From 3bcecba71aa89511b17a8dbd9e176d8e88dc8be3 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 1 Feb 2019 14:43:52 +0100 Subject: Add a Packages-Require-Authorization Release file field This new field allows a repository to declare that access to packages requires authorization. The current implementation will set the pin to -32768 if no authorization has been provided in the auth.conf(.d) files. This implementation is suboptimal in two aspects: (1) A repository should behave more like NotSource repositories (2) We only have the host name for the repository, we cannot use paths yet. - We can fix those after an ABI break. The code also adds a check to acquire-item.cc to not use the specified repository as a download source, mimicking NotSource. (cherry picked from commit c2b9b0489538fed4770515bd8853a960b13a2618) LP: #1814727 (cherry picked from commit d75162bc67d5a1a690eb2a8747d31ad68353823e) (cherry picked from commit 19075f52174199fe7665334ad1815c747c26c10b) --- apt-pkg/contrib/netrc.cc | 35 +++++++++++++++++++++++++++++++++++ apt-pkg/contrib/netrc.h | 4 ++++ 2 files changed, 39 insertions(+) (limited to 'apt-pkg/contrib') diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc index 8840de72c..9c40aec05 100644 --- a/apt-pkg/contrib/netrc.cc +++ b/apt-pkg/contrib/netrc.cc @@ -14,6 +14,8 @@ #include #include +#include +#include #include #include @@ -202,6 +204,39 @@ void maybe_add_auth (URI &Uri, string NetRCFile) } } +/* Check if we are authorized. */ +bool IsAuthorized(pkgCache::PkgFileIterator const I) +{ + std::vector authconfs; + if (authconfs.empty()) + { + _error->PushToStack(); + auto const netrc = _config->FindFile("Dir::Etc::netrc"); + if (not netrc.empty()) + authconfs.push_back(netrc); + + auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts"); + if (not netrcparts.empty()) + { + for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true)) + authconfs.push_back(netrc); + } + _error->RevertToStack(); + } + + // FIXME: Use the full base url + URI uri(std::string("http://") + I.Site() + "/"); + for (auto &authconf : authconfs) + { + maybe_add_auth(uri, authconf); + + if (not uri.User.empty() || not uri.Password.empty()) + return true; + } + + return false; +} + #ifdef DEBUG int main(int argc, char* argv[]) { diff --git a/apt-pkg/contrib/netrc.h b/apt-pkg/contrib/netrc.h index b5b56f5d4..dbe2e1637 100644 --- a/apt-pkg/contrib/netrc.h +++ b/apt-pkg/contrib/netrc.h @@ -14,9 +14,12 @@ #ifndef NETRC_H #define NETRC_H +#include #include +#include #include +#include #ifndef APT_8_CLEANER_HEADERS #include @@ -28,4 +31,5 @@ class URI; void maybe_add_auth (URI &Uri, std::string NetRCFile); +bool IsAuthorized(pkgCache::PkgFileIterator const I) APT_HIDDEN; #endif -- cgit v1.2.3