@ -85,7 +84,6 @@ pkgPolicy::pkgPolicy(pkgCache *Owner) : VerPins(nullptr), /* */ bool pkgPolicy::InitDefaults() { - std::vector> authconfs; // Initialize the priorities based on the status of the package file for (pkgCache::PkgFileIterator I = Cache->FileBegin(); I != Cache->FileEnd(); ++I) { @@ -96,8 +94,6 @@ bool pkgPolicy::InitDefaults() PFPriority[I->ID] = 100; else if (I.Flagged(pkgCache::Flag::NotAutomatic)) PFPriority[I->ID] = 1; - if (I.Flagged(pkgCache::Flag::PackagesRequireAuthorization) && !IsAuthorized(I, authconfs)) - PFPriority[I->ID] = NEVER_PIN; } // Apply the defaults.. diff --git a/test/integration/test-packages-require-authorization b/test/integration/test-packages-require-authorization deleted file mode 100755 index 527497ce5..000000000 --- a/test/integration/test-packages-require-authorization +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh -set -e - -TESTDIR="$(readlink -f "$(dirname "$0")")" -. "$TESTDIR/framework" -setupenvironment -configarchitecture 'amd64' - -insertpackage 'unstable' 'cool' 'amd64' '1.0' - -export APT_DONT_SIGN='InRelease' -setupaptarchive --no-update -changetowebserver - -echo 'Packages-Require-Authorization: yes' >> aptarchive/dists/unstable/Release -signreleasefiles - -testsuccess aptget update -testsuccessequal "Package files: - 100 ${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status - release a=now --32768 http://localhost:${APTHTTPPORT} unstable/main amd64 Packages - release a=unstable,n=sid,c=main,b=amd64 - origin localhost -Pinned packages:" aptcache policy - -mkdir rootdir/etc/apt/auth.conf.d -cat > rootdir/etc/apt/auth.conf.d/myauth.conf << EOF -machine localhost -login username -password usersPassword -EOF - - -testsuccessequal "Package files: - 100 ${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status - release a=now - 500 http://localhost:${APTHTTPPORT} unstable/main amd64 Packages - release a=unstable,n=sid,c=main,b=amd64 - origin localhost -Pinned packages:" aptcache policy - - -cat > rootdir/etc/apt/preferences.d/myauth.pref << EOF -Package: * -Pin: origin localhost -Pin-Priority: 990 - -Package: cool -Pin: origin localhost -Pin-Priority: 990 -EOF - -testsuccessequal "Package files: - 100 ${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status - release a=now - 990 http://localhost:${APTHTTPPORT} unstable/main amd64 Packages - release a=unstable,n=sid,c=main,b=amd64 - origin localhost -Pinned packages: - cool -> 1.0 with priority 990" aptcache policy -- cgit v1.2.3