From c2b9b0489538fed4770515bd8853a960b13a2618 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 1 Feb 2019 14:43:52 +0100 Subject: Add a Packages-Require-Authorization Release file field This new field allows a repository to declare that access to packages requires authorization. The current implementation will set the pin to -32768 if no authorization has been provided in the auth.conf(.d) files. This implementation is suboptimal in two aspects: (1) A repository should behave more like NotSource repositories (2) We only have the host name for the repository, we cannot use paths yet. - We can fix those after an ABI break. The code also adds a check to acquire-item.cc to not use the specified repository as a download source, mimicking NotSource. --- apt-pkg/acquire-item.cc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'apt-pkg/acquire-item.cc') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 755e1fb59..bb3bc1b56 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -3394,6 +3395,7 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *const Owner, pkgSourceList *const Sourc StoreFilename.clear(); std::set targetComponents, targetCodenames, targetSuites; + std::vector> authconfs; for (auto Vf = Version.FileList(); Vf.end() == false; ++Vf) { auto const PkgF = Vf.File(); @@ -3401,6 +3403,8 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *const Owner, pkgSourceList *const Sourc continue; if (PkgF.Flagged(pkgCache::Flag::NotSource)) continue; + if (PkgF.Flagged(pkgCache::Flag::PackagesRequireAuthorization) && !IsAuthorized(PkgF, authconfs)) + continue; pkgIndexFile *Index; if (Sources->FindIndex(PkgF, Index) == false) continue; -- cgit v1.2.3