From b381a482eab0fc7b65b63cf0512ef1f97d775e34 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 14 Aug 2015 11:49:45 +0200 Subject: Replace --force-yes by various options starting with --allow This enables more fine grained control over such exceptions. --- apt-private/private-cmndline.cc | 3 + apt-private/private-download.cc | 6 +- apt-private/private-install.cc | 43 ++++++---- doc/apt-get.8.xml | 26 +++++- test/integration/test-allow | 98 ++++++++++++++++++++++ .../integration/test-apt-get-update-unauth-warning | 2 +- test/integration/test-apt-never-markauto-sections | 2 +- test/integration/test-apt-update-nofallback | 2 +- test/integration/test-apt-update-rollback | 4 +- ...bug-712116-dpkg-pre-install-pkgs-hook-multiarch | 2 +- test/integration/test-releasefile-verification | 4 +- 11 files changed, 167 insertions(+), 25 deletions(-) create mode 100755 test/integration/test-allow diff --git a/apt-private/private-cmndline.cc b/apt-private/private-cmndline.cc index fa8416824..487349c8c 100644 --- a/apt-private/private-cmndline.cc +++ b/apt-private/private-cmndline.cc @@ -202,6 +202,9 @@ static bool addArgumentsAPTGet(std::vector &Args, char const addArg(0,"ignore-hold","APT::Ignore-Hold",0); addArg(0,"upgrade","APT::Get::upgrade",0); addArg(0,"only-upgrade","APT::Get::Only-Upgrade",0); + addArg(0,"allow-change-held-packages","APT::Get::allow-change-held-packages",CommandLine::Boolean); + addArg(0,"allow-remove-essential","APT::Get::allow-remove-essential",CommandLine::Boolean); + addArg(0,"allow-downgrades","APT::Get::allow-downgrades",CommandLine::Boolean); addArg(0,"force-yes","APT::Get::force-yes",0); addArg(0,"print-uris","APT::Get::Print-URIs",0); addArg(0,"trivial-only","APT::Get::Trivial-Only",0); diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc index 099146187..18a9b1fbc 100644 --- a/apt-private/private-download.cc +++ b/apt-private/private-download.cc @@ -114,10 +114,12 @@ bool AuthPrompt(std::vector const &UntrustedList, bool const Prompt return true; } - else if (_config->FindB("APT::Get::Force-Yes",false) == true) + else if (_config->FindB("APT::Get::Force-Yes",false) == true) { + _error->Warning(_("--force-yes is deprecated, use one of the options starting with --allow instead.")); return true; + } - return _error->Error(_("There are problems and -y was used without --force-yes")); + return _error->Error(_("There were unauthenticated packages and -y was used without --allow-unauthenticated")); } /*}}}*/ bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure)/*{{{*/ diff --git a/apt-private/private-install.cc b/apt-private/private-install.cc index d2b4bed51..96e33f7de 100644 --- a/apt-private/private-install.cc +++ b/apt-private/private-install.cc @@ -58,7 +58,8 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask, bool Safety) } } - bool Fail = false; + bool Hold = false; + bool Downgrade = false; bool Essential = false; // Show all the various warning indicators @@ -66,13 +67,17 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask, bool Safety) ShowNew(c1out,Cache); if (ShwKept == true) ShowKept(c1out,Cache); - Fail |= !ShowHold(c1out,Cache); + Hold = !ShowHold(c1out,Cache); if (_config->FindB("APT::Get::Show-Upgraded",true) == true) ShowUpgraded(c1out,Cache); - Fail |= !ShowDowngraded(c1out,Cache); + Downgrade = !ShowDowngraded(c1out,Cache); + if (_config->FindB("APT::Get::Download-Only",false) == false) Essential = !ShowEssential(c1out,Cache); - Fail |= Essential; + + // All kinds of failures + bool Fail = (Essential || Downgrade || Hold); + Stats(c1out,Cache); // Sanity check @@ -89,7 +94,25 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask, bool Safety) // No remove flag if (Cache->DelCount() != 0 && _config->FindB("APT::Get::Remove",true) == false) return _error->Error(_("Packages need to be removed but remove is disabled.")); - + + // Fail safe check + if (_config->FindI("quiet",0) >= 2 || + _config->FindB("APT::Get::Assume-Yes",false) == true) + { + if (_config->FindB("APT::Get::Force-Yes",false) == true) { + _error->Warning(_("--force-yes is deprecated, use one of the options starting with --allow instead.")); + } + + if (Fail == true && _config->FindB("APT::Get::Force-Yes",false) == false) { + if (Essential == true && _config->FindB("APT::Get::allow-remove-essential", false) == false) + return _error->Error(_("Essential packages were removed and -y was used without --allow-remove-essential.")); + if (Downgrade == true && _config->FindB("APT::Get::allow-downgrades", false) == false) + return _error->Error(_("Packages were downgraded and -y was used without --allow-downgrades.")); + if (Hold == true && _config->FindB("APT::Get::allow-change-held-packages", false) == false) + return _error->Error(_("Held packages were changed and -y was used without --allow-change-held-packages.")); + } + } + // Run the simulator .. if (_config->FindB("APT::Get::Simulate") == true) { @@ -173,15 +196,7 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask, bool Safety) if (CheckFreeSpaceBeforeDownload(_config->FindDir("Dir::Cache::Archives"), (FetchBytes - FetchPBytes)) == false) return false; - // Fail safe check - if (_config->FindI("quiet",0) >= 2 || - _config->FindB("APT::Get::Assume-Yes",false) == true) - { - if (Fail == true && _config->FindB("APT::Get::Force-Yes",false) == false) - return _error->Error(_("There are problems and -y was used without --force-yes")); - } - - if (Essential == true && Safety == true) + if (Essential == true && Safety == true && _config->FindB("APT::Get::allow-remove-essential", false) == false) { if (_config->FindB("APT::Get::Trivial-Only",false) == true) return _error->Error(_("Trivial Only specified but this is not a trivial operation.")); diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml index 81a9036c4..76a53aec2 100644 --- a/doc/apt-get.8.xml +++ b/doc/apt-get.8.xml @@ -429,12 +429,36 @@ Configuration Item: APT::Get::Only-Upgrade. + + This is a dangerous option that will cause apt to continue + without prompting if it is doing downgrades. It + should not be used except in very special situations. Using + it can potentially destroy your system! + Configuration Item: APT::Get::allow-downgrades. Introduced in APT 1.1. + + + + Force yes; this is a dangerous option that will cause apt to continue + without prompting if it is removing essentials. It + should not be used except in very special situations. Using + it can potentially destroy your system! + Configuration Item: APT::Get::allow-remove-essential. Introduced in APT 1.1. + + + + Force yes; this is a dangerous option that will cause apt to continue + without prompting if it is changing held packages. It + should not be used except in very special situations. Using + it can potentially destroy your system! + Configuration Item: APT::Get::allow-change-held-packages. Introduced in APT 1.1. + + Force yes; this is a dangerous option that will cause apt to continue without prompting if it is doing something potentially harmful. It should not be used except in very special situations. Using force-yes can potentially destroy your system! - Configuration Item: APT::Get::force-yes. + Configuration Item: APT::Get::force-yes. This is deprecated and replaced by , , in 1.1. diff --git a/test/integration/test-allow b/test/integration/test-allow new file mode 100755 index 000000000..3d773ee95 --- /dev/null +++ b/test/integration/test-allow @@ -0,0 +1,98 @@ +#!/bin/sh +# +# Test for --allow-remove-essential and friends replacing --force-yes +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'amd64' + +insertpackage 'unstable' 'downgrade' 'all' '1' +insertinstalledpackage 'downgrade' 'all' '2' + +insertpackage 'unstable' 'hold' 'all' '2' +insertinstalledpackage 'hold' 'all' '1' + +insertinstalledpackage 'essential' 'all' '1' 'Essential: yes' + +setupaptarchive + +testsuccess aptmark hold hold + +# Test --allow-remove--essential + +testfailureequal 'Reading package lists... +Building dependency tree... +The following packages will be REMOVED: + essential +WARNING: The following essential packages will be removed. +This should NOT be done unless you know exactly what you are doing! + essential +0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded. +E: Essential packages were removed and -y was used without --allow-remove-essential.' aptget remove essential -y -s + +testsuccessequal 'Reading package lists... +Building dependency tree... +The following packages will be REMOVED: + essential +WARNING: The following essential packages will be removed. +This should NOT be done unless you know exactly what you are doing! + essential +0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded. +Remv essential [1]' aptget remove essential -y --allow-remove-essential -s + +# Test --allow-change-held-packages (should not influence dist-upgrade, but an install) + +testsuccessequal 'Reading package lists... +Building dependency tree... +Calculating upgrade... +The following packages have been kept back: + hold +0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.' aptget dist-upgrade --allow-change-held-packages -s + +testfailureequal 'Reading package lists... +Building dependency tree... +The following held packages will be changed: + hold +The following packages will be upgraded: + hold +1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +E: Held packages were changed and -y was used without --allow-change-held-packages.' aptget install hold -y -s + +testfailureequal 'Reading package lists... +Building dependency tree... +The following held packages will be changed: + hold +The following packages will be upgraded: + hold +1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +E: Held packages were changed and -y was used without --allow-change-held-packages.' aptget install hold -y -s + +testsuccessequal 'Reading package lists... +Building dependency tree... +The following held packages will be changed: + hold +The following packages will be upgraded: + hold +1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +Inst hold [1] (2 unstable [all]) +Conf hold (2 unstable [all])' aptget install hold -y -s --allow-change-held-packages + +# Test --allow-downgrades + +testfailureequal 'Reading package lists... +Building dependency tree... +The following packages will be DOWNGRADED: + downgrade +0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 1 not upgraded. +E: Packages were downgraded and -y was used without --allow-downgrades.' aptget install downgrade=1 -y -s + +testsuccessequal 'Reading package lists... +Building dependency tree... +The following packages will be DOWNGRADED: + downgrade +0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 1 not upgraded. +Inst downgrade [2] (1 unstable [all]) +Conf downgrade (1 unstable [all])' aptget install downgrade=1 --allow-downgrades -y -s diff --git a/test/integration/test-apt-get-update-unauth-warning b/test/integration/test-apt-get-update-unauth-warning index bc8e6d3ea..4c45f8f26 100755 --- a/test/integration/test-apt-get-update-unauth-warning +++ b/test/integration/test-apt-get-update-unauth-warning @@ -81,4 +81,4 @@ W: The repository 'file:$APTARCHIVE unstable Release' does not have a Release fi # ensure we can not install the package testfailureequal "WARNING: The following packages cannot be authenticated! foo -E: There are problems and -y was used without --force-yes" aptget install -qq -y foo +E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y foo diff --git a/test/integration/test-apt-never-markauto-sections b/test/integration/test-apt-never-markauto-sections index a469b4c15..9f490a1bd 100755 --- a/test/integration/test-apt-never-markauto-sections +++ b/test/integration/test-apt-never-markauto-sections @@ -65,7 +65,7 @@ testmarkedauto # test that installed/upgraded auto-pkgs are not set to manual -testsuccess aptget install browser=41 -y --force-yes +testsuccess aptget install browser=41 -y --allow-downgrades testmarkedmanual 'browser' 'dpkg' 'foreignpkg:i386' 'nosection' testmarkedauto diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback index 2f4ddc016..6e9db2cae 100755 --- a/test/integration/test-apt-update-nofallback +++ b/test/integration/test-apt-update-nofallback @@ -101,7 +101,7 @@ test_from_inrelease_to_unsigned_with_override() # but that the individual packages are still considered untrusted testfailureequal "WARNING: The following packages cannot be authenticated! evil -E: There are problems and -y was used without --force-yes" aptget install -qq -y evil +E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y evil } test_cve_2012_0214() diff --git a/test/integration/test-apt-update-rollback b/test/integration/test-apt-update-rollback index 646484e7b..503b81985 100755 --- a/test/integration/test-apt-update-rollback +++ b/test/integration/test-apt-update-rollback @@ -120,7 +120,7 @@ test_unauthenticated_to_invalid_inrelease() { listcurrentlistsdirectory > lists.before testfailureequal "WARNING: The following packages cannot be authenticated! old -E: There are problems and -y was used without --force-yes" aptget install -qq -y old +E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old # go to authenticated but not correct add_new_package '+1hour' @@ -133,7 +133,7 @@ E: Some index files failed to download. They have been ignored, or old ones used testfailure ls rootdir/var/lib/apt/lists/*_InRelease testfailureequal "WARNING: The following packages cannot be authenticated! old -E: There are problems and -y was used without --force-yes" aptget install -qq -y old +E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old } test_inrelease_to_unauth_inrelease() { diff --git a/test/integration/test-bug-712116-dpkg-pre-install-pkgs-hook-multiarch b/test/integration/test-bug-712116-dpkg-pre-install-pkgs-hook-multiarch index 62355a6b5..93a33d30f 100755 --- a/test/integration/test-bug-712116-dpkg-pre-install-pkgs-hook-multiarch +++ b/test/integration/test-bug-712116-dpkg-pre-install-pkgs-hook-multiarch @@ -48,7 +48,7 @@ DPkg::Tools::options::\"./${hook}-v${1}.sh\"::Version \"$1\";" > rootdir/etc/apt observehook() { rm -f ${hook}-v2.list ${hook}-v3.list msgtest 'Observe hooks while' "$*" - testsuccess --nomsg aptget "$@" -y --force-yes + testsuccess --nomsg aptget "$@" -y --allow-downgrades } testrun() { diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 06701c623..c4d1455eb 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -69,7 +69,7 @@ The following NEW packages will be installed: After this operation, 5370 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! apt -E: There are problems and -y was used without --force-yes' aptget install apt -dy +E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget install apt -dy } failaptnew() { @@ -83,7 +83,7 @@ The following NEW packages will be installed: After this operation, 5808 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! apt -E: There are problems and -y was used without --force-yes' aptget install apt -dy +E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget install apt -dy } # fake our downloadable file -- cgit v1.2.3