From 3bcecba71aa89511b17a8dbd9e176d8e88dc8be3 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Fri, 1 Feb 2019 14:43:52 +0100
Subject: Add a Packages-Require-Authorization Release file field

This new field allows a repository to declare that access to
packages requires authorization. The current implementation will
set the pin to -32768 if no authorization has been provided in
the auth.conf(.d) files.

This implementation is suboptimal in two aspects:
(1) A repository should behave more like NotSource repositories
(2) We only have the host name for the repository, we cannot use
    paths yet.

- We can fix those after an ABI break.

The code also adds a check to acquire-item.cc to not use the
specified repository as a download source, mimicking NotSource.

(cherry picked from commit c2b9b0489538fed4770515bd8853a960b13a2618)
LP: #1814727
(cherry picked from commit d75162bc67d5a1a690eb2a8747d31ad68353823e)
(cherry picked from commit 19075f52174199fe7665334ad1815c747c26c10b)
---
 apt-pkg/contrib/netrc.cc | 35 +++++++++++++++++++++++++++++++++++
 apt-pkg/contrib/netrc.h  |  4 ++++
 2 files changed, 39 insertions(+)

(limited to 'apt-pkg/contrib')

diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index 8840de72c..9c40aec05 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -14,6 +14,8 @@
 #include <config.h>
 
 #include <apt-pkg/configuration.h>
+#include <apt-pkg/error.h>
+#include <apt-pkg/fileutl.h>
 #include <apt-pkg/strutl.h>
 
 #include <iostream>
@@ -202,6 +204,39 @@ void maybe_add_auth (URI &Uri, string NetRCFile)
   }
 }
 
+/* Check if we are authorized. */
+bool IsAuthorized(pkgCache::PkgFileIterator const I)
+{
+  std::vector<std::string> authconfs;
+   if (authconfs.empty())
+   {
+      _error->PushToStack();
+      auto const netrc = _config->FindFile("Dir::Etc::netrc");
+      if (not netrc.empty())
+	 authconfs.push_back(netrc);
+
+      auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts");
+      if (not netrcparts.empty())
+      {
+	 for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true))
+	    authconfs.push_back(netrc);
+      }
+      _error->RevertToStack();
+   }
+
+   // FIXME: Use the full base url
+   URI uri(std::string("http://") + I.Site() + "/");
+   for (auto &authconf : authconfs)
+   {
+      maybe_add_auth(uri, authconf);
+
+      if (not uri.User.empty() || not uri.Password.empty())
+	 return true;
+   }
+
+   return false;
+}
+
 #ifdef DEBUG
 int main(int argc, char* argv[])
 {
diff --git a/apt-pkg/contrib/netrc.h b/apt-pkg/contrib/netrc.h
index b5b56f5d4..dbe2e1637 100644
--- a/apt-pkg/contrib/netrc.h
+++ b/apt-pkg/contrib/netrc.h
@@ -14,9 +14,12 @@
 #ifndef NETRC_H
 #define NETRC_H
 
+#include <memory>
 #include <string>
+#include <vector>
 
 #include <apt-pkg/macros.h>
+#include <apt-pkg/pkgcache.h>
 
 #ifndef APT_8_CLEANER_HEADERS
 #include <apt-pkg/strutl.h>
@@ -28,4 +31,5 @@
 class URI;
 
 void maybe_add_auth (URI &Uri, std::string NetRCFile);
+bool IsAuthorized(pkgCache::PkgFileIterator const I) APT_HIDDEN;
 #endif
-- 
cgit v1.2.3